Close
This site uses cookies

By using this site, you consent to our use of cookies. You can view our terms and conditions for more information.

Modeling phishing susceptibility as decisions from experience

Authors
Dr. Edward Cranford
Institute for Human and Machine Cognition ~ Healthspan, Resilience & Performance
Kuldeep Singh
Carnegie Mellon University ~ Department of Social and Decision Sciences
Palvi Aggarwal
Carnegie Mellon University
Prof. Cleotilde (Coty) Gonzalez
Carnegie Mellon University ~ Social and Decision Sciences Department
Christian Lebiere
Department of Psychology, Carnegie Mellon University, Pittsburgh, PA 15213 USA
Abstract

Traditional anti-phishing training is often non-personalized and does not typically account for human experiential learning. However, to personalize training, one requires accurate models and predictions of individual susceptibility to phishing emails. The present research is a step toward this goal. We propose an Instance-Based Learning model of phishing detection decision-making, constructed in the ACT-R cognitive architecture. We demonstrate the model’s ability to predict behavior in a frequency training study, and its generality by predicting behavior in another phishing detection study. The results shed additional light on human susceptibility to phishing emails and highlight the effectiveness of modeling phishing detection as decisions from experience. We discuss the implications of these results for personalized anti-phishing training.

Tags

Keywords

phishing
cybersecurity
personalized training
decision making
instance-based learning theory
ACT-R
Discussion
New

There is nothing here yet. Be the first to create a thread.

Cite this as:

Cranford, E. A., Singh, K., Aggarwal, P., Gonzalez, C., & Lebiere, C. (2021, July). Modeling phishing susceptibility as decisions from experience. Paper presented at Virtual MathPsych/ICCM 2021. Via mathpsych.org/presentation/609.