Numerous studies of human user behaviours in cybersecurity tasks have used traditional research methods, such as self-reported surveys or empirical experiments, to identify relationships between various factors of interest and user security performance. This work takes a different approach, applying computational cognitive modelling to research the decision-making of cybersecurity users. The model described here relies on cognitive memory chunk activation to analytically simulate the decision-making process of a user classifying legitimate and phishing emails. Suspicious-seeming cues in each email are processed by examining similar, past classifications in long-term memory. We manipulate five parameters (Suspicion Threshold; Maximum Cues Processed; Weight of Similarity; Flawed Perception Level; Legitimate-to-Phishing Email Ratio in long-term memory) to examine their effects on accuracy, email processing time and decision confidence. Furthermore, we have conducted an empirical, unattended study of US participants performing the same task. Analyses on the empirical study data and simulation output, especially clustering analysis, show that these two research approaches complement each other for more insightful understanding of this phishing detection task. The analyses also demonstrate several limitations of this computational model that cannot easily capture certain user types and phishing detection strategies, calling for a more dynamic and sophisticated model construction.
This paper presents a set of statistical analyses on an empirical study of phishing email sorting by real online users. Participants were assigned to multitasking and/or incentive conditions in unattended web-based tasks that are the most realistic in any comparable study to date. Our three stages of analyses included logistic regression models to identify individual phishing "cues" contributing to successful classifications, statistical significance tests assessing the links between participants' training experience and self-assessments of success to their actual performance, significance tests searching for significant demographic factors influencing task completion performance, and lastly kmeans clustering based on a range of performance measures and utilizing participants' demographic attributes. In particular, the results indicate that multitasking and incentives create complex dynamics while demographic traits and cybersecurity training can be informative predictors of user security behavior. These findings strongly support the benefits of security training and education and advocate for customized and differentiated interventions to increase users' success of correctly identifying phishing emails.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.