A Human Information-Processing Analysis of Online Deception Detection - April 2016

Submitted by drwright on Thu, 03/10/2016 - 12:01pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Robert W. Proctor, Ninghui Li
Researchers: Jing Chen; Weining Yang; Aiping Xiong; Wanling Zou

HARD PROBLEM(S) ADDRESSED

Human Behavior - Predicting individual users’ judgments and decisions regarding possible online deception. Our research addresses this problem within the context of examining user decisions with regard to phishing attacks. This work is grounded within the scientific literature on human decision-making processes.

PUBLICATIONS

ACCOMPLISHMENT HIGHLIGHTS

We completed the field study of a phishing warning Chrome extension to a security symposium. We carried out a simulated phishing attack that bypassed the currently deployed defenses and reached almost all participants. Our results demonstrate the warning extension's ability to protect users against phishing, and the importance of combining skill training with understandable warning messages.
We finished the evaluation of the influence of domain highlighting on participants when judging the legitimacy of web pages. Instructions to attend to the address bar improved detection of fraudulent web pages, whereas domain highlighting had little influence. Analysis of eye-gaze fixation measures was in agreement with the task performance in general. However, participants’ visual attention distribution was impacted by the domain highlighting, implying that users lack knowledge of webpage security cues or how to use those cues.

Groups:

NCSU Science of Security Lablet Research Initiative