INADVERT: An Interactive and Adaptive Counterdeception Platform for Attention Enhancement and Phishing Prevention

Deceptive attacks exploiting the innate and the acquired vulnerabilities of human users have posed severe threats to information and infrastructure security. This work proposes INADVERT, a systematic solution that generates interactive visual aids in real-time to prevent users from inadvertence and counter visual-deception attacks. Based on the eye-tracking outcomes and proper data compression, the INADVERT platform automatically adapts the visual aids to the user’s varying attention status captured by the gaze location and duration. We extract system-level metrics to evaluate the user’s average attention level and characterize the magnitude and frequency of the user’s mind-wandering behaviors. These metrics contribute to an adaptive enhancement of the user’s attention through reinforcement learning. To determine the optimal hyper-parameters in the attention enhancement mechanism, we develop an algorithm based on Bayesian optimization to efficiently update the design of the INADVERT platform and maximize the accuracy of the users’ phishing recognition.

[1]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[2]  Daisuke Miyamoto,et al.  Eye Can Tell: On the Correlation Between Eye Movement and Phishing Identification , 2015, ICONIP.

[3]  Quanyan Zhu,et al.  Game Theory for Cyber Deception , 2021, Static & Dynamic Game Theory: Foundations & Applications.

[4]  Quanyan Zhu,et al.  Game of Duplicity: A Proactive Automated Defense Mechanism by Deception Design , 2020, ArXiv.

[5]  R. Yerkes,et al.  The relation of strength of stimulus to rapidity of habit‐formation , 1908 .

[6]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[7]  J. McAlaney,et al.  Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking , 2020, Frontiers in Psychology.

[8]  Recent Advances in Optimization and Modeling of Contemporary Problems , 2018 .

[9]  Erik Andersen,et al.  What.Hack: Engaging Anti-Phishing Training Through a Role-playing Phishing Simulation Game , 2019, CHI.

[10]  Ronald C. Dodge,et al.  Phishing for user security awareness , 2007, Comput. Secur..

[11]  Jacob Leon Kröger,et al.  What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking , 2019, Privacy and Identity Management.

[12]  Ninghui Li,et al.  Is Domain Highlighting Actually Helpful in Identifying Phishing Web Pages? , 2017, Hum. Factors.

[13]  Quanyan Zhu,et al.  A Dynamic Games Approach to Proactive Defense Strategies against Advanced Persistent Threats in Cyber-Physical Systems , 2019, Comput. Secur..

[14]  Nicholas H. Müller,et al.  Where the User Does Look When Reading Phishing Mails - An Eye-Tracking Study , 2019, HCI.

[15]  David Beymer,et al.  WebGazeAnalyzer: a system for capturing and analyzing web reading behavior using eye gaze , 2005, CHI Extended Abstracts.

[16]  Youssef Iraqi,et al.  Phishing Detection: A Literature Survey , 2013, IEEE Communications Surveys & Tutorials.

[17]  Florian Alt,et al.  The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions , 2020, CHI.

[18]  Ankit Kumar Jain,et al.  Phishing Detection: Analysis of Visual Similarity Based Approaches , 2017, Secur. Commun. Networks.

[19]  Sören Preibusch,et al.  Privacy considerations for a pervasive eye tracking world , 2014, UbiComp Adjunct.

[20]  Quanyan Zhu,et al.  Stuck on a phishing lure: differential use of base rates in self and social judgments of susceptibility to cyber risk , 2020, Comprehensive Results in Social Psychology.

[21]  Vijay H. Kothari,et al.  Eyes on URLs: Relating Visual Behavior to Safety Decisions , 2020, ETRA.

[22]  P. Frazier Bayesian Optimization , 2018, Hyperparameter Optimization in Machine Learning.