论文信息 - An Investigation of Heuristics of Human Judgment in Detecting Deception and Potential Implications in Countering Social Engineering

An Investigation of Heuristics of Human Judgment in Detecting Deception and Potential Implications in Countering Social Engineering

Social engineering (as used by the military or law-enforcement) is the emerging technique for obtaining classified information by interacting and deceiving people who can access that information. Rather than using traditional techniques of attacking the technical shields such as firewalls, many sophisticated computer hackers find that social engineering is more effective and difficult to detect by humans. Why can people not effectively detect social engineering, or more specifically, the art of deception? What can be done to augment human abilities for the task? The current findings warrant several possibilities that influence human ability to detect deception. Factors include such things as truth-bias, stereotypical thinking and processing ability. Knowing that human detection ability is limited, we propose a method to automatically detect deception that potentially assists humans. Results show that a system, using discriminant analysis to classify deception performed significantty better than humans in detecting deception. The findings can also be applied to general situations to ensure information authentication scenarios other than social engineering.

Judee K. Burgoon | Tiantian Qin

[1] A. Vrij. Detecting Lies and Deceit: The Psychology of Lying and the Implications for Professional Practice , 2000 .

[2] William L. Simon,et al. The Art of Deception: Controlling the Human Element of Security , 2001 .

[3] J. Burgoon,et al. The Dynamic Nature of Deceptive Verbal Communication , 2006 .

[4] Paul Ekman,et al. The effect of comparisons on detecting deceit , 1988 .

[5] M. Zuckerman. Verbal and nonverbal communication of deception , 1981 .

[6] S. Chaiken. Heuristic versus systematic information processing and the use of source versus message cues in persuasion. , 1980 .

[7] J. Burgoon,et al. Nonverbal Communication: The Unspoken Dialogue , 1988 .

[8] B. Loader,et al. Cybercrime : law enforcement, security and surveillance in the information age , 2000 .

[9] Herbert J. Mattord,et al. Principles of Information Security , 2004 .

[10] K. Fiedler,et al. Training lie detectors to use nonverbal cues instead of global heuristics , 1993 .