Automatically Measuring Phishing Victim Susceptibility from Publicly Available Information

Abstract

Research problem: We will develop a system that measures users phishing susceptibility from publicly available information about those users (e.g., the organizations Web site, individuals social media, etc.). To do so, we will accomplish four research objectives: Objective 1): Develop a large phishing susceptibility data set, Objective 2): Determine the best set of phishing susceptibility predictors, Objective 3): Identify and evaluate publicly available data about model factors, and Objective 4): Develop a prototype and test its effectiveness against truth data.Proposed methods: Objective 1): we will conduct a large-scale human-subjects experiment, which will provide data that will be used to determine the best phishing susceptibility predictors. Objective 2): we will use regression-based statistical analyses and machine learning approaches to identify the set of variables that best predicts phishing susceptibility. Objective 3): we will develop a comprehensive list of publicly available data sources for each of the phishing susceptibility models predictors, and empirically evaluate their availability and quality. Objective 4): we will develop a prototype, use that prototype to measure participants phishing susceptibility, and compare those measurements to those participants empirically determined phishing susceptibility scores.Basic research contributions: The proposed research will make several important contributions to basic research. Specifically, we will create a large phishing susceptibility data set, which will support the proposed research and can be used to investigate other phishing susceptibility research questions. In addition, we will identify the set of variables that best predicts an individuals phishing susceptibility. The literature provides next to no information about how variables collectively predict phishing susceptibility. Our research will be the first to answer those questions. Finally, we will identify and evaluate publicly available sources of data about phishing susceptibility predictors. The literature provides no information about the availability and quality of publicly available sources of information about phishing susceptibility predictors. Our research will be the first to systematically address this issue.Anticipated outcomes: The proposed research will result in 1) a large and first of its kind data set, which will contain data regarding a comprehensive set of phishing susceptibility predictor variables and actual phishing susceptibility, 2) identify the set of variables that best predict phishing susceptibility, 3) identify a set of known sources of publicly available data about model factors including their relative availability and quality, and 4) a working prototype, which will crawl relevant Web sites, extract information related to the phishing susceptibility predictors from those Web sites, and calculate a phishing susceptibility score for individuals.Impact on DoD capabilities: The proposed research will address many of the National Defense Strategys general objectives, including defending the homeland from attack, deterring adversaries from aggression against our vital interests, and preventing terrorists from directing or supporting external operations against the United States homeland and our citizens, allies, and partners overseas. Specifically, the proposed research will contribute to the National Defense Strategys Build a More Lethal Force line of effort by contributing to efforts to bolster Space and cyberspace as warfighting domains and Command, control, communications, computers and intelligence, surveillance, and reconnaissance.

Document Details

Document Type

DoD Grant Award

Publication Date

Dec 04, 2020

Source ID

N000142112007

Entities

Tags