University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Simulating human detection of phishing websites: An investigation into the applicability of ACT-R cognitive behaviour architecture model

Wiiliams, Nick and Li, Shujun (2017) Simulating human detection of phishing websites: An investigation into the applicability of ACT-R cognitive behaviour architecture model In: 3rd IEEE International Conference on Cybernetics (CYBCONF 2017), 21 - 23 June 2017, Exeter, England.

[img]
Preview
Text
Human detection of phishing websites - CYBCON 2017 - camera-ready - FINAL.pdf - Accepted version Manuscript

Download (706kB) | Preview

Abstract

The prevalence and effectiveness of phishing attacks, despite the presence of a vast array of technical defences, are due largely to the fact that attackers are ruthlessly targeting what is often referred to as the weakest link in the system – the human. This paper reports the results of an investigation into how end users behave when faced with phishing websites and how this behaviour exposes them to attack. Specifically, the paper presents a proof of concept computer model for simulating human behaviour with respect to phishing website detection based on the ACT-R cognitive architecture, and draws conclusions as to the applicability of this architecture to human behaviour modelling within a phishing detection scenario. Following the development of a high-level conceptual model of the phishing website detection process, the study draws upon ACT-R to model and simulate the cognitive processes involved in judging the validity of a representative webpage based primarily around the characteristics of the HTTPS padlock security indicator. The study concludes that despite the low-level nature of the architecture and its very basic user interface support, ACT-R possesses strong capabilities which map well onto the phishing use case, and that further work to more fully represent the range of human security knowledge and behaviours in an ACT-R model could lead to improved insights into how best to combine technical and human defences to reduce the risk to end users from phishing attacks.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
NameEmailORCID
Wiiliams, NickUNSPECIFIEDUNSPECIFIED
Li, Shujunshujun.li@surrey.ac.ukUNSPECIFIED
Date : 23 June 2017
Copyright Disclaimer : © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Uncontrolled Keywords : Phishing, website, security, psychology, human behaviour, cognitive modelling, ACT-R
Depositing User : Melanie Hughes
Date Deposited : 26 May 2017 11:10
Last Modified : 23 Jun 2017 02:08
URI: http://epubs.surrey.ac.uk/id/eprint/841186

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800