Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability - January 2015
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Christopher Mayhorn, Emerson Murphy-Hill
Researchers: Allaire Welk, Olga Zielinska
HARD PROBLEM(S) ADDRESSED
- Human Behavior - This preliminary work in understanding how mental models vary between novice users, experts (such as IT professionals), and hackers should be useful in accomplishing the ultimate goal of the work: to build secure systems that reduce user vulnerability to phishing. Moreover, mapping out the mental models that underlie security-related decision making should also inform behavioral models of users, security-experts (i.e., system administrators), and adversaries seeking to exploit system functionality.
PUBLICATIONS
ACCOMPLISHMENT HIGHLIGHTS
- To assess the mental models of computer security novices (N=20), we developed a template for data analyses using Pathfinder to assess how these novices conceptualize security-related terms. This template will allow us to determine how computer security novices make decisions and whether or not they make errors of judgment due to misconceptions. Once we collect data from experts, we should be able to determine how their judgments vary from the novices which should result in topics of training that should promote system security.
- Completed data collection for 8 security experts recruited at the SoSL Community Meeting held on Oct. 24. 2014. Recruitment is ongoing to complete the data collection for this sample.
- Chris Mayhorn worked with Jen Golbeck and Michelle Mazurek (both from University of Maryland) and Lorrie Cranor (Carnegie-Mellon University) to submit a manuscript to IEEE Security & Privacy.
Groups: