Simulating Phishing Email Processing with Instance-Based Learning and Cognitive Chunk Activation
We present preliminary steps applying computational cognitive modeling to research decision-making of cybersecurity users. Building from a recent empirical study, we adapt Instance-Based Learning Theory and ACT-R’s description of memory chunk activation in a cognitive model representing the mental process of users processing emails. In this model, a user classifies emails as phishing or legitimate by counting the number of suspicious-seeming cues in each email; these cues are themselves classified by examining similar, past classifications in long-term memory. When the sum of suspicious cues passes a threshold value, that email is classified as phishing. In a simulation, we manipulate three parameters (suspicion threshold; maximum number of cues processed; weight of similarity term) and examine their effects on accuracy, false positive/negative rates, and email processing time.
KeywordsPhishing Cognitive modeling Chunk activation
This work is supported under the National Science Foundation Award No. 1544493.
- 1.ACT-R Software. http://act-r.psy.cmu.edu/software/
- 4.Gudkova, D., Vergelis, M., Shcherbakova, T., Demidova, N.: Spam and phishing in 2017. Securelist (2018). https://securelist.com/spam-and-phishing-in-2017/83833. Accessed 8 Oct 2018
- 5.Jones, R.M., et al.: Modeling and integrating cognitive agents within the emerging cyber domain. In: Interservice/Industry Training, Simulation, and Education Conference (2015)Google Scholar
- 6.Kaur, A., Dutt, V., Gonzalez, C.: Modelling the security analyst’s role: effects of similarity and past experience on cyber attack detection. In: Proceedings of the 22nd Annual Conference on Behavior Representation in Modeling and Simulation (2013)Google Scholar
- 7.Laird, J.: The Soar Cognitive Architecture. MIT Press, Cambridge (2012)Google Scholar
- 9.Veksler, V.D., Buchler, N.: Know your enemy: applying cognitive modeling in security domain. In: 38th Annual Meeting of the Cognitive Science Society, Philadelphia (2016)Google Scholar
- 10.Veksler, V.D., et al.: Simulations in cyber-security: a review of cognitive modeling of network attackers, defenders, and users. Front. Psychol. 9 (2018). https://doi.org/10.3389/fpsyg.2018.00691
- 11.Vishwanath, A., Harrison, B., Ng, Y.J.: Suspicion, Cognition, Automaticity Model (SCAM) of Phishing Susceptibility. Communication Research (in-press)Google Scholar
- 12.Zhang, H., Singh, S., Li, X., Dahbura, A., Xie, M.: Multitasking and monetary incentive in a realistic phishing study. In: British Human Computer Interaction Conference (2018)Google Scholar