• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Research Projects
  • Publications
  • People
  • Teaching
  • Media Outreach
  • News Archive

SPIES Lab, Computer Science and Engineering

Texas A&M University College of Engineering

EEG + Eye Tracking Study

The Bimodal Study of Phishing Detection, and Malware Warnings

Detecting phishing attacks (identifying fake vs. real websites) and heeding security warnings represent classical user-centered security tasks subjected to a series of prior investigations. However, our understanding of user behavior underlying these tasks is still not fully mature, motivating further work concentrating at the neuro-physiological level governing the human processing of such tasks.
We pursue a comprehensive three-dimensional study of phishing detection and malware warnings, focusing not only on what users’ task performance is but also on how users process these tasks based on: (1) neural activity captured using Electroencephalogram (EEG) cognitive metrics, and (2) eye gaze patterns captured using an eye-tracker. Our primary novelty lies in employing multi-modal neuro-physiological measures in a single study and providing a near realistic set-up (in contrast to a recent neuro-study conducted inside an fMRI scanner). Our work serves to advance, extend and sup-port prior knowledge in several significant ways. Specifically, in the context of phishing detection, we show that users do not spend enough time analyzing key phishing indicators and often fail at detecting these attacks, although they may be mentally engaged in the task and subconsciously processing real sites differently from fake sites. In the malware warning tasks, in contrast, we show that users are frequently reading, possibly comprehending, and eventually heeding the message embedded in the warning.
Our study provides an initial foundation for building future mechanisms based on the studied real-time neural and eye gaze features, that can automatically infer a user’s “alertness” state, and determine whether or not the user’s response should be relied upon.

Experimental Setting

Experimental Setting

People

Faculty

  • Nitesh Saxena

Student

  • Ajaya Neupane (@UAB; PhD 2017)
  • Md. Lutfor Rahman (MS student; currently doing PhD at UCR)

External Collaborators:

  • Leanne Hirshfield (Syracuse University)

Publication

  • A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings
    Ajaya Neupane, Md. Lutfor Rahman, Nitesh Saxena, and Leanne Hirshfield
    In ACM Conference on Computer and Communications Security (CCS), October 2015
    [pdf]

Media Coverage

  • UAB research studies cyberattacks through the lens of EEG and eye tracking, UAB News, Oct 22, 2015
  • Research studies cyberattacks through the lens of EEG and eye tracking, Phys.org, Oct 23, 2015
  • Cyberattacks studied through the lens of EEG and eye tracking, Science News, Oct 23, 2015
  • UAB Research Studies Cyberattacks Through the Lens of EEG and Eye Tracking, Newswise, Oct 23, 2015
  • Research Studies Cyberattacks Through The Lens Of EEG And Eye Tracking, ECN, Oct 23, 2015
  • Research studies cyberattacks through the lens of EEG and eye tracking, Geek Journal, Oct 23, 2015
  • Research studies cyberattacks through the lens of EEG and eye tracking, Follow News Oct 23, 2015
  • Cyberattacks studied through the lens of EEG and eye tracking, My Clever Mind Oct 23, 2015
  • UAB research studies cyberattacks through the lens of EEG and eye tracking, Wn.com Oct 23, 2015
  • Research studies cyberattacks through the lens of EEG and eye tracking, Three Novices Oct 23, 2015
  • Research Studies Cyberattacks Through the Lens of EEG and Eye Tracking, Make Me Feed, Oct 23, 2015
  • Cyber Attacks Studied Through Lens of EEG and Eye Tracking, News United, Oct 24, 2015
  • Cyberattacks studied through the lens of EEG and eye tracking, IT Security News Oct 24, 2015
  • Better understanding of how computer users detect malware and phishing attacks, Homeland Security News Wire, Oct 27, 2015
  • Studying Cyberattacks through Lens of EEG and Eye Tracking, Scientific Computing, Oct 27, 2015
  • Users fail to identify phishing attacks, study says, Network World, Oct 29, 2015
  • UAB Research Studies Cyberattacks Through the Lens of EEG and Eye Tracking, Communications of the ACM, Oct 26, 2015
  • Detection of cyber attacks through the lens EEG and eye tracking, Mirin, Nov 2, 2015
  • Cyberattacks studied through the lens of EEG and eye tracking, USN World Nov 3, 2015

Recent News

  • “Neuro Security” work got a MURI award from AFOSR March 22, 2023
  • Paper accepted to Oakland 2023 March 14, 2023
  • Paper (conditionally) accepted to MobiSys 2023 February 27, 2023
  • Paper accepted to USENIX Security 2023 February 21, 2023
  • 2 full papers accepted to WiSec 2023 January 30, 2023
  • Cybersecurity Program Led By Dr. Saxena Ranks Best! January 26, 2023
  • EarSpy in Media January 26, 2023
  • Dr. Saxena is a Co-PI on Thematic AI Lab November 28, 2022
  • Paper accepted to PMC 2022 November 28, 2022
  • Paper accepted to ICISC 2022 November 28, 2022
  • A New Grant from NSA October 17, 2022
  • Dr. Saxena appointed as a Dean’s Research Fellow October 17, 2022
  • Dr. Saxena to lead a new SaTC Medium project on Election Security July 16, 2022
  • SPIES Lab’s 12th PhD Graduate — Anuradha Mandal July 16, 2022
  • SPIES Lab’s 11th PhD Graduate – Payton Walker July 6, 2022
  • Two papers accepted to PST 2022 June 9, 2022
  • Paper accepted to ICDCS 2022 April 4, 2022
  • Paper accepted CHIL 2022 March 19, 2022
  • 2 papers accepted to WiSec 2022 March 19, 2022
  • Paper accepted to EuroS&P 2022 February 12, 2022

© 2016–2023 SPIES Lab, Computer Science and Engineering Log in

Texas A&M Engineering Experiment Station Logo
  • College of Engineering
  • Facebook
  • Twitter
  • State of Texas
  • Open Records
  • Risk, Fraud & Misconduct Hotline
  • Statewide Search
  • Site Links & Policies
  • Accommodations
  • Environmental Health, Safety & Security
  • Employment