Our latest assignment allows the "cognitive agent" to "learn" new phishing messages by adding them to the case base. I found this an interesting question because if phishing is case-based, what causes people to be more likely to add a message to their "phishing" corpus? Surely they don't do it for every message as our system does because we have seen users fall for the same message multiple times.
My guess would be experiencing actual loss would increase recognition, but I'm not certain. The trend in phishing education has been that actually sending phishing messages and telling people they are phishing is far more effective than merely lecturing about phishing (which isn't surprising), but that those who fall for it shouldn't be "punished" for falling for phishing. Would it be more likely to enter their long term memory if there were some consequence, though?
I wouldn't think, certainly at this point, that it would be politically advisable to do such a thing, but the evidence may point to that being far better for the recipient in the long term.
Wednesday, July 27, 2016
Thursday, July 14, 2016
CBR and base cases
I have some issues with how we're applying Case Based reasoning in the project, but I'm not sure it's solvable in the amount of time we have.
We're assuming both novices and experts are using Case Based reasoning to determine phishing, and I genuinely think that's true, but we're informing our case base with dozens of phishing messages. Certainly I have seen hundreds of phishing messages and I have reports of dozens from some of the novice users we support, but I wonder if we're shortcutting the system by assuming we can identify what the corpus of phishing messages looks like for a novice from our current data. I have similar concerns about the fact that we're trying to model a hypothetical novice when the cases are likely deeply tied to personal interaction, but I think it applies even more deeply to what a novice has previously identified as phishing.
I'm not sure, though, that it's possible to construct a model without being deeply invasive of the privacy of a particular subject. I suspect an even close to accurate case base would absolutely require not just messages categorized as phishing by that particular subject, but messages from their actual inbox.
We're assuming both novices and experts are using Case Based reasoning to determine phishing, and I genuinely think that's true, but we're informing our case base with dozens of phishing messages. Certainly I have seen hundreds of phishing messages and I have reports of dozens from some of the novice users we support, but I wonder if we're shortcutting the system by assuming we can identify what the corpus of phishing messages looks like for a novice from our current data. I have similar concerns about the fact that we're trying to model a hypothetical novice when the cases are likely deeply tied to personal interaction, but I think it applies even more deeply to what a novice has previously identified as phishing.
I'm not sure, though, that it's possible to construct a model without being deeply invasive of the privacy of a particular subject. I suspect an even close to accurate case base would absolutely require not just messages categorized as phishing by that particular subject, but messages from their actual inbox.
Methodological Individualism
I have been thinking about whether or not I am a "methodological individualist", since it has been asked twice in class. I somewhat wonder whether the term is meant somewhat like the Copernican model or if it's all the way to Newton. To reject individualism do I have to believe that there really is more to the whole than the sum of its parts, or is it sufficient to believe that for the purpose of modeling the whole it's simpler to render it as though there were something extra? From an Ockham's razor perspective, is there a difference at this point? Is it enough that assuming there's something extra makes the model easier and so we can represent a whole without understanding the parts even if at our core we believe the whole thing might come down to neurons?
Saturday, July 9, 2016
Cultural Cognition
I had thought before of the fact that literacy allowed a much more expansive cultural memory, but I hadn't reflected on the fact that maybe the difference between human cognition and lower primates is caused by our unique ability, even in pre-literate cultures, to pass information from one person to the next.
Certainly my eventual goal with the project, as an information security professional, is to teach non-experts how to identify phishing. The project is about understanding the difference between how the two process phishing messages, but maybe looking at individuals is oversimplified. Maybe experts don't merely individually process them differently it's part of the culture of being around other experts.
Certainly my eventual goal with the project, as an information security professional, is to teach non-experts how to identify phishing. The project is about understanding the difference between how the two process phishing messages, but maybe looking at individuals is oversimplified. Maybe experts don't merely individually process them differently it's part of the culture of being around other experts.
Friday, June 24, 2016
Emotions
I thought the book was fairly short on emotions. The idea that we can't make decisions without them is certainly fascinating. I would have expected this to indicated that FJ and TP were more common on the Myers Briggs Type Indicator surveys. In fact the opposite is true, FP+TJ is 53% of the population. I'm not sure what to make of the fact that decisions are made because of emotion but those who are guided by logic are more likely to come to a quick decision than those guided by emotion.
Neural Networks
I don't think I've ever really thought about how neural networks work before. Certainly not about how the ones with actual neurons in an actual brain does. The fact that they seem to learn everything based on the coordination of inputs without any sort of real feedback is incredible, but it makes sense given how much better we remember something like touching a hot stove versus abstractly learning that stoves are hot. Even within the project of phishing we've found both in papers and in practice that people are far more likely to learn through exercises where they fall for phishing while reading their actual mail and are told what went wrong immediately rather than some classroom or paper about it.
Thursday, June 16, 2016
I was very interested this week in how neurons actually fire. I also find it odd that feed-forward networks actually learn effectively at all, but it seems like that's the primary way the mind may actually work. I don't really think that's useful for my project, but it's a really fascinating look at how the mind works.
Wednesday, June 8, 2016
Visualizing items
In class I was interested that most of the class seemed to pull items out of their memory when asked for something like "What are three trees?" by visualizing trees. I can't imagine visualizing as a way to pull items out of memory from a list of things like that, but I can only guess from the uniformity of responses that however I have categorized items is unusual.
Monday, June 6, 2016
Unsurprisingly, it seems that security experts use fundamentally different processes for identifying phishing messages from novices. Novices seem to use context gleaned from individual messages and processed on a per-message basis (pictures look "odd", grammar doesn't match how the person actually talks, request is unusual). Experts have more strict, but broader rules (URLs match organization sending message)
Subscribe to:
Posts (Atom)