評(píng)論
打印
Science and technology
科學(xué)技術(shù)
Computer security
計(jì)算機(jī)安全
Blame game
推脫責(zé)任
How to mimic human laxness with computers
如何用計(jì)算機(jī)模擬人類錯(cuò)誤
TO ERR is human, but to foul things up completely takes a computer, or so the old saw goes.
犯錯(cuò)是人類的天性,不過某些錯(cuò)誤要完全歸咎于電腦,
Although this may seem a little unfair to computers,
也種說法也說不過去。
a group of cybersecurity experts led by Jim Blythe of the University of Southern California are counting on there being at least some truth in the saying.
由南加州大學(xué)的Jim Blythe領(lǐng)導(dǎo)的一個(gè)網(wǎng)絡(luò)安全專家團(tuán)隊(duì)正在研究這種說法的背后是否真的存在著一些事實(shí)—雖然說這對(duì)于電腦有點(diǎn)不公平。
They have created a system for testing computer-security networks by making computers themselves simulate the sorts of human error that leave networks vulnerable.
他們?cè)O(shè)計(jì)了一個(gè)系統(tǒng)用來測(cè)試計(jì)算機(jī)的安全網(wǎng)絡(luò),在這個(gè)系統(tǒng)中 ,計(jì)算機(jī)將會(huì)模擬人類的各種錯(cuò)誤行動(dòng),正是這些導(dǎo)致了網(wǎng)絡(luò)的脆弱。
Mistakes by users are estimated to be responsible for as many as 60% of breaches of computer security.
與破壞計(jì)算機(jī)安全有關(guān)的事件中,由用戶自己制造的錯(cuò)誤估計(jì)占到60%。
Repeated warnings about being vigilant, for example,
例如,對(duì)于危險(xiǎn)頻繁的警告經(jīng)常被人們忽略,
often go unheeded as people fail to recognise the dangers of seemingly innocuous actions such as downloading files.
當(dāng)人們下載文件時(shí)這種看似無害的行為讓人很難意識(shí)到其中的危險(xiǎn)。
On top of that, some mistakes are actually the result of deliberation.
除此之外,一些錯(cuò)誤甚至是深思熟慮的結(jié)果。
Users—both regular staff and members of the information-technology department, who should know better—often disable security features on their computers,
正規(guī)的工作人員和信息技術(shù)部門的職員他們應(yīng)該對(duì)此有更好的了解—他們通常會(huì)關(guān)閉電腦上的安全功能,
because those features slow things down or make the computer more complicated to use.
因?yàn)檫@些功能會(huì)讓系統(tǒng)變慢或者許讓電腦使用起來更加復(fù)雜。
Yet according to Dr Blythe, such human factors are often overlooked when security systems are tested.
不過按照Blythe博士的說法,當(dāng)安全系統(tǒng)進(jìn)行測(cè)試時(shí),這樣的人為的因素往往忽略掉。
This is partly because it would be impractical to manipulate the behaviour of users in ways that would give meaningful results.
因?yàn)檫@種行為會(huì)產(chǎn)生的是有意義的結(jié)果,在某種程度上來講,模擬這種用戶的行為是不切實(shí)際的。
He and his colleagues have therefore created a way of testing security systems with computer programs called cognitive agents.
他和他的同事因此就設(shè)計(jì)了一種測(cè)試安全系統(tǒng)的方法,這種方法包含一種被稱之這認(rèn)知行為者的計(jì)算機(jī)程序。
These agents' motives and behaviours can be fine-tuned to mess things up with the same aplomb as a real employee.
這些行為者的動(dòng)機(jī)和行為與真實(shí)的雇員一樣有著相應(yīng)的沉著,它們可以進(jìn)行精確地調(diào)節(jié)來搞砸某些事情。
The difference is that what happened can be analysed precisely afterwards.
有所不同的就是事后可以精確地分析這些行為者所發(fā)生的行為。
Each agent represents a run-of-the-mill user, a manager or a member of the IT staff.
每個(gè)行為者都代表一個(gè)普通的用戶,一個(gè)經(jīng)理或者說是一個(gè)信息部門的員工。
It is given its own set of beliefs, desires and intentions, along with a job to do and a deadline by which that job must be done.
