Study suggests users pay more attention to Internet safety than previously assumed

Feb 28, 2014 by Katherine Shonesy

Internet users face a barrage of information with each click, some of it designed to compromise security and privacy. Spammers hope, and security researchers have warned, that users cannot distinguish legitimate websites from dangerous ones and do not heed browser safety warnings.

However, new research from University of Alabama at Birmingham suggests that users pay more attention to Internet safety than previously assumed. In a paper that won the "Distinguished Paper Award" at the 2014 Network and Distributed Systems Security Symposium, researchers used a novel methodology to gain new neurological insights into how users face questions and how their personalities might affect their performance.

Nitesh Saxena, Ph.D., associate professor in the Department of Computer and Information Sciences and a core member of the Center for Information Assurance and Joint Forensics Research, wondered what was happening in Internet users' brains when they encountered malware warnings or malicious websites.

"Many computer-based lab studies on user-centered security have concluded that users do not pay attention to these tasks and are ill-equipped to pay attention to security warnings," Saxena said. "I had been taught for years that users are careless when it comes to security endeavors."

However, security studies in lab settings show different results than a recent study based on real-world user data, he says.

He teamed up with Rajesh Kana, Ph.D., associate professor of psychology, and UAB graduate research assistants Ajaya Neupane (lead student author) and Michael Georgescu, as well as Keya Kuruvilla, a Department of Psychology student, to use brain imaging to discover what is really happening in users' brains as they encounter security questions.

Users were given two tasks. First, they were shown intermingled examples of popular websites' real login pages and fraudulent replications of those pages and were asked to determine which were real and which were fake - phishing - sites. Users were then asked to read several sample news articles and were interrupted by pop-ups that contained either benign information or warnings about malware, software created to obtain unauthorized access to a computer's resources and collect information.

Using a functional magnetic resonance imaging, or fMRI, machine, researchers measured users' accuracy while tracking their brain activity. Results showed activation in areas of the brain associated with attention, decision-making and problem-solving. Activity in the brain's decision-making regions carried across both tasks, suggesting that accuracy at one task could predict accuracy at the other.

"For both tasks we found brain activity, so people are not careless," Saxena said. "But whether or not their decisions are valid is a different situation."

Accuracy in the malware warning task was about 89 percent, and the fMRI scans showed high brain activity in regions associated with problem-solving and decision-making.

"In the warning task, people seem to make extra effort to make decisions," Saxena said. "When they were subject to warnings, there was also activity in language comprehension areas. Warnings trigger some sort of thought process in people's brains that there is something unusual going on."

Accuracy in identifying real versus fake websites was low at only about 60 percent - only 10 percent better than a random guess, though participants showed activation in brain regions associated with decision-making.

"In the phishing task, users didn't do very well," Saxena said. "That may be because they don't know what to look for. When they look at a website, they might be paying attention only to the look and feel of the website instead of the URL, which is often a real indicator."

Researchers also had users complete a personality assessment to measure their impulsiveness, and the fMRI results showed differences in how highly impulsive users behaved.

"Not all individuals are alike," Saxena said. "We found a negative correlation of impulsivity and brain activity. Highly impulsive people probably just hit 'yes' when they are stopped by a malware warning asking if they want to proceed. This is interesting because it offers a way to predict how people may perform in security tasks based on impulsivity scores."

The relationship between personality traits like impulsivity and brain responses was especially interesting, Kana says.

"Participants with greater impulsive traits showed less in key decision-making areas of the brain during security decisions," Kana said.

The study could help security programmers focus their attention on designing better warning systems, and network managers target their security training at users who tend to be impulsive, Neupane says.

Explore further: Security firms warn of increase in mobile malware and its increasingly regional nature

add to favorites email to friend print save as pdf

Related Stories

First clinical study of computer security

Dec 16, 2013

Installing computer security software, updating applications regularly and making sure not to open emails from unknown senders are just a few examples of ways to reduce the risk of infection by malicious ...

QR codes pose internet security risk

Feb 19, 2014

Internet security experts from Murdoch University have raised concerns about the growing use of Quick Response codes, also known as QR codes.

Hackers aim ruse at Apple computer users

May 26, 2011

Hackers are out to trick Apple computer users into infecting Macintosh machines with malicious code pretending to be legitimate security software.

'Phishing' scams explode worldwide, researchers shows

Jun 21, 2013

Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.

Recommended for you

Britain's UKIP issues online rules after gaffes

23 hours ago

UK Independence Party (UKIP), the British anti-European Union party, has ordered a crackdown on the use of social media by supporters and members following a series of controversies.

Sony saga blends foreign intrigue, star wattage

23 hours ago

The hackers who hit Sony Pictures Entertainment days before Thanksgiving crippled the network, stole gigabytes of data and spilled into public view unreleased films and reams of private and sometimes embarrassing ...

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Andrew_James
not rated yet Mar 02, 2014

For online based problems please contact this email
---> ihacc4u(at)yahoo(dot)com(dot)au we are a HACK
group out here 2 help you solve problems for you.we hack social networking
accounts like FACEBOOK,TWITTER,SKYPE,INSTAGRAM ,MYSPACE,GOOGLE+.hack various
emails (yahoo ,gmail ,aol,msn) ,we also hack websites and remove links,hack
phones (whatsapp,textmessages,call logs) we also perform result upgrades,sell
and deploy keylogger,contact us today we are ready to work for the public now , VISIT OUR WEBSITE === WWW(dot)ihacc4u(dot)COM FOR MORE DETAILS
Andrew_James
not rated yet Mar 02, 2014

For online based problems please contact this email
---> ihacc4u@yahoo.com.au we are a HACK
group out here 2 help you solve problems for you.we hack social networking
accounts like FACEBOOK,TWITTER,SKYPE,INSTAGRAM ,MYSPACE,GOOGLE+.hack various
emails (yahoo ,gmail ,aol,msn) ,we also hack websites and remove links,hack
phones (whatsapp,textmessages,call logs) we also perform result upgrades,sell
and deploy keylogger,contact us today we are ready to work for the public now , VISIT OUR WEBSITE === WWW. ihacc4u.COM FOR MORE DETAILS

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.