Paper Info
Title
Targeted risk communication for computer security
Abstract
Attacks on computer systems are rapidly becoming more numerous and more sophisticated, and current preventive techniques do not seem able to keep pace. Many successful attacks can be attributed to user errors: for example, while focused on other tasks, users may succumb to 'social engineering' attacks such as phishing or trojan horses. Warnings about the danger of these attacks are often vaguely worded and given long before the dangers are realized, and are therefore too easy to ignore. However, we hypothesize that users are more likely to be persuaded by messages that (1) leverage mental models to describe the dangers, (2) describe particular vulnerabilities that the user may be exposed to and (3) are delivered close in time before the danger may actually be realized. We discuss the design and initial implementation of a system to achieve this. It first shows a video about a potential danger, then creates warnings tailored to the user's environment and given at the time they may be most useful, displaying a still frame or snippet from the video to remind the user of the potential danger. The system uses templates of user activities as input to a markov logic network to recognize potentially risky behaviors. This approach can identify likely next steps that can be used to predict immediate danger and customize warnings.
Year
DOI
Venue
2011
10.1145/1943403.1943449
IUI
Keywords
Field
DocType
immediate danger,computer system,customize warning,likely next step,computer security,user activity,current preventive technique,potential danger,leverage mental model,user error,targeted risk communication,initial implementation
Still frame,Pace,Markov logic network,Phishing,Computer science,Computer security,Social engineering (security),Human–computer interaction,Snippet,Trojan,Vulnerability
Conference
Citations 
PageRank 
References 
7
0.55
9
Authors
3
Name
Order
Citations
PageRank
Jim Blythe170773.61
L. Jean Camp252167.06
Vaibhav Garg3969.58