Abstract
As phishing threats intensify, incidents like the “COVID-19 vaccination form” phishing website underscore the limitations of relying solely on traditional firewall-based defenses. Consequently, there is a growing inclination towards user-centered anti-phishing solutions, exemplified by training games such as What.Hack. But could we proactively notify users in real time when they are on the brink of a scam or when their attention wanes? Our research explores machine learning and eye-tracking to identify email-reading weak spots and gauge a user’s risk of succumbing to phishing lures. We put forth innovative hybrid models, TransMLP Link and TransMLP Hybrid, melding the strengths of both Transformer and MLP. Our method also facilitates consistent interpretation of eye-tracking data across varied email interfaces and displays. Our TransMLP Hybrid model boasts an 88.75% accuracy rate, outperforming the standard Transformer model. Our research points to the future of anti-phishing tools that elegantly combine technological advancements with insights into human behavior.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Alkhalil, Z., Hewage, C., Nawaf, L., Khan, I.: Phishing attacks: a recent comprehensive study and a new anatomy. Front. Comput. Sci. 3, 563060 (2021)
Aonzo, S., Merlo, A., Tavella, G., Fratantonio, Y.: Phishing attacks on modern android. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1788–1801, 2018
Arachchilage, N.A.G., Love, S.: A game design framework for avoiding phishing attacks. Comput. Hum. Behav. 29(3), 706–714 (2013)
Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)
Bednarik, R., Eivazi, S., Vrzakova, H.: A computational approach for prediction of problem-solving behavior using support vector machines and eye-tracking data. In: Nakano, Y.I., Conati, C., Bader, T. (eds.) Eye Gaze in Intelligent User Interfaces: Gaze-based Analyses, Models and Applications, pp. 111–134. Springer London, London (2013). https://doi.org/10.1007/978-1-4471-4784-8_7
Bhattacharya, N., Rakshit, S., Gwizdka, J., Kogut, P.: Relevance prediction from eye-movements using semi-interpretable convolutional neural networks. In: Proceedings of the 2020 Conference on Human Information Interaction and Retrieval, pp. 223–233, 2020
Caputo, D.D., Pfleeger, S.L., Freeman, J D., Johnson, M.E.: Going spear phishing: Exploring embedded training and awareness. IEEE Secur. Priv. 12(1), 28–38, 2014
Chanti, S., Chithralekha, T.: Classification of anti-phishing solutions. SN Comput. Sci. 1(1), 11 (2020)
Cui, Q., Jourdan, G-V., Bochmann, G V., Couturier, R., Onut, I-V.: Tracking phishing attacks over time. In: Proceedings of the 26th International Conference on World Wide Web, pp. 667–676, 2017
Das, S., Christena, N-E., Camp, L.J.: Evaluating user susceptibility to phishing attacks. Inf. Comput. Secur. 30(1), 1–18, 2022
John, B.D., Peacock, C., Zhang, T., Murdison, T.S., Benko, H., Jonker, T.R.: Towards gaze-based prediction of the intent to interact in virtual reality. In: ACM Symposium on Eye Tracking Research and Applications, pp. 1–7, 2021
Dhamija, R., Tygar, J.D., Hearst, M. :Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590, 2006
Jr, R.C.D., Carver, C., Ferguson, A.J.:Phishing for user security awareness. Comput. Secur. 26(1):73–80, 2007
Han, X., Kheir, N., Balzarotti, D. Phisheye: live monitoring of sandboxed phishing kits. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1402–1413, 2016
Huang, C.-M., Andrist, S., Sauppé, A., Mutlu, B.: Using gaze patterns to predict task intent in collaboration. Front. Psychol. 6, 1049 (2015)
Huang, L., Jia, S., Balcetis, E., Zhu, Q.: Advert: an adaptive and data-driven attention enhancement mechanism for phishing prevention. IEEE Trans. Inf. Forensics Secur. 17, 2585–2597 (2022)
Ishii, R., Ooko, R., Nakano, Y.I., Nishida, T. Effectiveness of gaze-based engagement estimation in conversational agents. In: Eye Gaze in Intelligent User Interfaces: Gaze-Based Analyses, Models and Applications, pp. 85–110, 2013
Just, M.A., Carpenter, P.A.: A theory of reading: from eye fixations to comprehension. Psychol. Rev. 87(4):329, 1980
Kay, R., phish, F.: Fake mandatory Covid-19 vaccine form, 2023. https://www.inky.com/en/blog/fake-mandatory-Covid-19-vaccine-form
Koggalahewa, D., Yue, X., Foo, E.: An unsupervised method for social network spammer detection based on user information interests. J. Big Data 9(1), 1–35 (2022)
Miyamoto, Daisuke, Hazeyama, Hiroaki, Kadobayashi, Youki: An Evaluation of Machine Learning-Based Methods for Detection of Phishing Sites. In: Köppen, Mario, Kasabov, Nikola, Coghill, George (eds.) ICONIP 2008. LNCS, vol. 5506, pp. 539–546. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02490-0_66
Murtagh, F.: Multilayer perceptrons for classification and regression. Neurocomputing 2(5–6), 183–197 (1991)
Sharma, P., Dash, B., Ansari, M F.: Anti-phishing techniques-a review of cyber defense mechanisms. Int. J. Adv. Res. Comput. Commun. Eng. ISO, 3297:2007, 2022
Sheng, S., et al.: Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp 88–99, 2007
Shie, E.W.S.: Critical analysis of current research aimed at improving detection of phishing attacks. Sel. Comput. Res. pap. 45, 2020
Stein, N., Bremer, G., Lappe, M.: Eye tracking-based LSTM for locomotion prediction in VR. In: 2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR), pp. 493–503. IEEE, 2022
Subasi, A., Molah, E., Almkallawi, F., Chaudhery, T.J.: Intelligent phishing website detection using random forest classifier. In: 2017 International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–5. IEEE, 2017
Vaswani, A., et al.: Attention is all you need. Advances in neural information processing systems, 30, 2017
Wei, P., Liu, Y., Shu, T., Zheng, N., Zhu, S-C.: Where and why are they looking? jointly inferring human attention and intentions in complex tasks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 6801–6809, 2018
Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What. hack: engaging anti-phishing training through a role-playing phishisng simulation game. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–12, 2019
Acknowledgments
The authors gratefully acknowledge support from the China Postdoctoral Science Foundation under grant number 2022M720889. The authors would like to thank the anonymous reviewers for their valuable comments and helpful suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Xu, N., Fan, J., Wen, Z. (2024). Email Reading Behavior-Informed Machine Learning Model to Predict Phishing Susceptibility. In: Vaidya, J., Gabbouj, M., Li, J. (eds) Artificial Intelligence Security and Privacy. AIS&P 2023. Lecture Notes in Computer Science, vol 14509. Springer, Singapore. https://doi.org/10.1007/978-981-99-9785-5_40
Download citation
DOI: https://doi.org/10.1007/978-981-99-9785-5_40
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-9784-8
Online ISBN: 978-981-99-9785-5
eBook Packages: Computer ScienceComputer Science (R0)