Vincent Drury (IT-Security Research Group, RWTH Aachen University), Rene Roepke (Learning Technologies Research Group, RWTH Aachen University), Ulrik Schroeder (Learning Technologies Research Group, RWTH Aachen University), Ulrike Meyer (IT-Security Research Group, RWTH Aachen University)

Anti-phishing learning games are a promising approach to educate the general population about phishing, as they offer a scalable, motivational, and engaging environment for active learning. Existing games have been criticized for their limited game mechanics, which mostly require binary decisions to advance in the games, and for failing to consider the users’ familiarity with online services presented in the game. In this paper, we present the evaluation of two novel game prototypes that incorporate more complex game mechanics. The first game requires the classification of URLs into several different categories, thus giving additional insights into the player’s decision, while the second game addresses a different cognitive process by requiring the creation of new URLs. We compare the games with each other and with a baseline game which uses binary decisions similar to existing games. A user study with 133 participants shows, that while all three games lead to performance increases, none of the proposed game mechanics offer significant improvements over the baseline. However, we show that the analysis of the new games offers valuable insights into the players’ behavior and problems while playing the games, in particular with regards to different categories of phishing URLs. Furthermore, the user study shows that the participants were significantly better in classifying URLs of services they know than those they do not know. These results indicate, that the distinction between known and unknown services in phishing tests is important to gain a better understanding of the test results, and should be considered when designing and reproducing studies.

View More Papers

Interpretable Federated Transformer Log Learning for Cloud Threat Forensics

Gonzalo De La Torre Parra (University of the Incarnate Word, TX, USA), Luis Selvera (Secure AI and Autonomy Lab, The University of Texas at San Antonio, TX, USA), Joseph Khoury (The Cyber Center For Security and Analytics, University of Texas at San Antonio, TX, USA), Hector Irizarry (Raytheon, USA), Elias Bou-Harb (The Cyber Center For…

Read More

Too Afraid to Drive: Systematic Discovery of Semantic DoS...

Ziwen Wan (University of California, Irvine), Junjie Shen (University of California, Irvine), Jalen Chuang (University of California, Irvine), Xin Xia (The University of California, Los Angeles), Joshua Garcia (University of California, Irvine), Jiaqi Ma (The University of California, Los Angeles), Qi Alfred Chen (University of California, Irvine)

Read More

COOPER: Testing the Binding Code of Scripting Languages with...

Peng Xu (TCA/SKLCS, Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences), Yanhao Wang (QI-ANXIN Technology Research Institute), Hong Hu (Pennsylvania State University), Purui Su (TCA/SKLCS, Institute of Software, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences)

Read More