Abstract
Abstract
This paper reports a formative evaluation of auditory representations of cyber security threat indicators and cues, referred to as sonifications, to warn users about cyber threats. Most Internet browsers provide visual cues and textual warnings to help users identify when they are at risk. Although these alarming mechanisms are very effective in informing users, there are certain situations and circumstances where these alarming techniques are unsuccessful in drawing the user’s attention: (1) security warnings and features (e.g., blocking out malicious Websites) might overwhelm a typical Internet user and thus the users may overlook or ignore visual and textual warnings and, as a result, they might be targeted, (2) these visual cues are inaccessible to certain users such as those with visual impairments. This work is motivated by our previous work of the use of sonification of security warnings to users who are visually impaired. To investigate the usefulness of sonification in general security settings, this work uses real Websites instead of simulated Web applications with sighted participants. The study targets sonification for three different types of security threats: (1) phishing, (2) malware downloading, and (3) form filling. The results show that on average 58% of the participants were able to correctly remember what the sonification conveyed. Additionally, about 73% of the participants were able to correctly identify the threat that the sonification represented while performing tasks using real Websites. Furthermore, the paper introduces “CyberWarner”, a sonification sandbox that can be installed on the Google Chrome browser to enable auditory representations of certain security threats and cues that are designed based on several URL heuristics.
Article highlights
It is feasible to develop sonified cyber security threat indicators that users intuitively understand with minimal experience and training.
Users are more cautious about malicious activities in general. However, when navigating real Websites, they are less informed. This might be due to the appearance of the navigating Websites or the overwhelming issues when performing tasks.
Participants’ qualitative responses indicate that even when they did not remember what the sonification conveyed, the sonification was able to capture the user’s attention and take safe actions in response.
Funder
National Science Foundation
Publisher
Springer Science and Business Media LLC
Subject
General Earth and Planetary Sciences,General Physics and Astronomy,General Engineering,General Environmental Science,General Materials Science,General Chemical Engineering
Reference72 articles.
1. Corporation S (2017) Internet Security Threat Report. Tech. rep. https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf
2. Corporation S (2018) Internet Security Threat Report. Tech. rep. https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf
3. Thales: Thales Data Threat Report. Tech. rep. (2018). http://go.thalesesecurity.com/rs/480-LWA-970/images/2018-Data-Threat-Report-Global-Edition-ar.pdf
4. IBM Security: IBM X-Force Threat Intelligence Index (2018). https://www.ibm.com/security/xforce
5. de Paula R, Ding X, Dourish P, Nies K, Pillet B, Redmiles D, Ren J, Rode J, Filho RS (2005) Two experiences designing for effective security. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, SOUPS ’05, pp. 25–34
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献