Phishing

Physical risks are inherently defined by the physical environment. Cyber security risks are similarly defined by the combined physical and electronic environment. However, unlike the increased risk from speed in the rain on the highway at night, the dimensions of both the combined environment and the nature of the underlying risks are not so obvious. Physical risks are often transparent, and inherently aligned with human information processing capacity: contextual, often visual, and at a pace that fits well within a human narrative. In contrast, cyber risks are ill-suited for human risk perception: either they are literally invisible or identified in a decontextualized manner. There is a critical need in computer security to communicate risks and thereby enable informed decisions by average, non-expert computer users.

Thus the design of the current research prototype includes four lines of development:

Risk Context Analysis- Creating the ability to identify a user risk context from intrinsic (user activity, history, and known network entities) and extrinsic (system configuration, location, network details) factors.

Automatic Context Response- Automatically adapt system actions and configuration to the changing context, to reduce cognitive overload on the user by taking non-controversial actions without involving the human.

Metaphorical Risk Communication- Ability to convey risk factors of a particular context to the user in narrative form consistent with the users' mental model that will be quickly and effectively understood.

Intelligent Communication- Engaging the user effectively and infrequently, appropriately, and only for the time necessary to communicate.


Publications
Articles in journals or book chapters (2)
  1. Zheng Dong, Apu Kapadia, and L. Jean Camp. Pinning & binning: Real time classification of certificates. December 2013.
    Keywords: Phishing, Network Engineering. [bibtex-entry]

  2. Alla Genkina and L. Jean Camp. Social networks. Phishing and countermeasures: Understanding the increasing problem of electronic identity theft, M. Jakobsson and S. Myers, Eds. Hoboken: John Wiley & Sons, pp 523--550, 2007.
    Note: Wiley Online Library.
    Keywords: Phishing. [bibtex-entry]

Conference publications (3)
  1. Sanchari Das, Jacob Abbott, Shakthidhar Gopavaram, Jim Blythe, and L Jean Camp. User-Centered Risk Communication for Safer Browsing. In Proceedings of the First Asia USEC-Workshop on Usable Security, In Conjunction with the Twenty-Fourth International Conference International Conference on Financial Cryptography and Data Security, 2020.
    Keywords: Phishing, Risk Communication, Privacy, Security. [bibtex-entry]

  2. Zheng Dong, Apu Kapadia, Jim Blythe, and L. Jean Camp. Beyond the lock icon: real-time detection of phishing websites using public key certificates. In Electronic Crime Research (eCrime), 2015 APWG Symposium on, pages 1--12, May 2015. IEEE.
    Keywords: Phishing, E-Crime. [bibtex-entry]

  3. Zheng Dong, Kevin Kane, and L. Jean Camp. Phishing in Smooth Waters: The State of Banking Certificates in the US. In 2014 TPRC Conference Paper, 2014.
    Keywords: Phishing, E-Crime. [bibtex-entry]

Posters and Presentations (3)
  1. DongInn Kim and L Jean Camp. Block-Pi: Defending against Man In The Middle (MITM) Attacks at the Edge. Society for Risk Analysis, SRA 2019, Buffalo NY, June 2019.
    Keywords: Phishing. [bibtex-entry]

  2. Sanchari Das, DongInn Kim, Timothy Kelley, and L Jean Camp. Grifting in the Digital Age, Analyzing Risk Communication Tools. eCrime APWG 2018, Sandiego CA, May 2018.
    Keywords: Phishing. [bibtex-entry]

  3. Sanchari Das, DongInn Kim, Timothy Kelley, and L Jean Camp. Grifting in the Digital Age, Analyzing Risk Communication Tools. Midwest Security Workshop 2018, Washington DC, April 2018.
    Keywords: Phishing. [bibtex-entry]