Neural Markers of Cybersecurity: An fMRI Study of Phishing and Malware Warnings

The security of computer systems often relies upon decisions and actions of end users. In this paper, we set out to investigate users' susceptibility to cybercriminal attacks by concentrating at the most fundamental component governing user behavior-the human brain. We introduce a novel neuroscience-based study methodology to inform the design of user-centered security systems as it relates to cybercrime. In particular, we report on an functional magnetic resonance imaging study measuring users' security performance and underlying neural activity with respect to two critical security tasks: (1) distinguishing between a legitimate and a phishing website and (2) heeding security (malware) warnings. We identify the neural markers that might be controlling users' performance in these tasks, and establish relationships between brain activity and behavioral performance as well as between users' personality traits and security behavior. Our results provide a largely positive perspective on users' capability and performance vis-à-vis these crucial security tasks. First, we show that users exhibit significant brain activity in key regions associated with decision-making, attention, and problem-solving (phishing and malware warnings) as well as language comprehension and reading (malware warnings), which means that users are actively engaged in these security tasks. Second, we demonstrate that certain individual traits, such as impulsivity measured via an established questionnaire, are associated with a significant negative effect on brain activation in these tasks. Third, we discover a high degree of correlation in brain activity (in decision-making regions) across phishing detection and malware warnings tasks, which implies that users' behavior in one task may potentially be predicted by their behavior in the other. Fourth, we discover high functional connectivity among the core regions of the brain, while users performed the phishing detection task. Finally, we discuss the broader impacts and implications of our work on the field of user-centered security, including the domain of security education, targeted security training, and security screening.

[1]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[2]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[3]  James K. Kroger,et al.  Recruitment of anterior dorsolateral prefrontal cortex in human reasoning: a parametric study of relational complexity. , 2002, Cerebral cortex.

[4]  Shane Frederick,et al.  Valuing future life and future lives: A framework for understanding discounting , 2006 .

[5]  R. Buckner,et al.  Self-projection and the brain , 2007, Trends in Cognitive Sciences.

[6]  Joy J. Geng,et al.  Contextual Knowledge Configures Attentional Control Networks , 2011, The Journal of Neuroscience.

[7]  Dan Boneh,et al.  Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks , 2012, USENIX Security Symposium.

[8]  M. Paulus,et al.  Neurobiology of Decision Making: A Selective Review from a Neurocognitive and Clinical Perspective , 2005, Biological Psychiatry.

[9]  W. R. Cook,et al.  STEREO IMPACT Investigation Goals, Measurements, and Data Products Overview , 2008 .

[10]  Michael S. Wogalter,et al.  Communication-Human Information Processing (C-HIP) Model , 2018, Forensic Human Factors and Ergonomics.

[11]  Lorrie Faith Cranor,et al.  A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[12]  Kevin Murphy,et al.  An empirical investigation into the number of subjects required for an event-related fMRI study , 2004, NeuroImage.

[13]  Markus Jakobsson,et al.  Using Cartoons to Teach Internet Security , 2008, Cryptologia.

[14]  E. Koechlin,et al.  The role of the anterior prefrontal cortex in human cognition , 1999, Nature.

[15]  R. C. Oldfield THE ASSESSMENT AND ANALYSIS OF HANDEDNESS , 1971 .

[16]  Adrienne Porter Felt,et al.  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[17]  Dominic Charbonneau,et al.  An introduction to E-Prime , 2009 .

[18]  E. Miller,et al.  An integrative theory of prefrontal cortex function. , 2001, Annual review of neuroscience.

[19]  Rui Chen,et al.  Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model , 2011, Decis. Support Syst..

[20]  Justin L. Vincent,et al.  Distinct brain networks for adaptive and stable task control in humans , 2007, Proceedings of the National Academy of Sciences.

[21]  Helen Nissenbaum,et al.  Users' conceptions of web security: a comparative study , 2002, CHI Extended Abstracts.

[22]  Nitesh Saxena,et al.  Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings , 2014, NDSS.

[23]  H P Rang,et al.  Second messengers involved in the mechanism of action of bradykinin in sensory neurons in culture , 1989, The Journal of neuroscience : the official journal of the Society for Neuroscience.

[24]  Jonathan D. Cohen,et al.  Conflict monitoring and anterior cingulate cortex: an update , 2004, Trends in Cognitive Sciences.

[25]  Charles Wang,et al.  I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves , 2013, Financial Cryptography Workshops.

[26]  H. Johansen-Berg,et al.  Distinct and overlapping functional zones in the cerebellum defined by resting state functional connectivity. , 2010, Cerebral cortex.

[27]  Alain Forget,et al.  Lessons from Brain Age on password memorability , 2008, Future Play.

