TY - GEN
T1 - Neural underpinnings of website legitimacy and familiarity detection
T2 - 26th International World Wide Web Conference, WWW 2017
AU - Neupane, Ajaya
AU - Saxena, Nitesh
AU - Hirshfield, Leanne
N1 - Publisher Copyright:
© 2017 International World Wide Web Conference Committee (IW3C2).
PY - 2017
Y1 - 2017
N2 - In this paper, we study the neural underpinnings relevant to user-centered web security through the lens of functional near-infrared spectroscopy (fNIRS). Specifically, we design and conduct a fNIRS study to pursue a thorough investigation of users’ processing of legitimate vs. illegitimate and familiar vs. unfamiliar websites. We pinpoint the neural activity in these tasks as well as the brain areas that control such activity. We show that, at the neurological level, users process the legitimate websites differently from the illegitimate websites when subject to phishing attacks. Similarly, we show that users exhibit marked differences in the way their brains process the previously familiar websites from unfamiliar websites. These findings have several defensive and offensive implications. In particular, we discuss how these differences may be used by the system designers in the future to differentiate between legitimate and illegitimate websites automatically based on neural signals. Similarly, we discuss the potential for future malicious attackers, with access to neural signals, in compromising the privacy of users by detecting whether a website is previously familiar or unfamiliar to the user. Compared to prior research, our novelty lies in several aspects. First, we employ a neuroimaging methodology (fNIRS) not tapped into by prior security research for the problem domain we are studying. Second, we provide a focused study design and comprehensive investigation of the neural processing underlying the specific tasks of legitimate vs. illegitimate and familiar vs. unfamiliar websites. Third, we use an experimental set-up much more amenable to real-world settings, compared to previous fMRI studies. Beyond these scientific innovations, our work also serves to corroborate and extend several of the findings of the prior literature with independent methodologies, tools and settings.
AB - In this paper, we study the neural underpinnings relevant to user-centered web security through the lens of functional near-infrared spectroscopy (fNIRS). Specifically, we design and conduct a fNIRS study to pursue a thorough investigation of users’ processing of legitimate vs. illegitimate and familiar vs. unfamiliar websites. We pinpoint the neural activity in these tasks as well as the brain areas that control such activity. We show that, at the neurological level, users process the legitimate websites differently from the illegitimate websites when subject to phishing attacks. Similarly, we show that users exhibit marked differences in the way their brains process the previously familiar websites from unfamiliar websites. These findings have several defensive and offensive implications. In particular, we discuss how these differences may be used by the system designers in the future to differentiate between legitimate and illegitimate websites automatically based on neural signals. Similarly, we discuss the potential for future malicious attackers, with access to neural signals, in compromising the privacy of users by detecting whether a website is previously familiar or unfamiliar to the user. Compared to prior research, our novelty lies in several aspects. First, we employ a neuroimaging methodology (fNIRS) not tapped into by prior security research for the problem domain we are studying. Second, we provide a focused study design and comprehensive investigation of the neural processing underlying the specific tasks of legitimate vs. illegitimate and familiar vs. unfamiliar websites. Third, we use an experimental set-up much more amenable to real-world settings, compared to previous fMRI studies. Beyond these scientific innovations, our work also serves to corroborate and extend several of the findings of the prior literature with independent methodologies, tools and settings.
KW - FNIRS
KW - Phishing detection
KW - Privacy attacks
UR - http://www.scopus.com/inward/record.url?scp=85051515248&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85051515248&partnerID=8YFLogxK
U2 - 10.1145/3038912.3052702
DO - 10.1145/3038912.3052702
M3 - Conference contribution
AN - SCOPUS:85051515248
SN - 9781450349130
T3 - 26th International World Wide Web Conference, WWW 2017
SP - 1571
EP - 1580
BT - 26th International World Wide Web Conference, WWW 2017
PB - International World Wide Web Conferences Steering Committee
Y2 - 3 April 2017 through 7 April 2017
ER -