Toward Personalized Adaptive Anti-Phishing Training and Automated Assistants

pdf

ABSTRACT

To advance the state-of-the-art in anti-phishing training methods in the cyber-world, our research aims to build a system and method for using cognitive models to drive an adaptive, personalized training tool for improving phishing detection accuracy. Traditional anti-phishing training is often non-personalized and does not typically account for human experiential learning. We propose that phishing susceptibility can be modeled as decisions from experience, in accordance with instance-based learning theory (IBLT; Gonzalez et al., 2003). Using a combination of IBL models, grounded in a cognitive architecture (e.g., ACT-R; Anderson & Lebiere, 1998), and model/knowledge-tracing techniques, we

propose a system that uses cognitive models to make predictions of individual susceptibility to phishing emails, in real-time, to drive an adaptive, personalized anti-phishing training task. Our automated cognitive training system is expected to contribute to a huge savings in training personnel, time needed for training, and improve overall security from threats of phishing emails by empowering end-users with the ability to be pro-active in defense against phishing attacks.

Slides found here.

 

BIO

Edward Cranford earned his PhD in Cognitive Science from Mississippi State University in 2016 and is currently a postdoc in the Department of Psychology at Carnegie Mellon University, in the Functional Modeling Systems group, directed by Christian Lebiere. His research interests broadly include comprehension, prediction/anticipation, problem-solving, learning, and decision making, and the application of cognitive models to human-machine interactions. Dr. Cranford's current research is focused on understanding and modeling human decision making of adversaries in a cyber-security domain, modeling end-user response to phishing attacks, and developing adaptive, personalized interventions. In other research, he investigates how experts generate and select appropriate courses of action in dynamic and time-pressured situations.

Tags:
License: CC-2.5
Submitted by Regan Williams on