MORPHEUS: A Multidimensional Framework for Modeling, Measuring, and Mitigating Human Factors in Cybersecurity

• URL: http://arxiv.org/abs/2512.18303v1
• Date: Sat, 20 Dec 2025 10:27:37 GMT
• Title: MORPHEUS: A Multidimensional Framework for Modeling, Measuring, and Mitigating Human Factors in Cybersecurity
• Authors: Giuseppe Desolda, Francesco Greco, Rosa Lanzilotti, Cesare Tucci,
• Abstract summary: This paper introduces MORPHEUS, a framework that operationalizes human-centric security as a dynamic and interconnected system.<n>It consolidates 50 human factors influencing susceptibility to major cyberthreats, including phishing, malware, password management, and misconfigurations.<n>MorPHEUS links theory to practice through an inventory of 99 validated psychometric instruments, enabling empirical assessment and targeted intervention.
• Score: 4.343339158263096
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Current cybersecurity research increasingly acknowledges the human factor, yet remains fragmented, often treating user vulnerabilities as isolated and static traits. This paper introduces MORPHEUS, a holistic framework that operationalizes human-centric security as a dynamic and interconnected system. Grounded in the Cognition-Affect-Behavior (CAB) model and Attribution Theory, MORPHEUS consolidates 50 human factors influencing susceptibility to major cyberthreats, including phishing, malware, password management, and misconfigurations. Beyond factor identification, the framework systematically maps 295 documented interactions, revealing how cognitive, emotional, behavioral, and socio-organizational processes jointly shape security outcomes, and distills them into twelve recurring interaction mechanisms. MORPHEUS further links theory to practice through an inventory of 99 validated psychometric instruments, enabling empirical assessment and targeted intervention. We illustrate the framework's applicability through concrete operational scenarios, spanning risk diagnosis, training, and interface design. Overall, MORPHEUS provides a rigorous yet actionable foundation for advancing human-centered cybersecurity research and practice.

