This is a blog for ACM Digital Threats: Research and Practice (DTRAP) and I like to talk about not just Digital Threats, but making your research better. That’s what this post is about.
In mathematics, a proof often starts with the words “Assume that…” It may not be in the first sentence, but ‘assume’ is there near the beginning. We start with assumptions as we usually explain why they fit. In fact, we often spend time explaining why our assumptions are valid.
The point is, we start with our assumptions up front and a proof is incorrect if we change them during the proof. We might use terms like “without loss of generality” but we can always justify them. In fact, we often justify them. And if proof starts with ‘Clearly, this is true’ (I really hate that phrase), there is an argument about why it is true.
So now that I talked math, you’re probably wondering why.
The point is, assumptions are prevalent in Cybersecurity research and we don’t always detail them when we start the research. We just jump off the cliff and into the unknown without a parachute (that’s assuming assumptions are parachutes. I may have written about jumping off cliffs just to write that sentence.)
One of the most common I see is that “my convenience sample is representative of the entire Internet, so I can infer things about the Internet based on what I happened to see”. This assumption can’t be justified. It’s a bad assumption and people try to slide past it in their research.
Be careful of the assumptions you make in your research. Don’t make bad assumptions, it creates a bad base for your research and can negate your results.