Behind HumanBoost: Analysis of Users’ Trust Decision Patterns for Identifying Fraudulent Websites

Daisuke Miyamoto; Hiroaki Hazeyama; Youki Kadobayashi; Takeshi Takahashi

doi:10.4236/jilsa.2012.44033

Journal of Intelligent Learning Systems and Applications > Vol.4 No.4, November 2012

Behind HumanBoost: Analysis of Users’ Trust Decision Patterns for Identifying Fraudulent Websites

Daisuke Miyamoto, Hiroaki Hazeyama, Youki Kadobayashi, Takeshi Takahashi
Information Technology Center, The University of Tokyo, Tokyo, Japan.
Internet Engineering Laboratory, Graduate School of Information Science, Nara Advanced Institute of Science and Technology, Nara, Japan.
Security Architecture Laboratory, National Institute of Information and Communications Technology, Tokyo, Japan..
DOI: 10.4236/jilsa.2012.44033 PDF HTML 3,969 Downloads 6,593 Views Citations

Abstract

This paper analyzes users’ trust decision patterns for detecting phishing sites. Our previous work proposed HumanBoost [1] which improves the accuracy of detecting phishing sites by using users’ Past Trust Decisions (PTDs). Web users are generally required to make trust decisions whenever their personal information is requested by a website. Human-Boostassumed that a database of Web user’s PTD would be transformed into a binary vector, representing phishing or not-phishing, and the binary vector can be used for detecting phishing sites, similar to the existing heuristics. Here, this paper explores the types of the users whose PTDs are useful by running a subject experiment, where 309 participants- browsed 40 websites, judged whether the site appeared to be a phishing site, and described the criterion while assessing the credibility of the site. Based on the result of the experiment, this paper classifies the participants into eight groups by clustering approach and evaluates the detection accuracy for each group. It then clarifies the types of the users who can make suitable trust decisions for HumanBoost.

Keywords

Detection of Phishing Sites; Trust Decision; Credibility of Websites; Machine Learning; Cluster Analysis

Share and Cite:

D. Miyamoto, H. Hazeyama, Y. Kadobayashi and T. Takahashi, "Behind HumanBoost: Analysis of Users’ Trust Decision Patterns for Identifying Fraudulent Websites," Journal of Intelligent Learning Systems and Applications, Vol. 4 No. 4, 2012, pp. 319-329. doi: 10.4236/jilsa.2012.44033.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	D. Miyamoto, H. Hazeyama and Y. Kadobayashi, “HumanBoost: Utilization of Users’ Past Trust Decision for Identifying Fraudulent Websites,” Journal of Intelligent Learning Systems and Applications, Vol. 2, No. 4, 2010, pp.190-199. doi:10.4236/jilsa.2010.24022
[2]	Y. Freund and R. E. Schapire, “A Decision-Theoretic Generalization of On-Line Learning and an Application to Boosting,” Journal of Computer and System Science, Vol. 55, No. 1, 1997, pp. 119-139.
[3]	S. Sheng, B. Wardman, G. Warner, L. F. Cranor, J. Hong and C. Zhang, “An Empirical Analysis of Phishing Blacklists,” 2009. http://ceas.cc/2009/main.shtml
[4]	Y. Zhang, J. Hong and L. Cranor, “CANTINA: A Content-Based Approach to Detect Phishing Web Sites,” Proceedings of the 16th World Wide Web Conference, Banff, 8-12 May 2007, pp. 649-656. doi:10.1145/1242572.1242659
[5]	D. Miyamoto, H. Hazeyama and Y. Kadobayashi, “An Evaluation of Machine Learning-based Methods for Detection of Phishing Sites,” Australian Journal of Intelligent Information Processing Systems, Vol. 10, No. 2, 2008, pp. 54-63.
[6]	OpenDNS, “PhishTank—Join the Fight against Phishing.” http://www.phishtank.com.
[7]	M. Wu, R. C. Miller and S. L. Garnkel, “Do SecurityToolbars Actually Prevent Phishing Attacks?” Proceedings of Conference on Human Factors in Computing Systems, New York, 22-27 April 2006.
[8]	P. Kumaraguru, Y. Rhee, A. Acquisti, L. F. Cranor, J. I. Hong and E. Nunge, “Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System,” Proceedings of Conference on Human Factors in Computing Systems, San Jose, 27 April-3 May 2007, pp. 905-914.
[9]	R. Dhamija, J. D. Tygar and M. A. Hearst, “Why Phishing Works,” Proceedings of Conference on Human Factors in Computing Systems, New York, 22-27 April 2006, pp. 581-590.
[10]	B. J. Fogg, L. Marable, J. Stanford and E. R. Tauber, “How Do People Evaluate a Web Site’s Credibility? Results from a Large Study,” Technical Report, Stanford, 2002.
[11]	R. Biddle, P. C. van Oorschot, A. S. Patrick, J. Sobey and T. Whalen, “Browser Interfaces and Extended Validation ssl Certificates: An Empirical Study,” Proceedings of the 2009 ACM Workshop on Cloud Computing Security, New York, 9-13 November 2009, pp. 19-30.
[12]	A. P. Dempster, N. Laird and D. Rubin, “Maximum Likelihood from Incomplete Data via the EM Algorithm,” Journal of the Royal Statistical Society Series, Vol. 39, No. 1, 1977, pp. 1-38.
[13]	G. E. Schwarz, “Estimating the Dimension of a Model,” Annals of Statistics, Vol. 6, No. 2, 1978, pp. 461-464. doi:10.1214/aos/1176344136

Journals Menu

Follow SCIRP

	+1 323-425-8868
	customer@scirp.org
	+86 18163351462(WhatsApp)
	1655362766

	Paper Publishing WeChat

Journals Menu

Home

About SCIRP

Service

Policies