Debin Liu

PhD in Security Informatics at Indiana University
Home
Education
Employments
Research
Publications
Honors and Activities
Resume

Selected Projects




Internal Control in Banking Organizations


Problem:
An effective internal control is a critical component of bank management and a foundation for the safe and sound operation of banking organizations.

Problem solving:
  • Proposed a payment-based policy model of internal control;
  • Used the model to learn users’ behavior history;
  • Used the model to audit users’ behavior;
  • Completed economical evaluation and analysis.


Design of Incentive-Based Access Control


Problem:
Access exceptions are necessary in many industries. Employees ask for the exceptions to bypass controls in order to complete their organizational tasks. These exceptions, in the mean time, create vulnerabilities to internal frauds and pose excess organizational risk.

Problem solving:
  • Modeled users’ risk behavior;
  • Designed an Incentive-Based Access Control model to allow access exceptions, and meanwhile limit the organizational risk caused by granting the exceptions;
  • Conducted human-subject experimental evaluation.



Mitigation of Inadvertent Insider Threats with Incentives

Problem:
Inadvertent insiders are the individuals who do not have malicious intent but tend to behave irresponsibly. They have long been known as a grave security threat to organizations.

Problem solving:

  • Modeled inadvertent insider threats using incentive engineering;
  • Designed risk budget mechanism to visualize risks and regulate users’ risk behaviors;
  • Conducted human-subject experiments and game theoretic analysis.
 

Game Theoretic Modeling and Analysis of Malicious Insiders

Problem:
Malicious insiders have been considered to be one of the most serious threats to organizations’ information assets.

Problem solving:
  • Built a game theoretic modeling of the problem of malicious insider;
  • Analyzed insider threat and produced optimal defend strategy;
  • Completed two real-world case studies.
 

Evaluation and Analysis of Proof-of-Work Anti-Spam Mechanism

Problem:
Proof-of-Work is a set of cryptographic mechanisms increasing the cost of sending a message. It has been proposed as a candidate solution to the problem of spam.

Problem solving:
  • Construction and evaluation of mathematical model of Proof-of-Work grounded in cryptography and economics;
  • Proposed a mechanism against spam using Proof-of-Work combined with reputation systems.
 

Design and Analysis of Computer Risk Communication  

Problem:
Risk communication plays an important role in informing risks. It’s always a challenge to design an effect risk communication.

Problem solving:
  • Implemented mental models to analyze computer risk communication;
  • Built a Flash/PHP/MySQL Server-based online experiment system using pile sort for data collection;
  • Completed cluster analysis and proposed a mental model method for risk communication.
 

Evaluation of Phishing Education

Problem:
Phishing is a fraud scam conducted for the purposes of information theft. Phishing IQ test is believed to help individuals assess their vulnerability to phishing scams.

Problem solving:
  • Examined the change on a phishing IQ test before and after phishing education;
  • Drew statistical conclusion that suggests phishing education to improve performance fails.