ABSTRACT
In this paper, we study the neural underpinnings relevant to user-centered web security through the lens of functional near-infrared spectroscopy (fNIRS). Specifically, we design and conduct an fNIRS study to pursue a thorough investigation of users' processing of legitimate vs. illegitimate and familiar vs. unfamiliar websites. We pinpoint the neural activity in these tasks as well as the brain areas that control such activity. We show that, at the neurological level, users process the legitimate websites differently from the illegitimate websites when subject to phishing attacks. Similarly, we show that users exhibit marked differences in the way their brains process the previously familiar websites from unfamiliar websites. These findings have several defensive and offensive implications. In particular, we discuss how these differences may be used by the system designers in the future to differentiate between legitimate and illegitimate websites automatically based on neural signals. Similarly, we discuss the potential for future malicious attackers, with access to neural signals, in compromising the privacy of users by detecting whether a website is previously familiar or unfamiliar to the user.
Compared to prior research, our novelty lies in several aspects. First, we employ a neuroimaging methodology (fNIRS) not tapped into by prior security research for the problem domain we are studying. Second, we provide a focused study design and comprehensive investigation of the neural processing underlying the specific tasks of legitimate vs. illegitimate and familiar vs. unfamiliar websites. Third, we use an experimental set-up much more amenable to real-world settings, compared to previous fMRI studies. Beyond these scientific innovations, our work also serves to corroborate and extend several of the findings of the prior literature with independent methodologies, tools, and settings.
- Alexa. http://www.alexa.com. {5-15-2016}.Google Scholar
- Internet Users. http://www.pewinternet.org/data-trend/internet-use/latest-stats/. {19-05-2016}.Google Scholar
- Phishtank. http://www.phishtank. com/. {19-05-2016}.Google Scholar
- Portalite fnirs system. http://www.artinis.com/portalite/. {7-28-2016}.Google Scholar
- Portamon wireless fnirs system. http://www.artinis.com/portamon/. {7-28-2016}.Google Scholar
- G. Aarin and R. Rasmussen. Global phishing survey 1h2014: Trends and domain name use. Technical Report 1H2014, APWG, 2014.Google Scholar
- D. Akhawe and A. P. Felt. Alice in warningland: A large-scale field study of browser security warning effectiveness. In USENIX Security Symposium'13. Google ScholarDigital Library
- B. B. Anderson, C. B. Kirwan, J. L. Jenkins, D. Eargle, S. Howard, and A. Vance. How polymorphic warnings reduce habituation in the brain: Insights from an fMRI study. In Conference on Human Factors in Computing Systems, 2015. Google ScholarDigital Library
- J. V. Baldo and N. F. Dronkers. The role of inferior parietal and inferior frontal cortex in working memory. Neuropsychology, 20(5):529, 2006.Google ScholarCross Ref
- M. A. Bhatt, T. Lohrenz, C. F. Camerer, and P. R. Montague. Distinct contributions of the amygdala and parahippocampal gyrus to suspicion in a repeated bargaining game. Proceedings of the National Academy of Sciences, 109(22):8728--8733, 2012.Google ScholarCross Ref
- K. Brodmann. Brodmann's: Localisation in the cerebral cortex. Springer Science & Business Media, 2007.Google Scholar
- R. B. Buxton, K. Uludağ. J. Dubowitz, and T. T. Liu. Modeling the hemodynamic response to brain activation. Neuroimage, 23:S220--S233, 2004.Google ScholarCross Ref
- A. W. Craig, Y. K. Loureiro, S. Wood, and J. M. Vendemia. Suspicious minds: Exploring neural processes during exposure to deceptive advertising. Journal of Marketing Research, 49(3):361--372, 2012.Google ScholarCross Ref
- X. Cui, S. Bray, and A. L. Reiss. Functional near infrared spectroscopy (nirs) signal improvement based on negative correlation between oxygenated and deoxygenated hemoglobin dynamics. Neuroimage, 49(4):3039--3046, 2010.Google ScholarCross Ref
- C. E. Curtis and M. D'Esposito. Persistent activity in the prefrontal cortex during working memory. Trends in cognitive sciences, 7(9):415--423, 2003.Google Scholar
- J. Demšar, T. Curk, A. Erjavec, Č. Gorup, T. Hočevar, M. Milutinovič, M. Možina, M. Polajnar, M. Toplak, A. Starič, et al. Orange: data mining toolbox in python. The Journal of Machine Learning Research, 14(1):2349--2353, 2013. Google ScholarDigital Library
- R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In Conference on Human Factors in Computing Systems, 2006. Google ScholarDigital Library
