STEM educationExamining susceptibility to cyberattacks through brain activity, eye gaze
New research examines internet users’ susceptibility and ability to detect cybercriminal attacks by analyzing a user’s brain activity and eye gaze while they are performing security related tasks. “Keeping computer systems and networks secure often relies upon the decisions and actions of those using the system,” one researcher says. “Therefore, it is vital to understand users’ performance and behavior when an attack such as phishing or malware occurs. The analysis of neural activations depicts the users’ decision-making capacities, attention and comprehension of the security tasks.”
University of Alabama at Birmingham student Ajaya Neupane has been awarded a Graduate Research Fellowship in Science, Technology, Engineering and Mathematics (STEM) from the National Institute of Justice. Neupane is a doctoral student in the College of Arts and Sciences’ Department of Computer and Information Sciences.
The $50,000 fellowship will allow Neupane to continue his dissertation work, titled “A Multi-Modal Neuro-Physiological Investigation of User-Centered Security.” Under the direction of associate professor Nitesh Saxena, Neupane examines internet users’ susceptibility and ability to detect cybercriminal attacks by analyzing a user’s brain activity and eye gaze while they are performing security related tasks.
“Keeping computer systems and networks secure often relies upon the decisions and actions of those using the system,” Neupane said. “Therefore, it is vital to understand users’ performance and behavior when an attack such as phishing or malware occurs. The analysis of neural activations depicts the users’ decision-making capacities, attention and comprehension of the security tasks.”
UAB says that the continuation of the team’s work builds on two previous studies of phishing detection and malware warnings, one using functional Magnetic Resonance Imaging, or fMRI, and the other using electroencephalography, or EEG, and eye tracking. As part of the newly proposed research, the team is conducting a functional Near-Infrared Spectroscopy, or fNIRS, study focusing on differences in neural activities while users interact with real and fake artifacts, such as real and fake websites or listening to original and impersonated voices. The second phase of the study includes building an automated detection of real and fake artifacts based on potentially subconscious neural differences using machine learning techniques.
“This is groundbreaking research that introduces a new dimension in the domain of user-centered security and user experience research,” Saxena said. “This can help design effective security indicators, training kits, personalized security settings and human-machine hybrid defensive mechanisms.”
The team was honored in 2014 with a Distinguished Paper Award at Network and Distributed Systems Security Symposium for their fMRI study of phishing and malware warnings.
The NIJ GRF-STEM program awards up to $1 million in fellowships annually. The program is open to students enrolled in the full-time doctoral programs in STEM-related fields, including such disciplines as anthropology, biology, chemistry, cognitive science, geoscience, geographical information systems, information sciences, materials science, mathematical sciences, pathology, physics and engineering. The NIJ’s mission is to improve knowledge and understanding of crime and justice issues through science.
