User-Centered Phishing Detection through Personalized Edge Computing
Pages 283 - 287
Abstract
Ensuring user-centered phishing detection is a significant challenge due to the difficulty in distinguishing threats. To address this, we propose a personalized tool - Holistic User-Centered Identification of Threats at the Edge (HUCITE). Our system utilizes probabilistic logic to provide real-time risk estimates for local machines and employs simple cartoons as a user interface. Our approach focuses on identifying anomalies in a single machine and user browsing history for the generation of a personalized green list and global threat information for a shared red list. This approach enables blocking and identification of phishing websites, potentially malicious scripts, unfamiliar domains, and previously unencountered certificate authorities. By creating a zone of safety for a specific user and identifying departures from that zone, our approach addresses the limitations of traditional anomaly detection techniques. We present the underlying architecture and approach to local risk identification, reporting on an in-lab experiment involving 45 participants to test the effectiveness of our system in various stress conditions affecting users' phishing perception.
References
[1]
Anti-Phishing Working Group, Inc. 2023. APWG | Unifying The Global Response To Cybercrime. https://apwg.org Accessed: 2023--11--22.
[2]
Majid Arianezhad, L Jean Camp, Timothy Kelley, and Douglas Stebila. 2013. Comparative eye tracking of experts and novices in web single sign-on. In Proceedings of the third ACM conference on Data and application security and privacy. ACM, San Antonio, Texas, USA, 105--116.
[3]
Kevin Benton, L Jean Camp, and Vaibhav Garg. 2013. Studying the effectiveness of android application permissions requests. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2013 IEEE International Conference on. IEEE, San Diego, CA, USA, 291--296.
[4]
Kevin Benton, L Jean Camp, and Martin Swany. 2016. Bongo: A BGP speaker built for defending against bad routes. In MILCOM 2016--2016 IEEE Military Communications Conference. IEEE, MILCOM, Baltimore, MD, 735--739.
[5]
Kevin Butler, Patrick McDaniel, and William Aiello. 2006. Optimizing BGP Security by Exploiting Path Stability. https://doi.org/10.1145/1180405.1180442. In Proceedings of the 13th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA) (CCS '06). Association for Computing Machinery, New York, NY, USA, 298--310. https://doi.org/10.1145/1180405.1180442
[6]
Sanchari Das. 2020. A risk-reduction-based incentivization model for humancentered multi-factor authentication. Indiana University, Bloomington, Indiana.
[7]
Sanchari Das, Jacob Abbott, Shakthidhar Gopavaram, Jim Blythe, and L Jean Camp. 2020. User-centered risk communication for safer browsing. In Financial Cryptography and Data Security: FC 2020 International Workshops, AsiaUSEC, CoDeFi, VOTING, and WTSC, Kota Kinabalu, Malaysia, February 14, 2020, Revised Selected Papers 24. Springer, Springer, Kota Kinabalu, Sabah, Malaysia, 18--35.
[8]
Sanchari Das, Andrew Kim, and L Jean Camp. 2021. Organizational Security: Implementing a Risk-Reduction-Based Incentivization Model for MFA Adoption. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, Virtual, 1--8.
[9]
Sanchari Das, Andrew Kim, Zachary Tingle, and Christena Nippert-Eng. 2019. All About Phishing Exploring User Research through a Systematic Literature Review. In Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019). Springer, Nicosia, Cyprus, 1-- 10.
[10]
Sanchari Das, Christena Nippert-Eng, and L Jean Camp. 2022. Evaluating user susceptibility to phishing attacks. Information & Computer Security 30, 1 (2022), 1--18.
[11]
Sanchari Das, Bingxing Wang, Andrew Kim, and L Jean Camp. 2020. MFA is A Necessary Chore!: Exploring User Mental Models of Multi-Factor Authentication Technologies. In HICSS. AIS eLibrary, Virtual, 1--10.
[12]
C. Evans, C. Palmer, and R. Sleevi. 2015. Public Key Pinning Extension for HTTP. RFC 7469. Internet Engineering Task Force.
[13]
Nick Feamster and Hari Balakrishnan. 2005. Detecting BGP Configuration Faults with Static Analysis. In Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation - Volume 2 (NSDI'05). USENIX Association, USA, 43--56.
[14]
Vaibhav Garg, L Jean Camp, Katherine Connelly, and Lesa Lorenzen-Huber. 2012. Risk communication design: video vs. text. In Privacy Enhancing Technologies. Springer, Vigo, Spain, 279--298.
[15]
Shakthidhar Gopavaram, Jayati Dev, Marthie Grobler, DongInn Kim, Sanchari Das, and L Jean Camp. 2021. Cross-national study on phishing resilience. In Proceedings of the Workshop on Usable Security and Privacy (USEC). Network and Distributed System Security (NDSS), Virtual, 1--11.
[16]
Haejong Joo, Bonghwa Hong, and Sangsoo Kim. 2013. A Study on Smart Traffic Analysis and Smart Device Speed Measurement Platform. In Multimedia and Ubiquitous Engineering. Springer, Seoul, Korea, 569--574.