[28]  Julie Thorpe,et al.  Pass-thoughts: authenticating with our minds , 2005, NSPW '05.

[29]  Sarah Shomstein,et al.  Cognitive functions of the posterior parietal cortex: top-down and bottom-up attentional control , 2012, Front. Integr. Neurosci..

[30]  R W Cox,et al.  AFNI: software for analysis and visualization of functional magnetic resonance neuroimages. , 1996, Computers and biomedical research, an international journal.

[31]  Jie Zhang,et al.  Dopamine transporter genotype influences the physiological response to medication in ADHD. , 2006, Brain : a journal of neurology.

[32]  Adam Craig,et al.  Suspicious Minds: Exploring Neural Processes during Exposure to Deceptive Advertising , 2012 .

[33]  Andrew J. Parker,et al.  Human Neuroscience Original Research Article Human Cortical Activity Evoked by the Assignment of Authenticity When Viewing Works of Art , 2022 .

[34]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[35]  A M Dale,et al.  Event-related functional MRI: past, present, and future. , 1998, Proceedings of the National Academy of Sciences of the United States of America.

[36]  Jonathan D. Cohen,et al.  The Neural Basis of Economic Decision-Making in the Ultimatum Game , 2003, Science.

[37]  T. Smart,et al.  Distinct activities of GABA agonists at synaptic‐ and extrasynaptic‐type GABAA receptors , 2010, The Journal of physiology.

[38]  R. Murray,et al.  The cerebellum and decision making under uncertainty. , 2004, Brain research. Cognitive brain research.

[39]  Tommy Pattij,et al.  Dopamine receptor D1/D5 gene expression in the medial prefrontal cortex predicts impulsive choice in rats. , 2010, Cerebral cortex.

[40]  C. Frith,et al.  Functional imaging of ‘theory of mind’ , 2003, Trends in Cognitive Sciences.

[41]  Israel Liberzon,et al.  The neural correlates of intertemporal decision‐making: Contributions of subjective value, stimulus type, and trait impulsivity , 2011, Human brain mapping.

[42]  Lorrie Faith Cranor,et al.  Teaching Johnny not to fall for phish , 2010, TOIT.

[43]  D. Tank,et al.  Brain magnetic resonance imaging with contrast dependent on blood oxygenation. , 1990, Proceedings of the National Academy of Sciences of the United States of America.

[44]  C. Price The anatomy of language: contributions from functional neuroimaging , 2000, Journal of anatomy.

[45]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[46]  Dawn Xiaodong Song,et al.  On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces , 2012, USENIX Security Symposium.

[47]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[48]  S. Bookheimer Functional MRI of language: new approaches to understanding the cortical organization of semantic processing. , 2002, Annual review of neuroscience.

[49]  A. Owen,et al.  Anterior prefrontal cortex: insights into function from anatomy and neuroimaging , 2004, Nature Reviews Neuroscience.

[50]  Nina F Dronkers,et al.  The role of inferior parietal and inferior frontal cortex in working memory. , 2006, Neuropsychology.

[51]  Christopher B. Mayhorn,et al.  Will the "Phisher-Men" Reel You In?: Assessing Individual Differences in a Phishing Detection Task , 2015, Int. J. Cyber Behav. Psychol. Learn..

[52]  R. Menon,et al.  Spatial and temporal resolution of functional magnetic resonance imaging. , 1998, Biochemistry and cell biology = Biochimie et biologie cellulaire.

[53]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[54]  P. Hagoort On Broca, brain, and binding: a new framework , 2005, Trends in Cognitive Sciences.

[55]  John Monahan,et al.  Violence and mental disorder: Developments in risk assessment. , 1994 .

[56]  Lorrie Faith Cranor,et al.  Bridging the Gap in Computer Security Warnings: A Mental Model Approach , 2011, IEEE Security & Privacy.

[57]  Andrés Catena,et al.  Trait impulsivity and prefrontal gray matter reductions in cocaine dependent individuals. , 2012, Drug and alcohol dependence.

[58]  Leandro Fernandes Malloy-Diniz,et al.  Systematic review of psychometric proprieties of Barratt Impulsiveness Scale Version 11 (BIS-11). , 2012 .

[59]  E. Crone,et al.  Neural evidence for dissociable components of task-switching. , 2006, Cerebral cortex.

[60]  E. Barratt Impulsiveness and aggression. , 1994 .

[61]  R. C. Oldfield The assessment and analysis of handedness: the Edinburgh inventory. , 1971, Neuropsychologia.

[62]  J. Patton,et al.  Factor structure of the Barratt impulsiveness scale. , 1995, Journal of clinical psychology.

[63]  A. Friederici Towards a neural basis of auditory sentence processing , 2002, Trends in Cognitive Sciences.