PhishGuru: A System for Educating Users about Semantic Attacks

Abstract

The goal of this thesis is to show that computer users trained with an embedded training system - one grounded in the principles of learning science - are able to make more accurate online trust decisions than users who read traditional security training materials, which are distributed via email or posted online. To achieve this goal, we focus on "phishing," a type of semantic attack. We have developed a system called "PhishGuru" based on embedded training methodology and learning science principles. Embedded training is a methodology in which training materials are integrated into the primary tasks users perform in their day-to-day lives. In contrast to existing training methodologies, the PhishGuru shows training materials to users through emails at the moment ("teachable moment") users actually fall for phishing attacks.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 14, 2009
Accession Number
ADA501765

Entities

People

  • Ponnurangam Kumaraguru

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I
  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Cognition
  • Commerce
  • Computer Programming
  • Computers
  • Electronic Mail
  • Human Behavior
  • Information Processing
  • Information Science
  • Internet
  • Network Protocols
  • Network Science
  • Operating Systems
  • Psychology
  • Regression Analysis
  • Students
  • Surveys
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Science.
  • Distributed Systems and Data Platform Development
  • STEM Education