Our latest assignment allows the "cognitive agent" to "learn" new phishing messages by adding them to the case base. I found this an interesting question because if phishing is case-based, what causes people to be more likely to add a message to their "phishing" corpus? Surely they don't do it for every message as our system does because we have seen users fall for the same message multiple times.
My guess would be experiencing actual loss would increase recognition, but I'm not certain. The trend in phishing education has been that actually sending phishing messages and telling people they are phishing is far more effective than merely lecturing about phishing (which isn't surprising), but that those who fall for it shouldn't be "punished" for falling for phishing. Would it be more likely to enter their long term memory if there were some consequence, though?
I wouldn't think, certainly at this point, that it would be politically advisable to do such a thing, but the evidence may point to that being far better for the recipient in the long term.
Wednesday, July 27, 2016
Thursday, July 14, 2016
CBR and base cases
I have some issues with how we're applying Case Based reasoning in the project, but I'm not sure it's solvable in the amount of time we have.
We're assuming both novices and experts are using Case Based reasoning to determine phishing, and I genuinely think that's true, but we're informing our case base with dozens of phishing messages. Certainly I have seen hundreds of phishing messages and I have reports of dozens from some of the novice users we support, but I wonder if we're shortcutting the system by assuming we can identify what the corpus of phishing messages looks like for a novice from our current data. I have similar concerns about the fact that we're trying to model a hypothetical novice when the cases are likely deeply tied to personal interaction, but I think it applies even more deeply to what a novice has previously identified as phishing.
I'm not sure, though, that it's possible to construct a model without being deeply invasive of the privacy of a particular subject. I suspect an even close to accurate case base would absolutely require not just messages categorized as phishing by that particular subject, but messages from their actual inbox.
We're assuming both novices and experts are using Case Based reasoning to determine phishing, and I genuinely think that's true, but we're informing our case base with dozens of phishing messages. Certainly I have seen hundreds of phishing messages and I have reports of dozens from some of the novice users we support, but I wonder if we're shortcutting the system by assuming we can identify what the corpus of phishing messages looks like for a novice from our current data. I have similar concerns about the fact that we're trying to model a hypothetical novice when the cases are likely deeply tied to personal interaction, but I think it applies even more deeply to what a novice has previously identified as phishing.
I'm not sure, though, that it's possible to construct a model without being deeply invasive of the privacy of a particular subject. I suspect an even close to accurate case base would absolutely require not just messages categorized as phishing by that particular subject, but messages from their actual inbox.
Methodological Individualism
I have been thinking about whether or not I am a "methodological individualist", since it has been asked twice in class. I somewhat wonder whether the term is meant somewhat like the Copernican model or if it's all the way to Newton. To reject individualism do I have to believe that there really is more to the whole than the sum of its parts, or is it sufficient to believe that for the purpose of modeling the whole it's simpler to render it as though there were something extra? From an Ockham's razor perspective, is there a difference at this point? Is it enough that assuming there's something extra makes the model easier and so we can represent a whole without understanding the parts even if at our core we believe the whole thing might come down to neurons?
Saturday, July 9, 2016
Cultural Cognition
I had thought before of the fact that literacy allowed a much more expansive cultural memory, but I hadn't reflected on the fact that maybe the difference between human cognition and lower primates is caused by our unique ability, even in pre-literate cultures, to pass information from one person to the next.
Certainly my eventual goal with the project, as an information security professional, is to teach non-experts how to identify phishing. The project is about understanding the difference between how the two process phishing messages, but maybe looking at individuals is oversimplified. Maybe experts don't merely individually process them differently it's part of the culture of being around other experts.
Certainly my eventual goal with the project, as an information security professional, is to teach non-experts how to identify phishing. The project is about understanding the difference between how the two process phishing messages, but maybe looking at individuals is oversimplified. Maybe experts don't merely individually process them differently it's part of the culture of being around other experts.
Subscribe to:
Posts (Atom)