A Human Information-Processing Analysis of Online Deception Detection - January 2015

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Robert W. Proctor, Ninghui Li
Researchers: Jing Chen; Weining Yang

HARD PROBLEM(S) ADDRESSED

• Human Behavior - Predicting individual users’ judgments and decisions regarding possible online deception.  Our research addresses this problem within the context of examining user decisions with regard to phishing attacks. This work is grounded within the scientific literature on human decision-making processes.

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

ACCOMPLISHMENT HIGHLIGHTS

• Completed the design of our Google Chrome browser extension to protect against phishing attacks.  The extension displays a warning for domains that are not among the most popular 10,000 domains and reminds the user to be careful.  This has several unique features.  First, it generates warnings based on traffic rankings of the web domain.  This exploits the following facts: most targets of phishing attacks (e.g., ebay, taobao, amazon) are domains with high traffic rankings; the vast majority of phishing sites are hosted on newly registered domains or domains with low rankings; users may be surprised by a warning of low traffic ranking when they expect the domains to be popular.  Second, the extension highlights the domain portion of the URL, because many phishing sites use a different domain than the original site.    
• Finalized the method for implementing the study, "Browser Extension to Prevent Phishing Attack" and conducted pilot tests on the researchers to ensure that all desired data were being recorded appropriately.  The goal of the study is to evaluate experimentally whether the browser extension improves users' decisions in responding to possible phishing attacks.
• Initiated data collection for that study, including recruitment of participants on campus through fliers, installation of the browser extension on their laptop computers, and an initial information session for the participants.