Modelling User-Phishing Interaction

Xun Dong; John A. Clark; Jeremy Jacob

Modelling User-Phishing Interaction

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

To protect users from phishing attacks system designers and security professionals need to understand how users interact with those attacks and be able to predict users' behaviours in a given situation. In this paper we introduce the first model to visualise user-phishing interaction. We present a method to accurately describe users' perceptions in a uniform and compact manner. Within the context of this model we have investigated: what exact mismatches may occur between perception and reality in an attack; how to detect those mismatches; and why users fail to do so. Using this model we also identify where the security tools/indicators are lacking, suggest new aspects for security evaluation for the user interface, and provide guidance on effective antiphishing user education.

Original language	English
Title of host publication	2008 CONFERENCE ON HUMAN SYSTEM INTERACTIONS, VOLS 1 AND 2
Place of Publication	NEW YORK
Publisher	IEEE
Pages	633-638
Number of pages	6
ISBN (Print)	978-1-4244-1542-7
Publication status	Published - 2008
Event	Conference on Human System Interactions - Cracow Duration: 25 May 2008 → 27 May 2008

Conference

Conference	Conference on Human System Interactions
City	Cracow
Period	25/05/08 → 27/05/08

Keywords

Phishing
User Interaction
Decision Making Model

Cite this

@inproceedings{19e8b1f8c95c480a948e17c6bd76824b,

title = "Modelling User-Phishing Interaction",

abstract = "To protect users from phishing attacks system designers and security professionals need to understand how users interact with those attacks and be able to predict users' behaviours in a given situation. In this paper we introduce the first model to visualise user-phishing interaction. We present a method to accurately describe users' perceptions in a uniform and compact manner. Within the context of this model we have investigated: what exact mismatches may occur between perception and reality in an attack; how to detect those mismatches; and why users fail to do so. Using this model we also identify where the security tools/indicators are lacking, suggest new aspects for security evaluation for the user interface, and provide guidance on effective antiphishing user education.",

keywords = "Phishing, User Interaction, Decision Making Model",

author = "Xun Dong and Clark, {John A.} and Jeremy Jacob",

year = "2008",

language = "English",

isbn = "978-1-4244-1542-7",

pages = "633--638",

booktitle = "2008 CONFERENCE ON HUMAN SYSTEM INTERACTIONS, VOLS 1 AND 2",

publisher = "IEEE",

address = "United States",

note = "Conference on Human System Interactions ; Conference date: 25-05-2008 Through 27-05-2008",

}

TY - GEN

T1 - Modelling User-Phishing Interaction

AU - Dong, Xun

AU - Clark, John A.

AU - Jacob, Jeremy

PY - 2008

Y1 - 2008

N2 - To protect users from phishing attacks system designers and security professionals need to understand how users interact with those attacks and be able to predict users' behaviours in a given situation. In this paper we introduce the first model to visualise user-phishing interaction. We present a method to accurately describe users' perceptions in a uniform and compact manner. Within the context of this model we have investigated: what exact mismatches may occur between perception and reality in an attack; how to detect those mismatches; and why users fail to do so. Using this model we also identify where the security tools/indicators are lacking, suggest new aspects for security evaluation for the user interface, and provide guidance on effective antiphishing user education.

AB - To protect users from phishing attacks system designers and security professionals need to understand how users interact with those attacks and be able to predict users' behaviours in a given situation. In this paper we introduce the first model to visualise user-phishing interaction. We present a method to accurately describe users' perceptions in a uniform and compact manner. Within the context of this model we have investigated: what exact mismatches may occur between perception and reality in an attack; how to detect those mismatches; and why users fail to do so. Using this model we also identify where the security tools/indicators are lacking, suggest new aspects for security evaluation for the user interface, and provide guidance on effective antiphishing user education.

KW - Phishing

KW - User Interaction

KW - Decision Making Model

UR - http://www.scopus.com/inward/record.url?scp=51849126916&partnerID=8YFLogxK

M3 - Conference contribution

SN - 978-1-4244-1542-7

SP - 633

EP - 638

BT - 2008 CONFERENCE ON HUMAN SYSTEM INTERACTIONS, VOLS 1 AND 2

PB - IEEE

CY - NEW YORK

T2 - Conference on Human System Interactions

Y2 - 25 May 2008 through 27 May 2008

ER -

Modelling User-Phishing Interaction

Abstract

Conference

Keywords

Other files and links

Defending the weakest link - Intrusion via ...

Cite this

Modelling User-Phishing Interaction

Abstract

Conference

Keywords

Other files and links

Projects

Defending the weakest link - Intrusion via ...

Cite this