User-Centered Risk Communication for Safer Browsing

Das, Sanchari; Abbott, Jacob; Gopavaram, Shakthidhar; Blythe, Jim; Camp, L. Jean

doi:10.1007/978-3-030-54455-3_2

Cited by 6 publications

(2 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Anti-phishing tools are designed to detect phishing contents (Das et al, 2022;Shankar et al, 2019). These tools make use of different approaches which includes whitelisting and blacklisting of known legitimate and phishing URLs respectively or through the heuristics in URL and message content (Das et al, 2020;Zeydan et al, 2014). These tools are implemented at different application levels; client-side or sever-side and integrated into browsers or deployed on web portal (Khonji et al, 2013).…”

Section: Related Workmentioning

confidence: 99%

PhisherCop: Developing an NLP-Based Automated Tool for Phishing Detection

Noah¹,

Tayachew²,

Ryan³

et al. 2022

Proceedings of the Human Factors and Ergonomics Society Annual

Self Cite

View full text Add to dashboard Cite

Phishing poses a major security risk to organizations and individuals leading to loss of billions of dollars yearly. While risk communication serves as a tool to mitigate phishing attempts, it is imperative to create automated phishing detection tools. Numerous Natural Language Processing (NLP) approaches have been deployed to tackle phishing. However, phishing attempts continue to increase exponentially, which reiterates the need for more effective approach. To address this, we have developed an anti-phishing tool called; PhisherCop. PhisherCop is built upon Stochastic Gradient Descent classifier (SGD) and Support Vector Classifier (SVC) which showed an average accuracy of 96%, performing better than six other popular classifiers including: Decision Tree, Logistics Regression, Random Forest, Gradient Boosting Classifier, K-Nearest Neighbors and Multinomial Naive Bayes. Our tool is significant in distinguishing between phishing and legitimate content both over emails and text messages.

show abstract

Section: Related Workmentioning

confidence: 99%

PhisherCop: Developing an NLP-Based Automated Tool for Phishing Detection

Noah¹,

Tayachew²,

Ryan³

et al. 2022

Proceedings of the Human Factors and Ergonomics Society Annual

Self Cite

View full text Add to dashboard Cite

show abstract

“…Unlike physical security and privacy, which people have been dealing with for several thousands of years, information security and privacy continue to be abstract and ambiguous concepts for most individuals. Even computer savvy, college-educated individuals demonstrate difficulty in differentiating between important, everyday security concepts, such as differences between a spam email (Das, Abbott, Gopavaram, Blythe, & Camp, 2020) and a phishing attack (Das, Kim, Tingle, & Nippert-Eng, 2019). People regularly place inappropriate optimism on accessible security controls (e.g., security certificates or antivirus software) while discounting other essential and proactive security controls (e.g., software updates (Stallings, Brown, Bauer, & Bhattacharjee, 2012)).…”

Section: Prashanth Rajivan Phd Industrial and Systems Engineering University Of Washingtonmentioning

confidence: 99%

Humans and Technology for Inclusive Privacy and Security

Das

Gutzwiller

Roscoe

et al. 2020

Proceedings of the Human Factors and Ergonomics Society Annual

Self Cite

View full text Add to dashboard Cite

Computer security and user privacy are critical issues and concerns in the digital era due to both increasing users and threats to their data. Separate issues arise between generic cybersecurity guidance (i.e., protect all user data from malicious threats) and the individualistic approach of privacy (i.e., specific to users and dependent on user needs and risk perceptions). Research has shown that several security- and privacy-focused vulnerabilities are technological (e.g., software bugs (Streiff, Kenny, Das, Leeth, & Camp, 2018), insecure authentication (Das, Wang, Tingle, & Camp, 2019)), or behavioral (e.g., sharing passwords (Das, Dingman, & Camp, 2018); and compliance (Das, Dev, & Srinivasan, 2018) (Dev, Das, Rashidi, & Camp, 2019)). This panel proposal addresses a third category of sociotechnical vulnerabilities that can and sometimes do arise from non-inclusive design of security and privacy. In this panel, we will address users’ needs and desires for privacy. The panel will engage in in-depth discussions about value-sensitive design while focusing on potentially vulnerable populations, such as older adults, teens, persons with disabilities, and others who are not typically emphasized in general security and privacy concerns. Human factors have a stake in and ability to facilitate improvements in these areas.

show abstract