Simulating Phishing Email Processing with Instance-Based Learning and Cognitive Chunk Activation

Shonman, Matthew; Li, Xiangyang; Zhang, Haoruo; Dahbura, Anton

doi:10.1007/978-3-030-05587-5_44

Cited by 7 publications

(12 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, they only needed to find enough evidence of suspicion to correctly classify a phishing email. This seems to support a similar strategy used in the simulation study of nomultitasking users as reported in [6].…”

Section: Figure 4 Clustering Of Participants In the Multitasking Consupporting

confidence: 84%

Understanding Security Behavior of Real Users: Analysis of a Phishing Study

Kang¹,

Shonman

Subramanya³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

This paper presents a set of statistical analyses on an empirical study of phishing email sorting by real online users. Participants were assigned to multitasking and/or incentive conditions in unattended web-based tasks that are the most realistic in any comparable study to date. Our three stages of analyses included logistic regression models to identify individual phishing "cues" contributing to successful classifications, statistical significance tests assessing the links between participants' training experience and self-assessments of success to their actual performance, significance tests searching for significant demographic factors influencing task completion performance, and lastly kmeans clustering based on a range of performance measures and utilizing participants' demographic attributes. In particular, the results indicate that multitasking and incentives create complex dynamics while demographic traits and cybersecurity training can be informative predictors of user security behavior. These findings strongly support the benefits of security training and education and advocate for customized and differentiated interventions to increase users' success of correctly identifying phishing emails.

show abstract

Section: Figure 4 Clustering Of Participants In the Multitasking Consupporting

confidence: 84%

Understanding Security Behavior of Real Users: Analysis of a Phishing Study

Kang¹,

Shonman

Subramanya³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…For clarity, the following sections outline the methodology only relevant to the subset of data used for the presented research. Other analyses on these data can be found in Shonman, Li, Zhang, and Dahbura (2018); Zhang, Singh, Li, Dahbura, and Xie (2018).…”

Section: Methodsmentioning

confidence: 99%

Using the Lens Model and Cognitive Continuum Theory to Understand the Effects of Cognition on Phishing Victimization

Molinaro

Bolton

2019

Proceedings of the Human Factors and Ergonomics Society Annual

View full text Add to dashboard Cite

With the growing threat of phishing emails and the limited effectiveness of current mitigation approaches, there is an urgent need to better understand what leads to phishing victimization. There is a limited body of phishing research that identified cognitive automaticity as a potential factor, but more research on the relationship between user cognition and victimization is needed. Additionally, the current phishing research has not considered the characteristics of the environment in which phishing judgments are made. To fill these gaps, this work used the analysis capabilities afforded by the double system lens model (a judgment analysis technique) and the cognitive continuum theory, specifically the task continuum index and the cognitive continuum index. By calculating a task continuum index score, the cognition best suited for the email sorting task was identified. This calculation resulted in a value which indicated that more analytical cognition was most effective. The cognitive continuum index score evaluated the participants’s cognition level while making judgments. The relationships between these measures and achievement were evaluated. Results indicated that more analytical cognition was associated with lower rates of phishing victimization. This work provides a deeper insight into the phishing problem and has implications for combating phishing.

show abstract

“…Our model of email sorting (in Shonman et al 2018 and in Section 3.2 below) adapts this work to describe step-by-step (cue-by-cue) processing of a suspicious email, adding additional parameters to introduce more complexity to each email judgment.…”

Section: Literature Reviewmentioning

confidence: 99%

“…In addition to predicting potential issues such as errors in decision making or delays in reaching a task goal, computational cognitive modeling sheds light into plausible causes, based on emerging cognitive conditions, to provide guidance toward an effective remedy. This paper builds upon our team's two recent efforts: a simulation study using computational cognitive modeling to examine cybersecurity decision-making (Shonman et al 2018) and a recent empirical study of users classifying emails as legitimate or phishing (Zhang et al 2018). The current work offers two contributions to this ongoing investigation:  We refine our original ACT-R-based cognitive model of phishing detection (Shonman et al 2018) by adding two model parameters to the original three, which lend greater complexity to our representations of both user perception of a suspect email and a user's past experience with phishing and legitimate emails.…”

Section: Introductionmentioning

confidence: 99%

“…This paper builds upon our team's two recent efforts: a simulation study using computational cognitive modeling to examine cybersecurity decision-making (Shonman et al 2018) and a recent empirical study of users classifying emails as legitimate or phishing (Zhang et al 2018). The current work offers two contributions to this ongoing investigation:  We refine our original ACT-R-based cognitive model of phishing detection (Shonman et al 2018) by adding two model parameters to the original three, which lend greater complexity to our representations of both user perception of a suspect email and a user's past experience with phishing and legitimate emails. We have conducted new simulations to observe this model's behavior on a range of input values.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Using a Computational Cognitive Model to Understand Phishing Classification Decisions

Shonman

Shi

Kang

et al. 2022

Electronic Workshops in Computing

View full text Add to dashboard Cite

Numerous studies of human user behaviours in cybersecurity tasks have used traditional research methods, such as self-reported surveys or empirical experiments, to identify relationships between various factors of interest and user security performance. This work takes a different approach, applying computational cognitive modelling to research the decision-making of cybersecurity users. The model described here relies on cognitive memory chunk activation to analytically simulate the decision-making process of a user classifying legitimate and phishing emails. Suspicious-seeming cues in each email are processed by examining similar, past classifications in long-term memory. We manipulate five parameters (Suspicion Threshold; Maximum Cues Processed; Weight of Similarity; Flawed Perception Level; Legitimate-to-Phishing Email Ratio in long-term memory) to examine their effects on accuracy, email processing time and decision confidence. Furthermore, we have conducted an empirical, unattended study of US participants performing the same task. Analyses on the empirical study data and simulation output, especially clustering analysis, show that these two research approaches complement each other for more insightful understanding of this phishing detection task. The analyses also demonstrate several limitations of this computational model that cannot easily capture certain user types and phishing detection strategies, calling for a more dynamic and sophisticated model construction.

show abstract

Simulating Phishing Email Processing with Instance-Based Learning and Cognitive Chunk Activation

Cited by 7 publications

References 6 publications

Understanding Security Behavior of Real Users: Analysis of a Phishing Study

Understanding Security Behavior of Real Users: Analysis of a Phishing Study

Using the Lens Model and Cognitive Continuum Theory to Understand the Effects of Cognition on Phishing Victimization

Using a Computational Cognitive Model to Understand Phishing Classification Decisions

Contact Info

Product

Resources

About