Skip to main content
SpringerLink
Log in

Towards Practical Personalized Security Nudge Schemes: Investigating the Moderation Effects of Behavioral Features on Nudge Effects

  • Conference paper
  • First Online:
Science of Cyber Security (SciSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13580))

Included in the following conference series:

  • 945 Accesses

Abstract

The concept of “personalized security nudges” promises to solve the contradictions between people’s heterogeneity and one-size-fits-all security nudges, whereas the psychological traits needed for personalization are not easy to obtain. To address the problem, we propose to leverage users’ behaviors logged by information systems, from which multiple behavioral features are extracted. A between-subjects lab experiment was conducted, during which participants’ behavioral features and responses to three famous security nudges (the so-called nudge effects) were logged. To test the feasibility of our proposal, we analyzed the relationships between the behavioral features with the nudge effects and discovered the significant moderation effects expected for all the three security nudges involved. The results indicate the feasibility of personalizing security nudges according to user behaviors, liberating the personalized security nudge schemes from the dependence on psychological scales.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abdrabou, Y., Abdelrahman, Y., Khamis, M., Alt, F.: Think harder! Investigating the effect of password strength on cognitive load during password creation. In: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411763.3451636

  2. Acquisti, A., et al.: Nudges for privacy and security: understanding and assisting users’ choices online. ACM Comput. Surv.(CSUR) 50(3), 44 (2017). https://doi.org/10.1145/3054926

    Article  Google Scholar 

  3. Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015)

    Article  Google Scholar 

  4. Adjerid, I., Acquisti, A., Brandimarte, L., Loewenstein, G.: Sleights of privacy: framing, disclosures, and the limits of transparency. In: Proceedings of the ninth symposium on usable privacy and security. SOUPS 2013, p. 9. ACM, New York (2013). https://doi.org/10.1145/2501604.2501613

  5. Almuhimedi, H., et al.: Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. In: Proceedings of the 2015 CHI Conference on Human Factors in Computing Systems. CHI 2015, pp. 787–796. ACM, New York (2015). https://doi.org/10.1145/2702123.2702210

  6. Bahirat, P., Willemsen, M., He, Y., Sun, Q., Knijnenburg, B.: Overlooking context: how do defaults and framing reduce deliberation in smart home privacy decision-making? In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411764.3445672

  7. Berkovsky, S., Taib, R., Koprinska, I., Wang, E., Zeng, Y., Li, J., Kleitman, S.: Detecting personality traits using eye-tracking data. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. CHI 2019, pp. 1–12. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3290605.3300451

  8. Caraban, A., Karapanos, E., Gonçalves, D., Campos, P.: 23 ways to nudge: a review of technology-mediated nudging in human-computer interaction. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. CHI 2019, p. Paper No. 503. ACM, New York (2019). https://doi.org/10.1145/3290605.3300733

  9. Credemo: Credemop (2021). https://www.credamo.com

  10. Das, S., Kramer, A.D., Dabbish, L.A., Hong, J.I.: Increasing security sensitivity with social proof: a large-scale experimental confirmation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 739–749. ACM, New York (2014)

    Google Scholar 

  11. Egelman, S., Peer, E.: The myth of the average user: improving privacy and security systems through individualization. In: Proceedings of the 2015 New Security Paradigms Workshop. NSPW 2015, pp. 16–28. ACM, New York (2015). https://doi.org/10.1145/2841113.2841115

  12. Felt, A.P., et al.: Improving SSL warnings: comprehension and adherence. In: Proceedings of the 2015 CHI Conference on Human Factors in Computing Systems. CHI 2015, pp. 2893–2902. ACM, New York (2015). https://doi.org/10.1145/2702123.2702442

  13. Gluck, J., et al.: How short is too short? Implications of length and framing on the effectiveness of privacy notices. In: Twelfth Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2016), pp. 321–340. USENIX Association, Washington, D.C. (2016)

    Google Scholar 

  14. Golbeck, J., Robles, C., Edmondson, M., Turner, K.: Predicting personality from twitter. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pp. 149–156. IEEE (2011)

    Google Scholar 

  15. Golbeck, J., Robles, C., Turner, K.: Predicting personality with social media. In: CHI 2011 Extended Abstracts on Human Factors in Computing Systems, pp. 253–262 (2011)

    Google Scholar 

  16. Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A.: Correlating human traits and cyber security behavior intentions. Comput. Secur. 73, 345–358 (2018)

    Article  Google Scholar 

  17. Guo, Y., Zhang, Z., Guo, Y., Guo, X.: Nudging personalized password policies by understanding users’ personality. Comput. Secur. 94(3), 101801 (2020)

    Article  Google Scholar 

  18. Jia, Y., Xu, B., Karanam, Y., Voida, S.: Personality-targeted gamification: a survey study on personality traits and motivational affordances. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. CHI 2016, pp. 2001–2013. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2858036.2858515