[17]
Timothy Kelley, Mary J Amon, and Bennett I Bertenthal. 2018. Statistical models for predicting threat detection from human behavior. Frontiers in psychology 9 (2018), 466.
[18]
B. Laurie, A. Langley, and E. Kasper. 2013. Certificate Transparency. RFC 6962. IETF.
[19]
C. Liao, H. Shuai, and L. Wang. 2018. Eavesdropping prevention for heterogeneous Internet of Things systems. In 2018 15th IEEE Annual Consumer Communications Networking Conference (CCNC). IEEE, Las Vegas, USA, 1--2. https: //doi.org/10.1109/CCNC.2018.8319297
[20]
Naheem Noah, Abebe Tayachew, Stuart Ryan, and Sanchari Das. 2022. Phisher- Cop: Developing an NLP-Based Automated Tool for Phishing Detection. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol. 66. SAGE Publications Sage CA: Los Angeles, CA, IEEE, San Francisco, CA, & Online, 2093--2097.
[21]
Prashanth Rajivan, Pablo Moriano, Timothy Kelley, and L Jean Camp. 2017. Factors in an End-User Security Expertise Instrument. Information & Computer Security 25, 2 (2017), 149--167. https://doi.org/10.1108/ICS-04--2017-0020
[22]
Johann Schlamp, Georg Carle, and Ernst W. Biersack. 2013. A Forensic Case Study on as Hijacking: The Attackers Perspective. https://doi.org/10.1145/ 2479957.2479959. SIGCOMM Comput. Commun. Rev. 43, 2 (April 2013), 5--12. https://doi.org/10.1145/2479957.2479959
[23]
Anne C Tally, Jacob Abbott, Ashley Bochner, Sanchari Das, and Christena Nippert-Eng. 2023. What mid-career professionals think, know, and feel about phishing: Opportunities for university it departments to better empower employees in their anti-phishing decisions. Proceedings of the ACM on Human- Computer Interaction 7, CSCW1 (2023), 1--27.
[24]
Anne Clara Tally, Jacob Abbott, Ashley M Bochner, Sanchari Das, and Christena Nippert-Eng. 2023. Tips, tricks, and training: Supporting anti-phishing awareness among mid-career office workers based on employees? current practices. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery (ACM), Hamburg, Germany, 1--13.
[25]
The Spamhaus Project SLU. 2023. The Spamhaus Project. https://www. spamhaus.org Accessed: 2023--11--22.
[26]
Janice Y Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. 2011. The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research 22, 2 (2011), 254--268.
[27]
Alex Tsow, Camilo Viecco, and L Jean Camp. 2007. Privacy-aware architecture for sharing web histories. IBM Systems Journal 3 (2007), 5--13.
[28]
Ploy Unchit, Sanchari Das, Andrew Kim, and L Jean Camp. 2020. Quantifying susceptibility to spear phishing in a high school environment using signal detection theory. In Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020. Springer, Springer, Mytilene, Lesbos, Greece - Virtual, 109--120.
[29]
MDN Webdocs. 2024. HTTP Public Key Pinning (HPKP). https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning.
[30]
Leah Zhang-Kennedy and Sonia Chiasson. 2014. Using Comics to Teach Users About Mobile Online Privacy. Technical Report. Technical Report TR-14-02, School of Computer Science, Carleton University, Ottawa, Canada.
Index Terms
- User-Centered Phishing Detection through Personalized Edge Computing
Recommendations
A Sender-Centric Approach to Detecting Phishing Emails
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber SecurityEmail-based online phishing is a critical security threat on the Internet. Although phishers have great flexibility in manipulating both the content and structure of phishing emails, phishers have much less flexibility in completely concealing the ...
How Experts Detect Phishing Scam Emails
CSCWPhishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails ...
Applicability of machine learning in spam and phishing email filtering: review and approaches
AbstractWith the influx of technological advancements and the increased simplicity in communication, especially through emails, the upsurge in the volume of unsolicited bulk emails (UBEs) has become a severe threat to global security and economy. Spam ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2024
755 pages
ISBN:9798400711145
DOI:10.1145/3678884
- General Chairs:
- Rosta Farzan,
- Claudia López,
- Program Chairs:
- Daniel Cardoso Llach,
- Daniele Quercia,
- Maryam Mustafa,
- Shuo Niu,
- Marisol Wong-Villacrés
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-NonCommercial International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 November 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- US Department of Defense
- National Science Foundation
- U.S. Department of Homeland Security
Conference
CSCW '24
Sponsor:
CSCW '24: The 27th ACM Conference on Computer-Supported Cooperative Work and Social Computing
November 9 - 13, 2024
San Jose, Costa Rica
Acceptance Rates
Overall Acceptance Rate 2,235 of 8,521 submissions, 26%
Upcoming Conference
CSCW '25
- Sponsor:
- sigchi
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 39Total Downloads
- Downloads (Last 12 months)39
- Downloads (Last 6 weeks)39
Reflects downloads up to 18 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in