|Alternative Title||The influence of individual characteristics on the phishing risk——the role of situational factors and system characteristics|
|Place of Conferral||中国科学院心理研究所|
|Keyword||网络钓鱼 个体特征 情境因素 系统特征|
随着互联网经济的发展，网络钓鱼(Phishing)攻击风险日益突出。作为新型 安全领域入侵手段，网络钓鱼对网络安全和个人隐私造成了巨大的威胁，如何提升网络安全水平，防范网络钓鱼是国家和研究者非常关注的问题。以往研究大多关注技术因素，忽略了信息安全中处于核心地位的人的心理因素。因此，本论文从心理学视角出发，通过4 个研究系统探索了人在面临邮件钓鱼时，个体特征、情境因素和系统特征如何对网络钓鱼风险产生影响。
研究二采用被试内设计探索时间紧迫性、收件人信息对网络钓鱼风险的影响。 实验结果显示，添加时间紧迫性后被试网络钓鱼风险提高，体现为更多地回复钓 鱼邮件并且查询相关信息的可能降低。添加收件人信息后被试更少地回复钓鱼邮件并且更多地删除钓鱼邮件。两个自变量之间存在显著的交互作用，具体表现为既有时间紧迫性又有收件人信息的邮件更有可能被回复。考虑人格特征时，冲动 性会影响邮件特征与网络钓鱼风险的关系。有收件人信息时冲动倾向高的被试更容易回复钓鱼邮件。
As individuals and organizations are continuing to increase their reliance on networks, the risk of phishing attacks is increasingly severe. Phishing causes significant damage to network security and personal privacy as a new intrusion type in the security field. How to improve the level of network security to prevent phishing is an urgent problem of great concern to the researchers and country. Most previous studies have focused on technical factors and ignored the psychological factors which is the core of information security. From the perspective of psychology, this article focuses on how individual characteristics, email characteristics and system characteristics affect phishing risk when people face the phishing. It explores on this issue through four studies.
Study 1 focuses on the impact of individual characteristics on phishing risk. In the form of scenario, subjects were asked to complete an email task under role-playing to explore the relationship between Big Five personality, knowledge and experience, cognitive processing and phishing risk. The results showed that subjects who with higher openness, the more knowledge and accumulated experience and higher level of elaboration could better identify phishing emails; the impact of computer knowledge on the overall accuracy was incompletely mediated by the level of elaboration, subjects with more computer knowledge would took higher level of elaboration to emails to reduce the risk of getting phished.
Study 2 explored the impact of time urgency and recipient information on phishing risk by adopting an within-subjects design. The results showed that the likelihood of replying to the phishing emails increased and the likelihood of searching for the relevant information decreased under the condition of time constraints; When recipient information was added to the phishing emails, the likelihood of replying to the phishing emails decreased and the likelihood of deleting the phishing emails increased; the interaction effect of recipient information and time pressure was also significant. The phishing email that have time pressure and recipient information were more likely to be answered. When considering personality characteristics, impulsive affected the relationship between email characteristics and phishing risk. When recipient information was added, subjects who with higher impulse score had higher likelihood of replying to the phishing emails.
Study 3 focuses on the impact of individual characteristics and system characteristics on phishing risk. The independent variables were reliability, feedback, description, trust and impulsive. The results showed that with the improvement of reliability or feedback added, the subjects' performance became better; subjects who with higher impulse score and trust score would have higher phishing risk; personality affected the relationship between system characteristics and email task performance. Subjects with higher trust score had a higher hit rate after adding feedback. Under the high level of reliability, the false alarm rate of subjects with lower non-planning
impulse score was lower.
Study 4 explored the influence of individual characteristics on phishing email identification. The results showed that subjects who were younger, with higher impulse score and higher level of elaboration would more likely to reading phishing email. Subjects who were younger, with higher openness, higher impulse score and better email-task performance would more likely to clicking phishing link.
In summary, this study systematically explores the influencing factors of phishing risk by combining three levels: the individual level, the email level and the system level. Email characteristics and system characteristics will affect phishing risk, furthermore, the whole process was affected by individual characteristics. On the one hand, related research results can promote understanding of phishing prevention mechanisms, on the other hand, they can provide recommendations for the selection and training of personnel in important positions such as data security, and can provide data support for the design of personalized email system protection.
|崔馨月. 个体特征对于网络钓鱼风险的影响—情境因素和系统特征的作用[D]. 中国科学院心理研究所. 中国科学院心理研究所,2020.|
|Files in This Item:|
|崔馨月-硕士学位论文.pdf（2503KB）||学位论文||限制开放||CC BY-NC-SA||Application Full Text|
|Recommend this item|
|Export to Endnote|
|Similar articles in Google Scholar|
|Similar articles in Baidu academic|
|Similar articles in Bing Scholar|
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.