Advertisement

Simulating Phishing Email Processing with Instance-Based Learning and Cognitive Chunk Activation

  • Matthew Shonman
  • Xiangyang Li
  • Haoruo Zhang
  • Anton Dahbura
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11309)

Abstract

We present preliminary steps applying computational cognitive modeling to research decision-making of cybersecurity users. Building from a recent empirical study, we adapt Instance-Based Learning Theory and ACT-R’s description of memory chunk activation in a cognitive model representing the mental process of users processing emails. In this model, a user classifies emails as phishing or legitimate by counting the number of suspicious-seeming cues in each email; these cues are themselves classified by examining similar, past classifications in long-term memory. When the sum of suspicious cues passes a threshold value, that email is classified as phishing. In a simulation, we manipulate three parameters (suspicion threshold; maximum number of cues processed; weight of similarity term) and examine their effects on accuracy, false positive/negative rates, and email processing time.

Keywords

Phishing Cognitive modeling Chunk activation 

Notes

Acknowledgement

This work is supported under the National Science Foundation Award No. 1544493.

References

  1. 1.
  2. 2.
    Anderson, J.R.: ACT: a simple theory of complex cognition. Am. Psychol. 51(4), 355–365 (1995)CrossRefGoogle Scholar
  3. 3.
    Gonzalez, C., Lerch, J.F., Lebiere, C.: Instance-based learning in dynamic decision making. Cogn. Sci. 27, 591–635 (2003)CrossRefGoogle Scholar
  4. 4.
    Gudkova, D., Vergelis, M., Shcherbakova, T., Demidova, N.: Spam and phishing in 2017. Securelist (2018). https://securelist.com/spam-and-phishing-in-2017/83833. Accessed 8 Oct 2018
  5. 5.
    Jones, R.M., et al.: Modeling and integrating cognitive agents within the emerging cyber domain. In: Interservice/Industry Training, Simulation, and Education Conference (2015)Google Scholar
  6. 6.
    Kaur, A., Dutt, V., Gonzalez, C.: Modelling the security analyst’s role: effects of similarity and past experience on cyber attack detection. In: Proceedings of the 22nd Annual Conference on Behavior Representation in Modeling and Simulation (2013)Google Scholar
  7. 7.
    Laird, J.: The Soar Cognitive Architecture. MIT Press, Cambridge (2012)Google Scholar
  8. 8.
    Molinaro, K., Bolton, M.L.: Evaluating the applicability of the double system lens model to the analysis of phishing email judgments. Comput. Secur. 77, 128–137 (2018).  https://doi.org/10.1016/j.cose.2018.03.012CrossRefGoogle Scholar
  9. 9.
    Veksler, V.D., Buchler, N.: Know your enemy: applying cognitive modeling in security domain. In: 38th Annual Meeting of the Cognitive Science Society, Philadelphia (2016)Google Scholar
  10. 10.
    Veksler, V.D., et al.: Simulations in cyber-security: a review of cognitive modeling of network attackers, defenders, and users. Front. Psychol. 9 (2018).  https://doi.org/10.3389/fpsyg.2018.00691
  11. 11.
    Vishwanath, A., Harrison, B., Ng, Y.J.: Suspicion, Cognition, Automaticity Model (SCAM) of Phishing Susceptibility. Communication Research (in-press)Google Scholar
  12. 12.
    Zhang, H., Singh, S., Li, X., Dahbura, A., Xie, M.: Multitasking and monetary incentive in a realistic phishing study. In: British Human Computer Interaction Conference (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Johns Hopkins University Information Security InstituteBaltimoreUSA

Personalised recommendations