A multi-modal neuro-physiological study of phishing detection and malware warnings

Ajaya Neupane, Md Lutfor Rahman, Nitesh Saxena, Leanne M Hirshfield

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Scopus citations

Abstract

Detecting phishing attacks (identifying fake vs. real websites) and heeding security warnings represent classical user-centered security tasks subjected to a series of prior investigations. However, our understanding of user behavior underlying these tasks is still not fully mature, motivating further work concentrating at the neurophysiological level governing the human processing of such tasks. We pursue a comprehensive three-dimensional study of phishing detection and malware warnings, focusing not only on what users' task performance is but also on how users process these tasks based on: (1) neural activity captured using Electroencephalogram (EEG) cognitive metrics, and (2) eye gaze patterns captured using an eyetracker. Our primary novelty lies in employing multi-modal neurophysiological measures in a single study and providing a near realistic set-up (in contrast to a recent neuro-study conducted inside an fMRI scanner). Our work serves to advance, extend and support prior knowledge in several significant ways. Specifically, in the context of phishing detection, we show that users do not spend enough time analyzing key phishing indicators and often fail at detecting these attacks, although they may be mentally engaged in the task and subconsciously processing real sites differently from fake sites. In the malware warning tasks, in contrast, we show that users are frequently reading, possibly comprehending, and eventually heeding the message embedded in the warning. Our study provides an initial foundation for building future mechanisms based on the studied real-time neural and eye gaze features, that can automatically infer a user's "alertness" state, and determine whether or not the user's response should be relied upon.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages479-491
Number of pages13
Volume2015-October
ISBN (Print)9781450338325
DOIs
StatePublished - Oct 12 2015
Event22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States
Duration: Oct 12 2015Oct 16 2015

Other

Other22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
CountryUnited States
CityDenver
Period10/12/1510/16/15

    Fingerprint

Keywords

  • EEG
  • Eye tracking
  • Malware warnings
  • Neuroscience
  • Phishing detection

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Neupane, A., Rahman, M. L., Saxena, N., & Hirshfield, L. M. (2015). A multi-modal neuro-physiological study of phishing detection and malware warnings. In Proceedings of the ACM Conference on Computer and Communications Security (Vol. 2015-October, pp. 479-491). Association for Computing Machinery. https://doi.org/10.1145/2810103.2813660