مقاله انگلیسی درجه بندی اعتماد مصنوعات خودکار امنیت IT
ترجمه نشده

مقاله انگلیسی درجه بندی اعتماد مصنوعات خودکار امنیت IT

عنوان فارسی مقاله: درجه بندی اعتماد به مصنوعات خودکار امنیت IT: مطالعه چند دامنه ای فیشینگ - ابزار تشخیص وبسایت
عنوان انگلیسی مقاله: Trust calibration of automated security IT artifacts: A multi-domain study of phishing-website detection tools
مجله/کنفرانس: اطلاعات و مدیریت - Information & Management
رشته های تحصیلی مرتبط: فناوری اطلاعات، کامپیوتر
گرایش های تحصیلی مرتبط: رایانش امن، اینترنت و شبکه های گسترده، امنیت اطلاعات
کلمات کلیدی فارسی: درجه بندی اعتماد، امنیت خودکار IT، وبسایت های فیشینگ، ابزار تشخیص، اعتماد به IT
کلمات کلیدی انگلیسی: Trust calibration, Automated security IT, Phishing websites, Detection tools, Trust in IT
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
نمایه: Scopus - Master Journals List - JCR
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.im.2020.103394
دانشگاه: Florida International University, United States
صفحات مقاله انگلیسی: 16
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2021
ایمپکت فاکتور: 8.940 در سال 2020
شاخص H_index: 162 در سال 2021
شاخص SJR: 2.147 در سال 2020
شناسه ISSN: 0378-7206
شاخص Quartile (چارک): Q1 در سال 2020
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: بله
آیا این مقاله مدل مفهومی دارد: دارد
آیا این مقاله پرسشنامه دارد: ندارد
آیا این مقاله متغیر دارد: دارد
آیا این مقاله فرضیه دارد: ندارد
کد محصول: E15531
رفرنس: دارای رفرنس در داخل متن و انتهای مقاله
نوع رفرنس دهی: vancouver
فهرست مطالب (انگلیسی)

Abstract

Keywords

1. Introduction

2. Literature review

3. Theoretical framework

4. Model of trust calibration for phishing-website detection tools

5. Research methodology

6. Scale development and data collection

7. Analysis and results

8. Discussion

9. Theoretical and practical implications

10. Limitations and future research directions

Acknowledgements

Appendix A. Supplementary data

References

Vitae

بخشی از مقاله (انگلیسی)

Abstract

Phishing websites become a critical cybersecurity threat affecting individuals and organizations. Phishing-website detection tools are designed to protect users against such sites. Nevertheless, detection tools face serious user trust and suboptimal performance issues which require trust calibration to align trust with the tool’s capabilities. We employ the theoretical framework of automation trust and reliance as a kernel theory to develop the trust calibration model for phishing-website detection tools. We test the model using a controlled lab experiment. The results of our analysis show that users’ trust in detection tools can be calibrated by trust calibrators. Moreover, users’ calibrated trust has significant consequences, including users’ tool reliance, use, and performance against phishing websites.

 

1. Introduction

Phishing websites victimize millions of Internet users, exacting significant monetary losses and social costs for individuals and organizations [[1], [2], [3]]. An FBI announcement showed that phishing rendered $26 billion damage over a three-year period from 2016 to 2019 [4]. About $1.1 million per hour is lost to phishing attacks [5].

Phishing websites come in two forms: spoof and concocted. Spoof sites mimic existing, generally well-known websites to engage in identity theft or malware dissemination [6,7]. Concocted sites are fictional websites designed to conduct social engineering, fraudulent online advertising, or black-hat search engine optimization-based attacks for monetary gains or malware propagations. Both categories of phishing websites have serious implications for Internet users and organizations, such as damaging brand equity and increasing customer churn rates [6]. Concocted websites also frequently appear in top-ranked search results [8] and routinely disseminate malware to unsuspecting site visitors [9]. Phishing-website detection tools protect users against such sites.

These detection tools belong to a subcategory of IT called automated security IT and are defined as a type of security IT that uses certain mechanisms to automatically classify an event/objective as normal or malicious [10] while allowing users to make the final security decision [11]. There are many phishing-website detection tools, but reports indicate that users often ignore or disuse their advice [12,13]. A survey of Internet users found that 60 % of respondents do not use the web browsers’ built-in phishing-website detection tools [14]. Many users rely solely on intuition to judge the credibility of a website despite the fact that spoof rates can be as high as 33 %–45 % when users rely on their own mental model [9,15,16]. While research shows that user accuracy in detecting phishing websites is much lower than the accuracy of the detection tools [1], the rate of ignoring certain types of warnings in some browsers (e.g., SSL warnings) can be as high as 60 % [17]. These results suggest that detection tools face serious trust issues in users. Addressing these issues demands a novel approach to investigate user trust vis-à-vis characteristics of detection tools.