  19. Joireman, J., Shaffer, M.J., Balliet, D., Strathman, A.: Promotion orientation explains why future-oriented people exercise and eat healthy: evidence from the two-factor consideration of future consequences-14 scale. Pers. Soc. Psychol. Bull. 38(10), 1272–1287 (2012)

    Article  Google Scholar 

  20. Katsini, C., Fidas, C., Raptis, G.E., Belk, M., Samaras, G., Avouris, N.: Influences of human cognition and visual behavior on password strength during picture password composition. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. CHI 2018, p. 87. ACM, New York (2018). https://doi.org/10.1145/3173574.3173661

  21. Khan, I.A., Brinkman, W., Fine, N., Hierons, R.M.: Measuring personality from keyboard and mouse use. In: Abascal, J., Fajardo, I., Oakley, I. (eds.) ECCE 2008 - The Ergonomics of Cool Interaction, European Conference on Cognitive Ergonomics 2008, Funchal, Madeira, Portugal, 16–19 September 2008, p. 38. ACM (2008). https://doi.org/10.1145/1473018.1473066

  22. Komanduri, S., Shay, R., Cranor, L.F., Herley, C., Schechter, S.: Telepathwords: preventing weak passwords by reading users’ minds. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 14), pp. 591–606. USENIX Association, Washington, D.C. (2014)

    Google Scholar 

  23. Li, L., Chu, W., Langford, J., Schapire, R.E.: A contextual-bandit approach to personalized news article recommendation. In: Proceedings of the 19th International Conference on World Wide Web. WWW 2010, pp. 661–670. Association for Computing Machinery, New York (2010). https://doi.org/10.1145/1772690.1772758

  24. Malkin, N., Mathur, A., Harbach, M., Egelman, S.: Personalized security messaging: nudges for compliance with browser warnings. In: 2nd European Workshop on Usable Security. EuroUSEC 2017, pp. 1–12. Internet Society, Reston (2017). https://doi.org/10.14722/eurousec.2017.23008

  25. Orji, R., Nacke, L.E., Di Marco, C.: Towards personality-driven persuasive health games and gamified systems. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems CHI 2017, pp. 1015–1027, Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3025453.3025577

  26. Peer, E., Egelman, S., Harbach, M., Malkin, N., Mathur, A., Frik, A.: Nudge me right: Personalizing online security nudges to people’s decision-making styles. Comput. Hum. Behav. 109(12), 106347 (2020)

    Article  Google Scholar 

  27. Petelka, J., Zou, Y., Schaub, F.: Put your warning where your link is: improving and evaluating email phishing warnings. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. CHI 2019, p. 518. ACM, New York (2019). https://doi.org/10.1145/3290605.3300748

  28. Preacher, K.J., Curran, P.J., Bauer, D.J.: Computational tools for probing interactions in multiple linear regression, multilevel modeling, and latent curve analysis. J. Educ. Behav. Stat. 31(4), 437–448 (2006)

    Article  Google Scholar 

  29. Qu, L., Wang, C., Xiao, R., Shi, W., Liang, B.: Towards better security decisions: applying prospect theory to cybersecurity. In: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems. CHI EA 2019, p. Paper No. LBW2613. ACM, New York (2019). https://doi.org/10.1145/3290607.3312782

  30. Qu, L., Xiao, R., Wang, C., Shi, W.: Design and evaluation of CFC-targeted security nudges. In: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411763.3451624

  31. Raptis, G.E., Fidas, C.A., Katsini, C., Avouris, N.M.: Towards a cognition-centered personalization framework for cultural-heritage content. In: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems. CHI EA 2018, pp. 1–6. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3170427.3190613

  32. Raptis, G.E., Katsini, C., Cen, A.J.l., Arachchilage, N.A.G., Nacke, L.E.: Better, funner, stronger: a gameful approach to nudge people into making less predictable graphical password choices. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411764.3445658

  33. Rose, J., Liu, Y., Awad, A.: Biometric authentication using mouse and eye movement data. In: 2017 IEEE Security and Privacy Workshops, SP Workshops 2017, San Jose, CA, USA, 25 May 2017, pp. 47–55. IEEE Computer Society (2017). https://doi.org/10.1109/SPW.2017.18

  34. Rosenman, R., Tennekoon, V., Hill, L.G.: Measuring bias in self-reported data. Int. J. Behav. Healthc. Res. 2(4), 320–332 (2011)

    Article  Google Scholar 

  35. Samat, S., Acquisti, A.: Format vs. content: the impact of risk and presentation on disclosure decisions. In: Thirteenth Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2017), pp. 377–384. USENIX Association, Washington, D.C. (2017)

