Abstract

Accidentally clicking on a link is a type of human error known as a slip in which a user unintentionally performs an unintended task. The risk magnitude is the probability of occurrences of such error with a possible substantial effect to which even experienced individuals are susceptible. Phishing attacks take advantage of slip-based human error by attacking psychological aspects of the users that lead to unintentionally clicking on phishing links. Such actions may lead to installing tracking software, downloading malware or viruses, or stealing private, sensitive information, to list a few. Therefore, a system is needed that detects whether a click on a link is intentional or unintentional and, if unintentional, can then prevent it. This paper proposes a micro-behavioral accidental click detection system (ACDS) to prevent slip-based human error. A within-subject-based experiment was conducted with 20 participants to test the potential of the proposed system. The results reveal the statistical significance between the two cases of intentional vs. unintentional clicks using a smartphone. Random tree, random forest, and support vector machine classifiers were used, exhibiting 82.6%, 87.2%, and 91.6% accuracy in detecting unintentional clicks, respectively.

Highlights

  • Over 95% of successful cyberattacks are the result of the weakest security chain link, human error, according to Cybint [1] and the IBM Cyber Security Intelligence IndexReport [2]

  • This paper proposes an accidental click detection system (ACDS), a micro-behavioral based ACDS, in which the system collects information from sensors presented on a smartphone before, during, and after a click to determine whether the click is unintentional or intentional and proceed with or revert the action

  • Human error has been studied for many decades in various fields, including psychology [3,11] and information security [12,13,14], and researchers continue to discover new aspects related to errors and suggest new solutions as technology advances

Read more

Summary

Introduction

Over 95% of successful cyberattacks are the result of the weakest security chain link, human error, according to Cybint [1] and the IBM Cyber Security Intelligence IndexReport [2]. The model states that errors can be either unintentional or intentional, where unintentional human error can be a result of lapses of memory, related to forgetting to do something or how to do it (e.g., forgetting to close a port on the firewall) or slips of action related to not performing an intended action (e.g., unintentionally clicking on a phishing link). Most research work has targeted intentional or unintentional human error to prevent it

Objectives
Discussion
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.