This site uses cookies

By using this site, you consent to our use of cookies. You can view our terms and conditions for more information.

Combining machine learning and cognitive models for adaptive phishing training

Dr. Edward Cranford
Institute for Human and Machine Cognition ~ Healthspan, Resilience & Performance
Dr. Shahin Jabbari
Drexel University ~ Department of Computer Science
Dr. Han-Ching Ou
Harvard University ~ Department of Computer Science
Dr. Milind Tambe
Harvard University ~ Center for Research on Computation and Society
Prof. Cleotilde (Coty) Gonzalez
Carnegie Mellon University ~ Social and Decision Sciences Department
Christian Lebiere
Department of Psychology, Carnegie Mellon University, Pittsburgh, PA 15213 USA

Organizations typically use simulation campaigns to train employees to detect phishing emails but are non-personalized and fail to account for human experiential learning and adaptivity. We propose a method to improve the effectiveness of training by combining cognitive modeling with machine learning methods. We frame the problem as one of scheduling and use the restless multi-armed bandit (RMAB) framework to select which users to target for intervention at each trial, while using a cognitive model of phishing susceptibility to inform the parameters of the RMAB. We compare the effectiveness of the RMAB solution to two purely cognitive approaches in a series of simulation studies using the cognitive model as simulated participants. Both approaches show improvement compared to random selection and we highlight the pros and cons of each approach. We discuss the implications of these findings and future research that aims to combine the benefits of both methods for a more effective solution.



cognitive models
restless multi-armed bandit
Instance-Based Learning

There is nothing here yet. Be the first to create a thread.

Cite this as:

Cranford, E. A., Jabbari, S., Ou, H.-C., Tambe, M., Gonzalez, C., & Lebiere, C. (2022, July). Combining machine learning and cognitive models for adaptive phishing training. Paper presented at In-Person MathPsych/ICCM 2022. Via