    Google Scholar 

  36. Schöning, C., Matt, C., Hess, T.: Personalised nudging for more data disclosure? On the adaption of data usage policies format to cognitive styles. In: Proceedings of the 52nd Hawaii International Conference on System Sciences. HICSS 2019, pp. 4395–4404. University of Hawaii at Manoa, Honolulu (2019). https://doi.org/10.24251/HICSS.2019.532

  37. Scott, S.G., Bruce, R.A.: Decision-making style: the development and assessment of a new measure. Educ. Psychol. Meas. 55(5), 818–831 (1995)

    Article  Google Scholar 

  38. Shi, Y., Ye, D., Goder, A., Narayanan, S.: A large scale machine learning system for recommending heterogeneous content in social networks. In: Proceedings of the 34th International ACM SIGIR Conference on Research and Development in Information Retrieval. SIGIR 2011, pp. 1337–1338. Association for Computing Machinery, New York (2011). https://doi.org/10.1145/2009916.2010189

  39. Stachl, C., et al.: Predicting personality from patterns of behavior collected with smartphones. Proc. Natl. Acad. Sci. 117(30), 17680–17687 (2020)

    Article  Google Scholar 

  40. Sunstein, C.R.: Nudging: a very short guide. J. Consum. Policy 37(4), 583–588 (2014)

    Article  Google Scholar 

  41. Thaler, R.H., Sunstein, C.R.: Nudge: Improving Decisions About Health, Wealth, and Happiness. Penguin, New York (2009)

    Google Scholar 

  42. Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. CHI 2017, pp. 3775–3786. ACM, New York (2017). https://doi.org/10.1145/3025453.3026050

  43. Wang, W., Srivastava, G., Lin, J.C.W., Yang, Y., Alazab, M., Gadekallu, T.R.: Data freshness optimization under CAA in the UAV-aided MECN: a potential game perspective. IEEE Trans. Intell. Transp. Syst. 1–10 (2022). https://doi.org/10.1109/TITS.2022.3167485

  44. Wang, Y., Gou, L., Xu, A., Zhou, M.X., Yang, H., Badenes, H.: Veilme: an interactive visualization tool for privacy configuration of using personality traits. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. CHI 2015, pp. 817–826. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2702123.2702293

  45. Wang, Y., Leon, P.G., Acquisti, A., Cranor, L.F., Forget, A., Sadeh, N.: A field trial of privacy nudges for Facebook. In: Proceedings of the 2014 CHI Conference on Human Factors in Computing Systems. CHI 2014, pp. 2367–2376. ACM, New York (2014). https://doi.org/10.1145/2556288.2557413

  46. Wheeler, D.L.: ZXCVBN: low-budget password strength estimation. In: 25th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 16), pp. 157–173. USENIX Association, Washington, D.C. (2016)

    Google Scholar 

  47. Yan, J., Liu, N., Wang, G., Zhang, W., Jiang, Y., Chen, Z.: How much can behavioral targeting help online advertising? In: Proceedings of the 18th International Conference on World Wide Web. WWW 2009, pp. 261–270. Association for Computing Machinery, New York (2009). https://doi.org/10.1145/1526709.1526745

  48. Zhang, B., Sundar, S.S.: Proactive vs. reactive personalization: can customization of privacy enhance user experience? Int. J. Hum.-Comput. Stud. 128, 86–99 (2019)

    Google Scholar 

  49. Zhao, Y., Miao, D., Cai, Z.: Reading personality preferences from motion patterns in computer mouse operations. IEEE Trans. Affect. Comput. 1 (2020). https://doi.org/10.1109/TAFFC.2020.3023296

  50. Zimmermann, V., Renaud, K.: The nudge puzzle: matching nudge interventions to cybersecurity decisions. ACM Trans. Comput. Hum. Interact. 28(1), 7:1–7:45 (2021). https://doi.org/10.1145/3429888

Download references

Acknowledgements

This work was supported by the National Natural Science Foundation of China under Grant No. 61472429 and Grant No. 61772538; the National Key R &D Program of China under Grant No. 2017YFB1400702 and Grant No. 2020YFB1005600.

Author information

Authors and Affiliations

  1. Renmin University of China, Beijing, People’s Republic of China

    Leilei Qu, Ruojin Xiao & Wenchang Shi

Authors
  1. Leilei Qu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruojin Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenchang Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenchang Shi .

Editor information

Editors and Affiliations

  1. University of Aizu, Aizuwakamatsu, Fukushima, Japan

    Chunhua Su

  2. Kyushu University, Fukuoka, Japan

    Kouichi Sakurai

  3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Feng Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Qu, L., Xiao, R., Shi, W. (2022). Towards Practical Personalized Security Nudge Schemes: Investigating the Moderation Effects of Behavioral Features on Nudge Effects. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17551-0_33

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17550-3

  • Online ISBN: 978-3-031-17551-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation