Skip to main content
SpringerLink
Log in

Integrating Human Factors into Agent-Based Simulation for Dynamic Phishing Susceptibility

  • Conference paper
  • First Online:
Social, Cultural, and Behavioral Modeling (SBP-BRiMS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14161))

Abstract

Many researchers focus on developing virtual testbeds to assess the magnitude of cyberattack damage and evaluate the effectiveness of cyber defense strategies in different cyber attack scenarios. These testbeds provide a controlled and cost-effective environment for simulating attacks and studying their impact on organizational security. One of the major challenges in developing such testbeds is accurately capturing the human factors in cybersecurity. Phishing attacks, in particular, exploit human vulnerabilities and can lead to significant security breaches. However, modeling and simulating human susceptibility to phishing in virtual environments is complex due to the dynamic nature of human behavior and the interplay of various factors. This paper addresses this challenge by proposing an agent-based modeling framework that incorporates human factors to simulate dynamic phishing susceptibility. The framework allows modeler to specify and assign weights to various human factors, such as personality traits and training history, which influence individuals’ susceptibility to phishing attacks. By leveraging this framework, modelers can run virtual cyber attack simulations with dynamically changing phishing susceptibility among the simulated end user agents. This enables the testing and evaluation of different cyber defense strategies in the context of realistic human behavior.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zografopoulos, I., Ospina, J., Liu, X., Konstantinou, C.: Cyber-physical energy systems security: threat modeling, risk assessment, resources, metrics, and case studies. IEEE Access 9, 29775–29818 (2021)

    Article  Google Scholar 

  2. Crussell, J., Kroeger, T.M., Brown, A., Phillips, C.: Virtually the same: comparing physical and virtual testbeds. In: 2019 International Conference on Computing, Networking and Communications (ICNC), pp. 847–853. IEEE, 2019

    Google Scholar 

  3. Carley, K.M.: Computational organization science: a new frontier. In: Proceedings of the National Academy of Sciences 99, no. suppl_3, 7257–7262 (2002)

    Google Scholar 

  4. IBM: IBM security services 2014 cyber security intelligence index. (2014)

    Google Scholar 

  5. Gosling, S.D., Rentfrow, P.J., Swann, W.B.: A very brief measure of the big-five personality domains. J. Res. Pers. 37(6), 504–528 (2003)

    Article  Google Scholar 

  6. Dobson, G.B., Carley, K.M.: Cyber-FIT: an agent-based modelling approach to simulating cyber warfare. In: Lee, D., Lin, Y.-R., Osgood, N., Thomson, R. (eds.) SBP-BRiMS 2017. LNCS, vol. 10354, pp. 139–148. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60240-0_18

    Chapter  Google Scholar 

  7. Dobson, G.B., Carley, K.M.: A computational model of cyber situational awareness. In: Thomson, R., Dancy, C., Hyder, A., Bisgin, H. (eds.) SBP-BRiMS 2018. LNCS, vol. 10899, pp. 395–400. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93372-6_43

    Chapter  Google Scholar 

  8. Shin, J., Dobson, G.B., Carley, K.M., Richard Carley, L.: OSIRIS: organization simulation in response to intrusion strategies. In: Social, Cultural, and Behavioral Modeling: 15th International Conference, SBP-BRiMS 2022, Pittsburgh, PA, USA, September 20–23, 2022, Proceedings, pp. 134–143. Springer International Publishing, Cham (2022). https://doi.org/10.1007/978-3-031-17114-7_13

  9. Shin, J., Richard Carley, L., Dobson, G.B., Carley, K.M.: Modeling and simulation of the human firewall against phishing attacks in small and medium-sized businesses. In: 2023 Annual Modeling and Simulation Conference (ANNSIM), pp. 369–380. IEEE (2023)

    Google Scholar 

  10. Uebelacker, S., Quiel, S.: The social engineering personality framework. In: 2014 Workshop on Socio-Technical Aspects in Security and Trust, pp. 24–30. IEEE (2014)

    Google Scholar 

  11. Parrish, J.L., Bailey, J.L., Courtney, J.F.: A personality based model for determining susceptibility to phishing attacks. Little Rock: University of Arkansas, 285–296 (2009)

    Google Scholar 

  12. Tornblad, M.K., Jones, K.S., Siami Namin, A., Choi, J.: Characteristics that predict phishing susceptibility: a review. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 65, no. 1, pp. 938–942. Sage CA: Los Angeles, CA: SAGE Publications (2021)

    Google Scholar 

  13. Lin, T., et al.: Susceptibility to spear-phishing emails: effects of internet user demographics and email content. ACM Trans. Comput.-Hum. Interact. (TOCHI) 26(5), 1–28 (2019)

    Article  Google Scholar 

  14. Lawson, P., Zielinska, O., Pearson, C., Mayhorn, C.B.: Interaction of personality and persuasion tactics in email phishing attacks. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 61, no. 1, pp. 1331–1333. Sage CA: Los Angeles, CA: SAGE Publications (2017)

    Google Scholar 

  15. Purkait, S., De Kumar, S., Suar, D.: An empirical investigation of the factors that influence Internet user’s ability to correctly identify a phishing website. Inf. Manage. Comput. Secur. 22(3), 194–234 (2014)

    Article  Google Scholar 

  16. Ebbinghaus, H.: Memory: a contribution to experimental psychology. Ann. Neurosci. 20(4), 155 (2013)

    Article  Google Scholar 

  17. Kumaraguru, P., Rhee, Y., Acquisti, A., Faith Cranor, L., Hong, J., Nunge, E.: Protecting people from phishing: the design and evaluation of an embedded training email system. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 905–914 (2007)

    Google Scholar 

  18. Kumaraguru, P., Sheng, S., Acquisti, A., Faith Cranor, L., Hong, J.: Lessons from a real world evaluation of anti-phishing training. In: 2008 eCrime Researchers Summit, pp. 1–12. IEEE (2008)

    Google Scholar 

  19. Kumaraguru, P., et al.: Getting users to pay attention to anti-phishing education: evaluation of retention and transfer. In: Proceedings of the Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit, pp. 70–81 (2007)

    Google Scholar 

  20. Kumaraguru, P., et al.: School of phish: a real-world evaluation of anti-phishing training. In: Proceedings of the 5th Symposium on Usable Privacy and Security, pp. 1–12 (2009)

    Google Scholar 

  21. Sheng, S., Holbrook, M., Kumaraguru, P., Faith Cranor, L., Downs, J.: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 373–382 (2010)

    Google Scholar 

Download references

Acknowledgement

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This research was supported in part by the Minerva Research Initiative under Grant #N00014-21-1-4012, and by the center for Computational Analysis of Social and Organizational Systems (CASOS) at Carnegie Mellon University. The views and conclusions are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Office of Naval Research or the US Government.

Author information

Authors and Affiliations

  1. Center for Computational Analysis of Social and Organizational Systems, Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh, PA, 15213, USA

    Jeongkeun Shin, Kathleen M. Carley & L. Richard Carley

Authors
  1. Jeongkeun Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kathleen M. Carley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. L. Richard Carley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeongkeun Shin .

Editor information

Editors and Affiliations

  1. Army Cyber Institute, United States Military Academy, West Point, NY, USA

    Robert Thomson

  2. Creighton University, Omaha, NE, USA

    Samer Al-khateeb

  3. Oak Ridge National Laboratory, Oak Ridge, TN, USA

    Annetta Burger

  4. Carnegie Mellon University, Pittsburg, PA, USA

    Patrick Park

  5. Army Cyber Institute, United States Military Academy, West Point, NY, USA

    Aryn A. Pyke

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shin, J., Carley, K.M., Carley, L.R. (2023). Integrating Human Factors into Agent-Based Simulation for Dynamic Phishing Susceptibility. In: Thomson, R., Al-khateeb, S., Burger, A., Park, P., A. Pyke, A. (eds) Social, Cultural, and Behavioral Modeling. SBP-BRiMS 2023. Lecture Notes in Computer Science, vol 14161. Springer, Cham. https://doi.org/10.1007/978-3-031-43129-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-43129-6_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-43128-9

  • Online ISBN: 978-3-031-43129-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation