Using Neuroscience to Explain User Responses to Malware Warnings Bonnie Anderson
Anderson,1 James Vance1, Brock Kirwan, 2 Hansen1
Department of Information Systems, 1 Department of Psychology,2 Brigham Young University
• Malicious software (or malware) constitutes a Figure 1: Grand average
ERP waveforms at the Cz
serious threat to information security of and Pz electrode sites. At the
organizations. Cz electrode site, women had
• There is a need to understand how malware greater amplitudes for the
P300 for both safe websites
warnings can be made more effective to alert end and the warning screen. The
users of potential threats. P300 amplitude was
enhanced for the warning
•Our research will look at the neuroscience screen across genders at
associated with subjects’ identification, recall, and both electrode sites.
reaction to malware warnings.
• We performed a NeuroIS study, employing 1-Motivation and risk aversion Figure 2:
electroencephalography (EEG) and measuring • We will examine behavioral economics insights to al distribution
the P300 wave to examine whether men and why users disregard warnings. of ERP
women process malware warnings in the brain. • Participants will be required to perform a computer- the 300-600
• P300 is a measurement of voltage changes based classification task. ms post-
within the brain associated with attention and • Periodic malware warning screens will interrupt the stimulus
memory operations task. There was a
• Stronger measurements relating to novel • The quantity of malware warning screens will be centrally
adaptive based on behavior. distributed
stimuli. positivity at
Results • Consequences of ignoring the warnings may be 300ms post-
• H1: P300 is higher for all participants when onset.
viewing malware warning screenshots than when • Motivation and risk aversion will be evaluated.
viewing legitimate website screenshots.
H2: P300 is higher for women than for men when
viewing malware warning screenshots when 3- Neuroscience and security
examining the Cz region, not supported with Pz • Develop and perform fMRI studies examining areas
region. 2-Memory and memetics regarding of the brain associated with fear, risk, trust.
H3: P300 latency was not slower for women or malware warning design • Participants will be given tasks to complete while in
• We will examine color, animation, and a variety of an fMRI machine.
H4: P300 did not vary when viewing red malware
other design characteristics and evaluate • Malware warnings will interrupt the tasks.
warning screenshots than when viewing
grayscale malware warning screenshots. Nor memorability. • Blood flow in the brain will show areas of activity.
when viewing red legitimate website screenshots • We will use eye-tracking equipment to track • We will look specifically at the areas of the brain
than when viewing non-red legitimate website participants’ eye movements. associated with fear, risk, trust.
NSF Secure and Trustworthy Cyberspace
Inaugural Principal Investigator Meeting Meet the principal investigators! Place your Post-its® here!
27-29 November 2012
National Harbor, MD Our gratitude to research assistants Dixon Brown, David Eargle, Lee J Hinkle, and Arthur Weagel