Characterisation of Human Behaviours Against Cyber Attacks

Chanon Kachornvuthidej, School of Information Technology and Electrical Engineering, The University of Queensland, ITEE Office General Purpose South Brisbane Queensland Australia 4067

Modern cybersecurity efforts are concentrated on the development of sophisticated algorithms and security tools that can automatically detect and warn users of potential attacks. Despite having effective automated tools, users are still falling for these online scams with statistics of global data breach indicating an upward trend. This contradiction is as a result of the poor usability, lacking an understanding of the online human-computer interaction experience. The current project aims to address the usability issue of these automated tools by applying psychological principles to investigate users’ cognitive processes (what are they looking at and what are they thinking) while performing tasks online. This understanding that the current project aims to achieve is not only crucial for developers to design a more user-friendly automated system, but also a safer online experience for all. Participants engaged in an email classification task responding whether the presented emails on a computer is phishing or genuine by pressing a key on the keyboard. An eye tracker is used to capture their behaviour (gaze movement) followed by a short questionnaire. Results indicate participants exercise common online protection techniques such as not clicking on unknown links, verifying the sender’s address, and not filling out forms with personal information, indicating some level of cybersecurity awareness. Findings also uncover numerous techniques scammers used exploiting the psychological vulnerability of many online users such as visual deception, emotional manipulation, and cognitive overloading. A low-fidelity prototype of an improved automated tool is presented considering these findings with major enhancement towards the frequency of alerts, a risk-rating scale, and suggested action to mitigate risks encountered that these automated tools often produced. Future research could continue to develop medium and high fidelity building upon the current prototype while advancing the exploration of online users’ cognitive processes by applying psychological principles within cybersecurity.  

Additional Abstract Information

Presenter: Chanon Kachornvuthidej

Institution: University of Queensland

Type: Oral

Subject: Computer Science

Status: Approved

Time and Location

Session: Oral 2
Date/Time: Mon 3:00pm-4:00pm
Session Number: 211
List other presenters in this same room and session