Sign In

Communications of the ACM

ACM Careers

Research Examines Susceptibility to Cyberattacks Through Brain Activity, Eye Gaze

cyber gaze

University of Alabama at Birmingham student Ajaya Neupane has been awarded the highly competitive Graduate Research Fellowship in Science, Technology, Engineering, and Mathematics from the National Institute of Justice. Neupane is a doctoral student in the College of Arts and Sciences' Department of Computer and Information Sciences.

The $50,000 fellowship will allow Neupane to continue his dissertation work, titled "A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings." Under the direction of associate professor Nitesh Saxena, Neupane examines Internet users' susceptibility and ability to detect cybercriminal attacks by analyzing a user's brain activity and eye gaze while they are performing security related tasks.

"Keeping computer systems and networks secure often relies upon the decisions and actions of those using the system," Neupane says. "Therefore, it is vital to understand users' performance and behavior when an attack such as phishing or malware occurs. The analysis of neural activations depicts the users' decision-making capacities, attention, and comprehension of the security tasks."

The continuation of the team's work builds on two previous studies of phishing detection and malware warnings, one using functional Magnetic Resonance Imaging, or fMRI, and the other using electroencephalography (EEG) and eye tracking. As part of the newly proposed research, the team is conducting a functional Near-Infrared Spectroscopy (fNIRS) study focusing on differences in neural activities while users interact with real and fake artifacts, such as real and fake websites or listening to original and impersonated voices. The second phase of the study includes building an automated detection of real and fake artifacts based on potentially subconscious neural differences using machine learning techniques.

"This is groundbreaking research that introduces a new dimension in the domain of user-centered security and user experience research," Saxena says. "This can help design effective security indicators, training kits, personalized security settings, and human-machine hybrid defensive mechanisms."

The team was honored in 2014 with a Distinguished Paper Award at Network and Distributed Systems Security Symposium for their fMRI study of phishing and malware warnings.

The NIJ GRF-STEM program awards up to $1 million in fellowships annually. The program is open to students enrolled in the full-time doctoral programs in STEM-related fields.


No entries found