Applying Machine Learning Techniques to Understand User Behaviors When Phishing Attacks Occur

Applying Machine Learning Techniques to Understand User Behaviors When Phishing Attacks Occur

Emails have been widely used in our daily life. It is important to understand user behaviors regardingemail security situation assessments. However, there are very challenging and limited studies on email userbehaviors. To study user security-related behaviors, we design and investigate an email tes...

Full description

Bibliographic Details
Main Authors: Yi Li, Kaiqi Xiong, Xiangyang Li
Format: Article
Language:English
Published: European Alliance for Innovation (EAI) 2019-08-01
Series:EAI Endorsed Transactions on Security and Safety
Subjects:
user behavior
phishing emails
machine learning
security attacks
Online Access:https://eudl.eu/pdf/10.4108/eai.13-7-2018.162809
Description
Summary:Emails have been widely used in our daily life. It is important to understand user behaviors regardingemail security situation assessments. However, there are very challenging and limited studies on email userbehaviors. To study user security-related behaviors, we design and investigate an email test platform tounderstand how users behave differently when they read emails, some of which are phishing. Specifically,we conduct two experimental studies, where participants take part in our experiments on site in a labcontained environment and online through Amazon Mechanical Turk that are referred to on-site study andonline study, respectively. In the two experimental studies, we design questionnaires for the two studies anduse a set of emails including phishing emails from the real world with some necessary modifications forpersonal information protection. Furthermore, we develop necessary software tools to collect experimentaldata include participants’ basic background information, time measurement, mouse movement, and theiranswers to survey questions. Based on the collected data, we investigate what factors, such as intervention,phishing types, and an incentive mechanism, play a key role in user behaviors when phishing attacks occur.The difficulty of such investigation is due to the qualitative analysis of user behaviors and the limited numberof data in the on-site study. For these reasons, we develop an approach to quantify user behavior metricsand reduce the number of user attributes by evaluating the significance of each attribute and analyzingthe correlation of attributes. Moreover, we propose a machine learning framework, which contains attributereduction, to find a critical point that classifies the performance of a participant into either ‘good’ or ‘bad’through 10-fold cross-validation with randomly selected attributes cross-validation models. The proposedmachine learning model can be used to predict the performance of a user based on the user profile. Our dataanalysis shows that intervention and an incentive mechanism play a significant role while phishing type I ismore harmful to users compared to the other two types. The findings of this research can be used to help auser identify a phishing attack and prevent the user from being a victim of such an attack.
ISSN:2032-9393

Similar Items