Skip to main content
Kent Academic Repository

Simulating human detection of phishing websites: An investigation into the applicability of ACT-R cognitive behaviour architecture model

Wiiliams, Nick, Li, Shujun (2017) Simulating human detection of phishing websites: An investigation into the applicability of ACT-R cognitive behaviour architecture model. In: Proceedings of 2017 3rd IEEE International Conference on Cybernetics. . pp. 471-478. IEEE, USA ISBN 978-1-5386-2201-8. E-ISBN 978-1-5386-2200-1. (doi:10.1109/CYBConf.2017.7985810) (KAR id:74278)

Abstract

The prevalence and effectiveness of phishing attacks, despite the presence of a vast array of technical defences, are due largely to the fact that attackers are ruthlessly targeting what is often referred to as the weakest link in the system – the human. This paper reports the results of an investigation into how end users behave when faced with phishing websites and how this behaviour exposes them to attack. Specifically, the paper presents a proof of concept computer model for simulating human behaviour with respect to phishing website detection based on the ACT-R cognitive architecture, and draws conclusions as to the applicability of this architecture to human behaviour modelling within a phishing detection scenario. Following the development of a high-level conceptual model of the phishing website detection process, the study draws upon ACT-R to model and simulate the cognitive processes involved in judging the validity of a representative webpage based primarily around the characteristics of the HTTPS padlock security indicator. The study concludes that despite the low-level nature of the architecture and its very basic user interface support, ACT-R possesses strong capabilities which map well onto the phishing use case, and that further work to more fully represent the range of human security knowledge and behaviours in an ACT-R model could lead to improved insights into how best to combine technical and human defences to reduce the risk to end users from phishing attacks.

Item Type: Conference or workshop item (Paper)
DOI/Identification number: 10.1109/CYBConf.2017.7985810
Uncontrolled keywords: Phishing, website, security, psychology, human behaviour, cognitive modelling, ACT-R
Subjects: B Philosophy. Psychology. Religion > BF Psychology
Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.9.H85 Human computer interaction
T Technology > TA Engineering (General). Civil engineering (General) > TA168 Systems engineering
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > TK7800 Electronics > TK7880 Applications of electronics > TK7885 Computer engineering. Computer hardware
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Depositing User: Shujun Li
Date Deposited: 06 Jun 2019 06:24 UTC
Last Modified: 05 Nov 2024 12:37 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/74278 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.