research-article

A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings

Authors:

Md. Lutfor Rahman,

Leanne HirshfieldAuthors Info & Claims

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Pages 479 - 491

https://doi.org/10.1145/2810103.2813660

Published: 12 October 2015 Publication History

Abstract

Detecting phishing attacks (identifying fake vs. real websites) and heeding security warnings represent classical user-centered security tasks subjected to a series of prior investigations. However, our understanding of user behavior underlying these tasks is still not fully mature, motivating further work concentrating at the neuro-physiological level governing the human processing of such tasks.

We pursue a comprehensive three-dimensional study of phishing detection and malware warnings, focusing not only on what users' task performance is but also on how users process these tasks based on: (1) neural activity captured using Electroencephalogram (EEG) cognitive metrics, and (2) eye gaze patterns captured using an eye-tracker. Our primary novelty lies in employing multi-modal neuro-physiological measures in a single study and providing a near realistic set-up (in contrast to a recent neuro-study conducted inside an fMRI scanner). Our work serves to advance, extend and support prior knowledge in several significant ways. Specifically, in the context of phishing detection, we show that users do not spend enough time analyzing key phishing indicators and often fail at detecting these attacks, although they may be mentally engaged in the task and subconsciously processing real sites differently from fake sites. In the malware warning tasks, in contrast, we show that users are frequently reading, possibly comprehending, and eventually heeding the message embedded in the warning.

Our study provides an initial foundation for building future mechanisms based on the studied real-time neural and eye gaze features, that can automatically infer a user's "alertness" state, and determine whether or not the user's response should be relied upon.

References

[1]

B-Alert X-10 Set-Up Manual. http://www.biopac.com/Manuals/b-alert%20x10%20setup.pdf.

[2]

Emotiv EEG Headset. http://emotiv.com/.

[3]

Internet Users Demographics. http://www.pewinternet.org/data-trend/internet-use/latest-stats/. {Online; accessed 30-July-2015}.

[4]

Lumosity. www.lumosity.com .

[5]

MindAscend. www.mindascend.com .

[6]

Neurosky. http://neurosky.com/ .

[7]

SMI Eye-Tracking Glasses. http://eyetracking-glasses.com/ .

[8]

Tobi Gaze Glass. http://www.tobii.com/en/eye-tracking-research/global/landingpages/tobii-glasses-2/.

[9]

Devdatta Akhawe and Adrienne Porter Felt. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), pages 257--272, Washington, D.C., 2013. USENIX.

Digital Library

[10]

M. Arianezhad, L. J. Camp, T. Kelley, and D. Stebila. Comparative eye tracking of experts and novices in web single sign-on. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY '13, pages 105--116. ACM, 2013.

Digital Library

[11]

C. Berka, D. J. Levendowski, M. M. Cvetinovic, M. M. Petrovic, G. Davis, M. N. Lumicao, V. T. Zivkovic, M. V. Popovic, and R. Olmstead. Real-time analysis of eeg indexes of alertness, cognition, and memory acquired with a wireless eeg headset. International Journal of Human-Computer Interaction, 17(2):151--170, 2004.

[12]

C. Berka, D. J. Levendowski, M. N. Lumicao, A. Yau, G. Davis, V. T. Zivkovic, R. E. Olmstead, P. D. Tremoulet, and P. L. Craven. Eeg correlates of task engagement and mental workload in vigilance, learning, and memory tasks. Aviation, space, and environmental medicine, 78(Supplement 1):B231--B244, 2007.

[13]

C. Berka, D. J. Levendowski, C. K. Ramsey, G. Davis, M. N. Lumicao, K. Stanney, L. Reeves, S. H. Regli, P. D. Tremoulet, and K. Stibler. Evaluation of an eeg workload model in an aegis simulation environment. In Defense and security, pages 90--99. International Society for Optics and Photonics, 2005.

[14]

Bonnie Brinton Anderson and C. Brock Kirwan and Jeffrey L. Jenkins and David Eargle and Seth Howard and Anthony Vance. How polymorphic warnings reduce habituation in the brain: Insights from an fMRI study. In ACM Conference on Human Factors in Computing Systems, CHI, pages 2883--2892, 2015.

Digital Library

[15]

R. Chambers, B. C. Y. Lo, and N. B. Allen. The impact of intensive mindfulness training on attentional control, cognitive style, and affect. Cognitive Therapy and Research, 32(3):303--322, 2008.

[16]

D. Derryberry and M. A. Reed. Anxiety-related attentional biases and their regulation by attentional control. Journal of abnormal psychology, 111(2):225, 2002.

[17]

R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 581--590. ACM, 2006.