- A. Dimoka. What does the brain tell us about trust and distrust? evidence from a functional neuroimaging study. Mis Quarterly, pages 373--396, 2010. Google ScholarDigital Library
- S. Egelman, L. F. Cranor, and J. Hong. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Conference on Human Factors in Computing Systems, 2008. Google ScholarDigital Library
- A. Etkin, T. Egner, and R. Kalisch. Emotional processing in anterior cingulate and medial prefrontal cortex. Trends in cognitive sciences, 15(2):85--93, 2011.Google Scholar
- T. Fawcett. An introduction to roc analysis. Pattern recognition letters, 27(8):861--874, 2006. Google ScholarDigital Library
- B. Friedman, D. Hurley, D. C. Howe, E. Felten, and H. Nissenbaum. Users' conceptions of web security: A comparative study. In Extended abstracts on Human factors in computing systems, 2002. Google ScholarDigital Library
- A. Gharabaghi, M. F. Berger, M. Tatagiba, and H.-O. Karnath. The role of the right superior temporal gyrus in visual search -- insights from intraoperative electrical stimulation. Neuropsychologia, 44(12):2578--2581, 2006.Google ScholarCross Ref
- A. Golkar, T. B. Lonsdorf, A. Olsson, K. M. Lindstrom, J. Berrebi, P. Fransson, M. Schalling, M. Ingvar, and A. Öhman. Distinct contributions of the dorsolateral prefrontal and orbitofrontal cortex during emotion regulation. PLoS One, 7(11):e48107, 2012.Google ScholarCross Ref
- V. Gottemukkula and R. Derakhshani. Classification-guided feature selection for nirs-based bci. In Neural Engineering (NER), International IEEE/EMBS Conference on, 2011.Google Scholar
- J. A. Hanley and B. J. McNeil. The meaning and use of the area under a receiver operating characteristic (roc) curve. Radiology, 143(1):29--36, 1982.Google ScholarCross Ref
- L. M. Hirshfield, R. Gulotta, S. Hirshfield, S. Hincks, M. Russell, R. Ward, T. Williams, and R. Jacob. This is your brain on interfaces: enhancing usability testing with functional near-infrared spectroscopy. In Conference on Human Factors in Computing Systems, 2011. Google ScholarDigital Library
- M. Huang, H. Bridge, M. J. Kemp, and A. J. Parker. Human cortical activity evoked by the assignment of authenticity when viewing works of art. Frontiers in human neuroscience, 5, 2011.Google Scholar
- K. Izzetoglu, S. Bunce, B. Onaral, K. Pourrezaei, and B. Chance. Functional optical brain imaging using near-infrared during cognitive tasks. International Journal of human-computer interaction, 17(2):211--227, 2004.Google ScholarCross Ref
- B. King-Casas, D. Tomlin, C. Anen, C. F. Camerer, S. R. Quartz, and P. R. Montague. Getting to know you: reputation and trust in a two-person economic exchange. Science, 308(5718):78--83, 2005.Google ScholarCross Ref
- F. Krueger, K. McCabe, J. Moll, N. Kriegeskorte, R. Zahn, M. Strenziok, A. Heinecke, and J. Grafman. Neural correlates of trust. Proceedings of the National Academy of Sciences, 104(50):20084--20089, 2007.Google ScholarCross Ref
- J. León-Carrión and U. León-Domínguez. Functional near-infrared spectroscopy (fnirs): principles and neuroscientific applications. Neuroimaging methods. Rijeka, Croatia: InTech (2012): 47--74, 2012.Google Scholar
- C. L. Leveroni, M. Seidenberg, A. R. Mayer, L. A. Mead, J. R. Binder, and S. M. Rao. Neural systems underlying the recognition of familiar and newly learned faces. The Journal of Neuroscience, 20(2):878--886, 2000.Google ScholarCross Ref
- I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, and D. Song. On the feasibility of side-channel attacks with brain-computer interfaces. In USENIX Security Symposium, 2012. Google ScholarDigital Library
- K. Murphy and H. Garavan. An empirical investigation into the number of subjects required for an event-related fmri study. Neuroimage, 22(2):879--885, 2004.Google ScholarCross Ref
- A. Neupane, M. L. Rahman, N. Saxena, and L. Hirshfield. A Multimodal Neuro-Physiological Study of Phishing and Malware Warnings. In ACM Conference on Computer and Communications Security (CCS), 2015. Google ScholarDigital Library
- A. Neupane, N. Saxena, K. Kuruvilla, M. Georgescu, and R. Kana. Neural signatures of user-centered security: An fMRI study of phishing, and malware warnings. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2014.Google ScholarCross Ref
- T. A. Niendam, A. R. Laird, K. L. Ray, Y. M. Dean, D. C. Glahn, and C. S. Carter. Meta-analytic evidence for a superordinate cognitive control network subserving diverse executive functions. Cognitive, Affective, & Behavioral Neuroscience, 12(2):241--268, 2012.Google ScholarCross Ref
- T. Onitsuka, M. E. Shenton, D. F. Salisbury, C. C. Dickey, K. Kasai, S. K. Toner, M. Frumin, R. Kikinis, F. A. Jolesz, and R. W. McCarley. Middle and inferior temporal gyrus gray matter volume abnormalities in chronic schizophrenia: an mri study. American Journal of Psychiatry, 2004.Google ScholarCross Ref
