ADVERT: Defending against Reactive Attention Attacks

Linan Huang, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Following the definition in Sect. 1.2.3.2, phishing can be a typical class of reactive attention attacks that exploit inattention to evade detection. This chapter proposes ADVERT, a human-technical solution that generates adaptive visual aids in real-time to prevent users from inadvertence and reduce their susceptibility to phishing attacks. Based on eye-tracking data, we extract visual states and attention states as system-level sufficient statistics to characterize the user’s visual behaviors and attention status. By adopting a data-driven approach and two learning feedback of different time scales, this work lays out a theoretical foundation to analyze, evaluate, and particularly modify humans’ attention processes while they vet and recognize phishing emails. We corroborate the effectiveness, efficiency, and robustness of ADVERT through a case study based on the data set collected from human subject experiments conducted at New York University. The results show that the visual aids can statistically increase the attention level and improve the accuracy of phishing recognition from 74.6% to a minimum of 86%. The meta-adaptation can further improve the accuracy to 91.5% (resp. 93.7%) in less than 3 (resp. 50) tuning stages.

Original languageEnglish (US)
Title of host publicationSpringerBriefs in Computer Science
PublisherSpringer
Pages67-83
Number of pages17
DOIs
StatePublished - 2023

Publication series

NameSpringerBriefs in Computer Science
VolumePart F267
ISSN (Print)2191-5768
ISSN (Electronic)2191-5776

Keywords

  • Attention management
  • Bayesian optimization
  • Eye tracking
  • Phishing mitigation
  • Reactive attention vulnerability
  • Reinforcement learning

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'ADVERT: Defending against Reactive Attention Attacks'. Together they form a unique fingerprint.

Cite this