Digital Library

[18]

S. Egelman, L. F. Cranor, and J. Hong. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 1065--1074. ACM, 2008.

Digital Library

[19]

A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: User attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security, page 3. ACM, 2012.

Digital Library

[20]

B. Friedman, D. Hurley, D. C. Howe, E. Felten, and H. Nissenbaum. Users' conceptions of web security: A comparative study. In CHI'02 extended abstracts on Human factors in computing systems, pages 746--747. ACM, 2002.

Digital Library

[21]

F. C. Galán and C. R. Beal. Eeg estimates of engagement and cognitive workload predict math problem solving outcomes. In User Modeling, Adaptation, and Personalization, pages 51--62. Springer, 2012.

Digital Library

[22]

M. Huang, H. Bridge, M. J. Kemp, and A. J. Parker. Human cortical activity evoked by the assignment of authenticity when viewing works of art. Frontiers in human neuroscience, 5, 2011.

[23]

R. R. Johnson, D. P. Popovic, R. E. Olmstead, M. Stikic, D. J. Levendowski, and C. Berka. Drowsiness/alertness algorithm development and validation using synchronized eeg and cognitive performance to individualize a generalized model. Biological psychology, 87(2):241--250, 2011.

[24]

S. J. Luck. Ten simple rules for designing erp experiments. Event-related potentials: A methods handbook, 262083337, 2005.

[25]

I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, and D. Song. On the feasibility of side-channel attacks with brain-computer interfaces. In USENIX Security Symposium, pages 143--158, 2012.

Digital Library

[26]

A. Neupane, N. Saxena, K. Kuruvilla, M. Georgescu, and R. Kana. Neural signatures of user-centered security: An fMRI study of phishing, and malware warnings. In Proceedings of the Network and Distributed System Security Symposium (NDSS), pages 1--16, 2014.

[27]

J. H. Patton, M. S. Stanford, and E. S. Barratt. Factor structure of the Barratt impulsiveness scale. Journal of clinical psychology, (51):768--74, 1995.

[28]

R. S. Portnoff, L. N. Lee, S. Egelman, P. Mishra, D. Leung, and D. Wagner. Somebody's Watching Me? In Proceedings of the SIGCHI conference on Human Factors in computing systems, 2015.

[29]

M. Poythress, C. Russell, S. Siegel, P. Tremoulet, P. Craven, C. Berka, D. Levendowski, D. Chang, A. Baskin, R. Champney, et al. Correlation between expected workload and eeg indices of cognitive workload and task engagement. 2006.

[30]

D. D. Salvucci and J. H. Goldberg. Identifying fixations and saccades in eye-tracking protocols. In Proceedings of the 2000 symposium on Eye tracking research & applications, pages 71--78. ACM, 2000.

Digital Library

[31]

N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan. Secure device pairing based on a visual channel. In Security and Privacy, 2006 IEEE Symposium on, pages 6--pp. IEEE, 2006.

Digital Library

[32]

S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor's new security indicators. In Security and Privacy, 2007. SP'07. IEEE Symposium on, pages 51--65. IEEE, 2007.

Digital Library

[33]

S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 373--382. ACM, 2010.

Digital Library

[34]

J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying wolf: An empirical study of ssl warning effectiveness. In USENIX Security Symposium, pages 399--416, 2009.

Digital Library

[35]

Y.-Y. Tang, Y. Ma, J. Wang, Y. Fan, S. Feng, Q. Lu, Q. Yu, D. Sui, M. K. Rothbart, M. Fan, et al. Short-term meditation training improves attention and self-regulation. Proceedings of the National Academy of Sciences, 104(43):17152--17156, 2007.

[36]

A. Vance, B. B. Anderson, C. B. Kirwan, and D. Eargle. Using measures of risk perception to predict information security behavior: Insights from electroencephalography (eeg). Journal of the Association for Information Systems, 15(10):679--722, 2014.

[37]

T. Whalen and K. M. Inkpen. Gathering evidence: use of visual security cues in web browsers. In Proceedings of Graphics Interface 2005, pages 137--144. Canadian Human-Computer Communications Society, 2005.

Digital Library

[38]

G. F. Woodman. A brief introduction to the use of event-related potentials in studies of perception and attention. Attention, Perception, & Psychophysics, 72(8):2031--2046, 2010.

[39]

M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 601--610. ACM, 2006.

