UC Riverside

Human behaviors can weaken the security of cyber-physical systems. However, conventional security research focuses more on hardware and software security than analyzing and improving human behaviors to provide better protection for digital systems. In this regard, we study the neural insights of computer systems users to identify cyber-attacks, such as phishing, and improve cybersecurity. First, we analyze neural activities to detect phishing attacks. We demonstrate that the variations in neural activity levels can be utilized to identify phishing websites with improved data preprocessing and feature extraction methods. Second, we study users' neural activities to learn their high-level intents when they use applications. The inferred intents are then used to ensure the security and privacy of sensitive resources, such as cameras and multi-media files. Finally, we design an adaptive training model that enables users to differentiate between benign and malicious scenarios. We consider both behavior and neural metrics to develop adaptive logic. Our experimental results show that participants trained with our approach outperform in the transfer task than those trained with non-adaptive and behaviorally adaptive designs.