每個(gè)行為者有自己的一套信仰,要求和意圖,他們有工作并且必須在限定的時(shí)間內(nèi)完成該工作。
All operations connected with the job are mediated through a standard Microsoft Windows interface that is hooked up to the security system.
所有與工作有關(guān)的操作都將通過一個(gè)標(biāo)準(zhǔn)的微軟視窗界面進(jìn)行協(xié)調(diào),并且該界面與安全系統(tǒng)相連。
Agents can also be given group tasks, which in turn may be influenced by their own group dynamics.
同時(shí),可以給行為者們分配集體任務(wù),這些行為者的整體動(dòng)態(tài)反過來又可以影響它們自己。
Put simply, the agents can have friends, shared interests and power relations,
簡(jiǎn)而言之,這些行為者可以擁有朋友,共享利益與權(quán)力關(guān)系,
and can trust some agents more than others, all of which will affect how quickly they perform the job at hand.
還可以更加信任其他的一些行為者,所有的這些行為都將會(huì)影響他們完成手頭工作的進(jìn)度。
Another factor that can influence an agent's behaviour is its physiology.
另外一個(gè)可以影響到行為者行為的因素就是它們的生理狀態(tài)了。
Agents can get tired and become hungry, just like people.
行為者們就像人一樣,會(huì)疲倦,會(huì)饑餓。
According to Dr Blythe, we have focused mainly on fatigue, the physical need to take breaks at regular intervals,
據(jù)Blythe說,我們已經(jīng)集中于研究它們的疲勞了,行為者的身體需要定期的休息,
or the need to go to the bathroom.
或者需要去洗手間。
And agents may also skive off, choosing to switch to a spot of web browsing on a synthetic internet that the researchers have created for the purpose.
另外,行為者們也可能會(huì)偷懶,會(huì)切換到網(wǎng)頁去瀏覽一些網(wǎng)上的同步內(nèi)容——這些內(nèi)容研究人員故意設(shè)計(jì)出來的。
The team plans a full-scale test later this year,
該小組計(jì)劃于今年晚些時(shí)候進(jìn)行全面的測(cè)試,
but preliminary results, which Dr Blythe will present to the Association for the Advancement of Artificial Intelligence's 25th annual conference in San Francisco on August 9th, look promising.
不過初步的結(jié)果看起來很有希望,該結(jié)果將由Blythe博士在人工智能發(fā)展學(xué)會(huì)第25次年會(huì)上發(fā)布—會(huì)議將于8月9日在舊金山舉行。
For example, as users fall foul of so-called phishing attacks—giving away sensitive details such as passwords while browsing the internet,
例如,用戶們遇到的所謂的釣魚式攻擊—在瀏覽網(wǎng)頁的時(shí)候會(huì)泄露密碼等敏感信息,
or allowing code that corrupts work files to be downloaded—the ability of IT staff to cope with the consequences diminishes as they become increasingly overwhelmed and tired.
或者那些導(dǎo)致毀壞文件的代碼被下載下來—信息技術(shù)的工作人們處理這些問題的能力會(huì)隨著他們?cè)黾拥闹負(fù)?dān)和持續(xù)的疲倦而下降。
The next stage after applying emotional and physiological pressure to the agents is to apply financial pressure—by constraining,
在考察了情緒和生理的壓力后,下個(gè)階段將會(huì)對(duì)行為者引入財(cái)務(wù)的壓力因素的考察—
for example, an agent's income compared with the amount of money it needs to earn in order to meet its outgoings.
例如,與滿足一個(gè)行為者開支所需的收入相比,通過限制它的收入來實(shí)現(xiàn)關(guān)于這種因素的考察。
Doing this may tempt some agents to double deal.
這樣做的話,會(huì)使得一些行為者變得口是心非。
In time, then, Dr Blythe's agents may serve to vindicate another familiar saying about computers:
不久以后,Blythe博士的行為者或許就會(huì)證明另外一種關(guān)于電腦熟悉的說法:
that behind every error blamed on computers there are at least two human errors, including the error of blaming it on the computer.
每個(gè)人該指責(zé)的電腦背后至少有兩個(gè)人為的錯(cuò)誤,其中包括指責(zé)計(jì)算機(jī)錯(cuò)誤的這個(gè)錯(cuò)誤。