Related papers

• Behavioral Outcomes of Human Cognitive Security within an Integrative Modeling Framework [0.0]
  Information-based threats pose challenges to human cognitive processes and behavior.<n>There is no well-defined construct for characterizing the degree to which information-based threats influence changes in human judgments and decision-making.<n>Here, we introduce a human cognitive security construct focused on linking information-based threats to observable outcomes.
  arXiv  Detail & Related papers  (2026-03-02T01:26:12Z)
• The Silicon Psyche: Anthropomorphic Vulnerabilities in Large Language Models [0.2291770711277359]
  Large Language Models (LLMs) are rapidly transitioning from conversational assistants to autonomous agents embedded in critical organizational functions.<n>This paper presents the first systematic application of the Cybersecurity Psychology Framework (cpf), a 100-indicator taxonomy of human psychological vulnerabilities, to non-human cognitive agents.
  arXiv  Detail & Related papers  (2025-12-30T13:25:36Z)
• BEACON: A Unified Behavioral-Tactical Framework for Explainable Cybercrime Analysis with Large Language Models [0.10262304700896198]
  This paper proposes BEACON, a unified dual-dimension framework that integrates behavioral psychology with the tactical lifecycle of cybercrime.<n>A single large language model is fine-tuned using parameter-efficient learning to perform joint multi-label classification across both psychological and tactical dimensions.<n> Experiments conducted on a curated dataset of real-world and synthetically augmented cybercrime narratives demonstrate a 20 percent improvement in overall classification accuracy.
  arXiv  Detail & Related papers  (2025-12-06T19:59:24Z)
• AI Deception: Risks, Dynamics, and Controls [153.71048309527225]
  This project provides a comprehensive and up-to-date overview of the AI deception field.<n>We identify a formal definition of AI deception, grounded in signaling theory from studies of animal deception.<n>We organize the landscape of AI deception research as a deception cycle, consisting of two key components: deception emergence and deception treatment.
  arXiv  Detail & Related papers  (2025-11-27T16:56:04Z)
• Towards Emotionally Intelligent and Responsible Reinforcement Learning [0.40719854602160227]
  We propose a Responsible Reinforcement Learning framework that integrates emotional and contextual understanding with ethical considerations.<n>We introduce a multi-objective reward function that balances short-term behavioral engagement with long-term user well-being.<n>We discuss the implications of this approach for human-centric domains such as behavioral health, education, and digital therapeutics.
  arXiv  Detail & Related papers  (2025-11-13T18:09:37Z)
• DeceptionBench: A Comprehensive Benchmark for AI Deception Behaviors in Real-world Scenarios [57.327907850766785]
  characterization of deception across realistic real-world scenarios remains underexplored.<n>We establish DeceptionBench, the first benchmark that systematically evaluates how deceptive tendencies manifest across different domains.<n>On the intrinsic dimension, we explore whether models exhibit self-interested egoistic tendencies or sycophantic behaviors that prioritize user appeasement.<n>We incorporate sustained multi-turn interaction loops to construct a more realistic simulation of real-world feedback dynamics.
  arXiv  Detail & Related papers  (2025-10-17T10:14:26Z)
• A Method for Quantifying Human Risk and a Blueprint for LLM Integration [0.0]
  The Cybersecurity Psychology Framework (CPF) is a novel methodology for quantifying human-centric vulnerabilities in security operations.<n>CPF provides end-to-end operationalization across the full spectrum of psychological vulnerabilities.
  arXiv  Detail & Related papers  (2025-09-29T20:31:27Z)
• FIST: A Structured Threat Modeling Framework for Fraud Incidents [1.686366122228481]
  FIST is an innovative structured threat modeling methodology specifically designed for fraud scenarios.<n>It incorporates social engineering tactics, stage-based behavioral decomposition, and detailed attack technique mapping into a reusable knowledge base.<n>FIST aims to enhance the efficiency of fraud detection and the standardization of threat intelligence sharing.
  arXiv  Detail & Related papers  (2025-06-06T04:54:49Z)
• Comprehensive Survey on Adversarial Examples in Cybersecurity: Impacts, Challenges, and Mitigation Strategies [4.606106768645647]
  Ad adversarial examples (AE) pose a critical challenge to the robustness and reliability of deep learning-based systems.<n>This paper provides a comprehensive review of the impact of AE attacks on key cybersecurity applications.<n>We explore recent advancements in defense mechanisms, including gradient masking, adversarial training, and detection techniques.
  arXiv  Detail & Related papers  (2024-12-16T01:54:07Z)
• SoK: The Security-Safety Continuum of Multimodal Foundation Models through Information Flow and Game-Theoretic Defenses [58.93030774141753]
  Multimodal foundation models (MFMs) integrate diverse data modalities to support complex and wide-ranging tasks.<n>In this paper, we unify the concepts of safety and security in the context of MFMs by identifying critical threats that arise from both model behavior and system-level interactions.
  arXiv  Detail & Related papers  (2024-11-17T23:06:20Z)
• Decoding Susceptibility: Modeling Misbelief to Misinformation Through a Computational Approach [61.04606493712002]
  Susceptibility to misinformation describes the degree of belief in unverifiable claims that is not observable. Existing susceptibility studies heavily rely on self-reported beliefs. We propose a computational approach to model users' latent susceptibility levels.
  arXiv  Detail & Related papers  (2023-11-16T07:22:56Z)
• Active Inference in Robotics and Artificial Agents: Survey and Challenges [51.29077770446286]
  We review the state-of-the-art theory and implementations of active inference for state-estimation, control, planning and learning. We showcase relevant experiments that illustrate its potential in terms of adaptation, generalization and robustness.
  arXiv  Detail & Related papers  (2021-12-03T12:10:26Z)
• Epidemic mitigation by statistical inference from contact tracing data [61.04165571425021]
  We develop Bayesian inference methods to estimate the risk that an individual is infected. We propose to use probabilistic risk estimation in order to optimize testing and quarantining strategies for the control of an epidemic. Our approaches translate into fully distributed algorithms that only require communication between individuals who have recently been in contact.
  arXiv  Detail & Related papers  (2020-09-20T12:24:45Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.