Please use this identifier to cite or link to this item:
https://doi.org/10.21256/zhaw-26525Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Sutter, Thomas | - |
| dc.contributor.author | Bozkir, Ahmet Selman | - |
| dc.contributor.author | Gehring, Benjamin | - |
| dc.contributor.author | Berlich, Peter | - |
| dc.date.accessioned | 2023-01-05T09:12:46Z | - |
| dc.date.available | 2023-01-05T09:12:46Z | - |
| dc.date.issued | 2022-09-16 | - |
| dc.identifier.issn | 2169-3536 | de_CH |
| dc.identifier.uri | https://digitalcollection.zhaw.ch/handle/11475/26525 | - |
| dc.description.abstract | Phishing attacks are still seen as a significant threat to cyber security, and large parts of the industry rely on anti-phishing simulations to minimize the risk imposed by such attacks. This study conducted a large-scale anti-phishing training with more than 31000 participants and 144 different simulated phishing attacks to develop a data-driven model to classify how users would perceive a phishing simulation. Furthermore, we analyze the results of our large-scale anti-phishing training and give novel insights into users’ click behavior. Analyzing our anti-phishing training data, we find out that 66% of users do not fall victim to credential-based phishing attacks even after being exposed to twelve weeks of phishing simulations. To further enhance the phishing awareness-training effectiveness, we developed a novel manifold learning-powered machine learning model that can predict how many people would fall for a phishing simulation using the several structural and state-of-the-art NLP features extracted from the emails. In this way, we present a systematic approach for the training implementers to estimate the average “convincing power” of the emails prior to rolling out. Moreover, we revealed the top-most vital factors in the classification. In addition, our model presents significant benefits over traditional rule-based approaches in classifying the difficulty of phishing simulations. Our results clearly show that anti-phishing training should focus on the training of individual users rather than on large user groups. Additionally, we present a promising generic machine learning model for predicting phishing susceptibility. | de_CH |
| dc.language.iso | en | de_CH |
| dc.publisher | IEEE | de_CH |
| dc.relation.ispartof | IEEE Access | de_CH |
| dc.rights | http://creativecommons.org/licenses/by-nc-nd/4.0/ | de_CH |
| dc.subject | Machine learning | de_CH |
| dc.subject | Phishing | de_CH |
| dc.subject | Phishing awareness | de_CH |
| dc.subject | Human factor | de_CH |
| dc.subject | Predictive model | de_CH |
| dc.subject | Information security | de_CH |
| dc.subject | Human computer interaction | de_CH |
| dc.subject | Difficulty estimation | de_CH |
| dc.subject.ddc | 005: Computerprogrammierung, Programme und Daten | de_CH |
| dc.subject.ddc | 150: Psychologie | de_CH |
| dc.title | Avoiding the hook : influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception | de_CH |
| dc.type | Beitrag in wissenschaftlicher Zeitschrift | de_CH |
| dcterms.type | Text | de_CH |
| zhaw.departement | School of Engineering | de_CH |
| zhaw.organisationalunit | Institut für Informatik (InIT) | de_CH |
| dc.identifier.doi | 10.1109/ACCESS.2022.3207272 | de_CH |
| dc.identifier.doi | 10.21256/zhaw-26525 | - |
| zhaw.funding.eu | No | de_CH |
| zhaw.originated.zhaw | Yes | de_CH |
| zhaw.pages.end | 100565 | de_CH |
| zhaw.pages.start | 100540 | de_CH |
| zhaw.publication.status | publishedVersion | de_CH |
| zhaw.volume | 10 | de_CH |
| zhaw.publication.review | Peer review (Publikation) | de_CH |
| zhaw.webfeed | Information Security | de_CH |
| zhaw.funding.zhaw | OptiPhish – Effective and Measurable Phishing Awareness Training | de_CH |
| zhaw.author.additional | No | de_CH |
| zhaw.display.portrait | Yes | de_CH |
| Appears in collections: | Publikationen School of Engineering | |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| 2022_Sutter-etal_Influential-factors-of-Phishing-awareness-training.pdf | 4.28 MB | Adobe PDF |  View/Open |
Show simple item record
Sutter, T., Bozkir, A. S., Gehring, B., & Berlich, P. (2022). Avoiding the hook : influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception. IEEE Access, 10, 100540–100565. https://doi.org/10.1109/ACCESS.2022.3207272
Sutter, T. et al. (2022) ‘Avoiding the hook : influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception’, IEEE Access, 10, pp. 100540–100565. Available at: https://doi.org/10.1109/ACCESS.2022.3207272.
T. Sutter, A. S. Bozkir, B. Gehring, and P. Berlich, “Avoiding the hook : influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception,” IEEE Access, vol. 10, pp. 100540–100565, Sep. 2022, doi: 10.1109/ACCESS.2022.3207272.
SUTTER, Thomas, Ahmet Selman BOZKIR, Benjamin GEHRING und Peter BERLICH, 2022. Avoiding the hook : influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception. IEEE Access. 16 September 2022. Bd. 10, S. 100540–100565. DOI 10.1109/ACCESS.2022.3207272
Sutter, Thomas, Ahmet Selman Bozkir, Benjamin Gehring, and Peter Berlich. 2022. “Avoiding the Hook : Influential Factors of Phishing Awareness Training on Click-Rates and a Data-Driven Approach to Predict Email Difficulty Perception.” IEEE Access 10 (September): 100540–65. https://doi.org/10.1109/ACCESS.2022.3207272.
Sutter, Thomas, et al. “Avoiding the Hook : Influential Factors of Phishing Awareness Training on Click-Rates and a Data-Driven Approach to Predict Email Difficulty Perception.” IEEE Access, vol. 10, Sept. 2022, pp. 100540–65, https://doi.org/10.1109/ACCESS.2022.3207272.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.