- M. P. Paulus, J. S. Feinstein, D. Leland, and A. N. Simmons. Superior temporal gyrus and insula provide response and outcome-dependent information during assessment and action selection in a decision-making situation. Neuroimage, 25(2):607--615, 2005.Google ScholarCross Ref
- E. M. Peck, D. Afergan, and R. J. Jacob. Investigation of fnirs brain sensing as input to information filtering systems. In Augmented Human International Conference, 2013. Google ScholarDigital Library
- M. L. Platt and S. A. Huettel. Risky business: the neuroeconomics of decision making under uncertainty. Nature neuroscience, 11(4):398--403, 2008.Google ScholarCross Ref
- B. R. Rosen, R. L. Buckner, and A. M. Dale. Event-related functional mri: past, present, and future. Proceedings of the National Academy of Sciences, 95(3):773--780, 1998.Google ScholarCross Ref
- S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor's new security indicators. In IEEE Symposium on Security and Privacy, 2007. Google ScholarDigital Library
- A. Serwadda, V. V. Phoha, S. Poudel, L. M. Hirshfield, D. Bandara, S. E. Bratt, and M. R. Costa. fnirs: A new modality for brain activity-based biometric authentication. In Biometrics Theory, Applications and Systems (BTAS), 2015 IEEE 7th International Conference on, 2015.Google Scholar
- K. Shapiro, A. P. Hillstrom, and M. Husain. Control of visuotemporal attention by inferior parietal and superior temporal cortex. Current Biology, 12(15):1320--1325, 2002.Google ScholarCross Ref
- S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs. Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In Conference on Human Factors in Computing Systems, 2010. Google ScholarDigital Library
- S. Sheng, B. Wardman, G. Warner, L. F. Cranor, J. Hong, and C. Zhang. An empirical analysis of phishing blacklists. In Conference on Email and Anti-Spam (CEAS), 2009.Google Scholar
- J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying wolf: An empirical study of ssl warning effectiveness. In USENIX Security Symposium, 2009. Google ScholarDigital Library
- M. J. Taylor, M. Arsalidou, S. J. Bayless, D. Morris, J. W. Evans, and E. J. Barbeau. Neural correlates of personally familiar faces: parents, partner and own faces. Human brain mapping, 30(7):2008--2020, 2009.Google Scholar
- A. Vance, B. B. Anderson, C. B. Kirwan, and D. Eargle. Using measures of risk perception to predict information security behavior: Insights from electroencephalography (eeg). Journal of the Association for Information Systems, 15(10):679--722, 2014.Google ScholarCross Ref
- O. Vartanian, V. Goel, E. Lam, M. Fisher, and J. Granic. Middle temporal gyrus encodes individual differences in perceived facial attractiveness. Psychology of Aesthetics, Creativity, and the Arts, 7(1):38, 2013.Google Scholar
- A. Villringer and B. Chance. Non-invasive optical spectroscopy and imaging of human brain function. Trends in neurosciences, 20(10):435--442, 1997.Google ScholarCross Ref
- M. Watabe, H. Ban, and H. Yamamoto. Judgments about others' trustworthiness: An fmri study. Letters on Evolutionary Behavioral Science, 2(2):28--32, 2011.Google ScholarCross Ref
- M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In Conference on Human Factors in computing systems, 2006. Google ScholarDigital Library
Index Terms
- Neural Underpinnings of Website Legitimacy and Familiarity Detection: An fNIRS Study
Recommendations
Examining the Neural Correlates of Incidental Facial Emotion Encoding Within the Prefrontal Cortex Using Functional Near-Infrared Spectroscopy
Proceedings, Part I, 10th International Conference on Foundations of Augmented Cognition: Neuroergonomics and Operational Neuroscience - Volume 9743Previous neuroimaging research has implicated the prefrontal cortex PFC as a region of the brain that is vital for various aspects of emotion processing. The present study sought to examine the neural correlates of incidental facial emotion encoding, ...
Stimulus familiarity and expectation jointly modulate neural activity in the visual ventral stream
Prior knowledge about the visual world can change how a visual stimulus is processed. Two forms of prior knowledge are often distinguished: stimulus familiarity i.e., whether a stimulus has been seen before and stimulus expectation i.e., whether a ...
The neural underpinnings of event-file management: Evidence for stimulus-induced activation of and competition among stimulus-response bindings
The present fMRI study tested the assumption that a single pairing of a stimulus and a logically unrelated response is sufficient for binding the corresponding stimulus and response codes into an event representation (event file) that is automatically ...
Comments