Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability - April 2015

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Christopher Mayhorn, Emerson Murphy-Hill
Researchers: Allaire Welk, Olga Zielinska

HARD PROBLEM(S) ADDRESSED

• Human Behavior - This preliminary work in understanding how mental models vary between novice users, experts (such as IT professionals), and hackers should be useful in accomplishing the ultimate goal of the work: to build secure systems that reduce user vulnerability to phishing. Moreover, mapping out the mental models that underlie security-related decision making should also inform behavioral models of users, security-experts (i.e., system administrators), and adversaries seeking to exploit system functionality. 

PUBLICATIONS

• Allaire K. Welk, Christopher B. Mayhorn.  2015.  All Signals Go: Investigating How Individual Differences Affect Performance on a Medical Diagnosis Task Designed to Parallel a Signal Intelligence Analyst Task. Symposium and Bootcamp on the Science of Security (HotSoS).
• Christopher B. Mayhorn, Allaire K. Welk, Olga A. Zielinska, Emerson Murphy-Hill.  2015.  Assessing individual differences in a phishing detection task. International Ergonomics Association.
• Olga Zielinska, Allaire Welk, Christopher B. Mayhorn, Emerson Murphy-Hill.  2015.  Exploring expert and novice mental models of phishing. HotSoS: Symposium and Bootcamp on the Science of Security.

ACCOMPLISHMENT HIGHLIGHTS

• To obtain more data on social engineering strategies employed by phishers, we began meeting with corporate contacts at the NCSU University IT (Sarah Noelle) and the College of Education IT (Andy Raynor). Ultimately, we want to access frequency of attack, success of particular attacks, and categorize which social engineering tactics are "most effective" based on frequency data. Once these attack vectors have been isolated, we will determine how individual aspects of information are being manipulated.
• Completed data collection from 14 security experts so that we can extract their mental models using the Pathfinder analytic tool for comparison with the novice participants (n=20) collected earlier in the year. Given this data, we should be able to determine how their judgments vary from the novices which should result in topics of training that should promote system security.
• Chris Mayhorn served on the Program Committee for the HotSoS conference being held on April 21-22, 2015 at the University of Illinois at Urbana-Champaign.
• Graduate student research assistants, Olga Zielinska and Allaire Welk, had their work accepted for presentation at HotSoS.
• At the request of Adam Tagart and Katheen Prewitt, Chris Mayhorn developed a manuscript for publication in the next issue of The Next Wave.
• Lablet work will be presented at the International Ergonomics Association (IEA) August 2015. A proceedings paper is in press.
• Conference proceedings submissions have been completed for the HFES conference in Los Angeles in October 2015.