Digital Library

Cited By

Thomopoulos GLyras DFidas C(2024)A systematic review and research challenges on phishing cyberattacks from an electroencephalography and gaze-based perspectivePersonal and Ubiquitous Computing10.1007/s00779-024-01794-9Online publication date: 19-Mar-2024
https://doi.org/10.1007/s00779-024-01794-9
Alt FHassib MDistler V(2023)Human-centered Behavioral and Physiological SecurityProceedings of the 2023 New Security Paradigms Workshop10.1145/3633500.3633504(48-61)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3633500.3633504
Williams RMorrison BWiggins MBayl-Smith P(2023)The role of conscientiousness and cue utilisation in the detection of phishing emails in controlled and naturalistic settingsBehaviour & Information Technology10.1080/0144929X.2023.223030743:9(1842-1858)Online publication date: 5-Jul-2023
https://doi.org/10.1080/0144929X.2023.2230307
Show More Cited By

Index Terms

A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings
1. Computing methodologies
  1. Artificial intelligence
    1. Philosophical/theoretical foundations of artificial intelligence
      1. Cognitive science
2. Human-centered computing
  1. Human computer interaction (HCI)

Recommendations

A Multi-Modal Neuro-Physiological Study of Malicious Insider Threats
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security Threats

It has long been recognized that solutions to insider threat are mainly user-centric and several psychological and psychosocial models have been proposed. However, user behavior underlying these malicious acts is still not fully understood, motivating ...
Cognitive Neuroscience in Information Systems Research

This paper reviews cognitive neuroscience and several neurophysiological tools e.g., fMRI, PET, EEG, MEG, and eye tracking. The strengths and weaknesses of such tools for information systems research are presented. The paper provides examples of ...
Multi-modal EEG online visualization and neuro-feedback
ISNN'10: Proceedings of the 7th international conference on Advances in Neural Networks - Volume Part II

Brain computer interface (BCI) is a communication pathway between brain and peripheral devices, which is promising in the field of rehabilitation and helps to improve the life quality of physically challenged people Analysis of EEG signal is essential ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

October 2015

1750 pages

ISBN:9781450338325

DOI:10.1145/2810103

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Christopher Kruegel
University of California, Santa Barbara, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12 - 16, 2015

Colorado, Denver, USA

Acceptance Rates

CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
1,277
Total Downloads

Downloads (Last 12 months)96
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Thomopoulos GLyras DFidas C(2024)A systematic review and research challenges on phishing cyberattacks from an electroencephalography and gaze-based perspectivePersonal and Ubiquitous Computing10.1007/s00779-024-01794-9Online publication date: 19-Mar-2024
https://doi.org/10.1007/s00779-024-01794-9
Alt FHassib MDistler V(2023)Human-centered Behavioral and Physiological SecurityProceedings of the 2023 New Security Paradigms Workshop10.1145/3633500.3633504(48-61)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3633500.3633504
Williams RMorrison BWiggins MBayl-Smith P(2023)The role of conscientiousness and cue utilisation in the detection of phishing emails in controlled and naturalistic settingsBehaviour & Information Technology10.1080/0144929X.2023.223030743:9(1842-1858)Online publication date: 5-Jul-2023
https://doi.org/10.1080/0144929X.2023.2230307
Zeng MZhu FCarpenter S(2022)Dynamic WarningsInternational Journal of Information Security and Privacy10.4018/IJISP.30366216:1(1-28)Online publication date: 13-Jul-2022
https://doi.org/10.4018/IJISP.303662
Sutter TBozkir AGehring BBerlich P(2022)Avoiding the Hook: Influential Factors of Phishing Awareness Training on Click-Rates and a Data-Driven Approach to Predict Email Difficulty PerceptionIEEE Access10.1109/ACCESS.2022.320727210(100540-100565)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3207272
Jensen MWright RDurcikova AKarumbaiah S(2022)Improving Phishing Reporting Using Security GamificationJournal of Management Information Systems10.1080/07421222.2022.209655139:3(793-823)Online publication date: 26-Aug-2022
https://doi.org/10.1080/07421222.2022.2096551
Ivanov NLou JChen TLi JYan QCao JHo Au MLin ZYung M(2021)Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart ContractsProceedings of the 2021 ACM Asia Conference on Computer and Communications Security10.1145/3433210.3453085(787-801)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1145/3433210.3453085
Daoudi NAllix KBissyandé TKlein J(2021)Lessons Learnt on Reproducibility in Machine Learning Based Android Malware DetectionEmpirical Software Engineering10.1007/s10664-021-09955-726:4Online publication date: 1-Jul-2021
https://dl.acm.org/doi/10.1007/s10664-021-09955-7
Jampen DGür GSutter TTellenbach B(2020)Don’t click: towards an effective anti-phishing training. A comparative literature reviewHuman-centric Computing and Information Sciences10.1186/s13673-020-00237-710:1Online publication date: 9-Aug-2020
https://doi.org/10.1186/s13673-020-00237-7
Baki SVerma RGnawali OSun HShieh SGu GAteniese G(2020)Scam Augmentation and Customization: Identifying Vulnerable Users and Arming DefendersProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3384753(236-247)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3384753
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents