Researchers from the University of Alabama at Birmingham (UAB) presented a study at the recent 2015 ACM Conference on Computer and Communications Security about users' susceptibility to, and ability to detect, certain cyberattacks. The researchers sought to better understand how users respond when trying to detect malware and phishing attacks by monitoring their neural activity using electroencephalograms (EEGs), cognitive metrics, and eye-tracking technology.
Nitesh Saxena, director of UAB's Security and Privacy In Emerging computing and networking Systems (SPIES) lab, says the research found users did not spend enough time analyzing phishing indicators, and often failed to detect phishing attacks, even though they seemed to be able to subconsciously tell the difference between real and fake sites. The opposite was true for malware, with users able to pay close attention to malware indicators.
Co-author Alaya Neupane says the study found during the malware tests users were working hard, engaged with warnings, and heeded them the majority of the time. Users' natural attention control, considered a personality trait, was shown to be highly correlated with their ability to spot phishing messages.
The researchers say their study could help other researchers develop new mechanisms to evaluate whether or not users' responses to malware and phishing warnings are likely to be reliable.
From UAB News
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA