Man vs. machine: Investigating the effects of adversarial system use on end-user behavior in automated deception detection interviews

Deception is an inevitable component of human interaction. Researchers and practitioners are developing information systems to aid in the detection of deceptive communication. Information systems are typically adopted by end users to aid in completing a goal or objective (e.g., increasing the efficiency of a business process). However, end-user interactions with deception detection systems (adversarial systems) are unique because the goals of the system and the user are orthogonal. Prior work investigating systems-based deception detection has focused on the identification of reliable deception indicators. This research extends extant work by looking at how users of deception detection systems alter their behavior in response to the presence of guilty knowledge, relevant stimuli, and system knowledge. An analysis of data collected during two laboratory experiments reveals that guilty knowledge, relevant stimuli, and system knowledge all lead to increased use of countermeasures. The implications and limitations of this research are discussed and avenues for future research are outline

Trends in Phishing Attacks: Suggestions for Future Research

One of the most common and costly forms of deception and fraud online is phishing. Due to the ramifications of successfulphishing attacks, security experts and researchers seek to better understand this phenomenon. Prior phishing research hasaddressed the “bait” and “hook” components of phishing attacks, the human-computer interaction that takes place as usersjudge the veracity of phishing emails and websites, and the development of technologies that can aid users in identifying andrejecting these attacks. Despite the extant research on this topic, phishing attacks continue to be successful as tactics evolve,rendering existing research less relevant. Although numerous tools have been created to aid people in recognizing phishingattacks, users disregard the recommendations of these tools. This paper summarizes the core of phishing research, providesan update on trending attack methods, and proposes future research addressing computer credibility in a phishing context

When Disclosure is Involuntary: Empowering Users with Control to Reduce Concerns

Modern organizations must carefully balance the practice of gathering large amounts of valuable data from individuals with the associated ethical considerations and potential negative public image inherent in breaches of privacy. As it becomes increasingly commonplace for many types of information to be collected without individuals\u27 knowledge or consent, managers and researchers alike can benefit from understanding how individuals react to such involuntary disclosures, and how these reactions can impact evaluations of the data-collecting organizations. This research develops and empirically tests a theoretical model that shows how empowering individuals with a sense of control over their personal information can help mitigate privacy concerns following an invasion of privacy. Using a controlled experiment with 94 participants, we show that increasing control can reduce privacy concerns and significantly influence individuals\u27 attitudes toward the organization that has committed a privacy invasion. We discuss theoretical and practical implications of our work

Establishing a Foundation for Automated Human Credibility Screening

Automated human credibility screening is an emerging research area that has potential for high impact in fields as diverse as homeland security and accounting fraud detection. Systems that conduct interviews and make credibility judgments can provide objectivity, improved accuracy, and greater reliability to credibility assessment practices, need to be built. This study establishes a foundation for developing automated systems for human credibility screening

Identifying Deception Using Novel Technology-Based Approaches to Uncover Concealed Information

Concealing information, one of the many forms of deception, is a pervasive phenomenon as it is present in virtually every facet of interpersonal communication. In some cases, information concealment can have profound implications (e.g., insider threats in organizations, security screening at the border, and criminal interviews). New technologies are under development to aid in identifying concealed information, however, additional research is needed in three key areas to increase the feasibility of using these technologies in real-world credibility assessment contexts. First, research is needed to investigate the accuracy of new credibility assessment technologies relative to existing deception-detection systems. Demonstrating that new technologies meet or exceed detection accuracies of existing systems (e.g., the polygraph) is critical. Second, research is needed to determine if a targetless Concealed Information Test (CIT) is feasible. Existing CIT research supports the presence of main effect differences between persons concealing information and the control group. These behaviors may permit the detection of concealed information without the use of customized sets of stimuli. Eliminating the need to create customized sets of stimuli for each examinee would drastically increase the ease with which an automated system can be used to conduct a CIT. Finally, research is needed to illuminate various elements of the human-computer interaction that occurs during automated credibility assessments. This is a new domain of human-computer interaction as system users in this context are not instigating the interaction, and in many cases, they may be seeking to limit the effectiveness of the system. Before novel systems designed to conduct credibility assessments can be adopted, further research is needed to illuminate how users perceive, respond to, and strategically manage their behaviors when interacting with systems of this nature. This dissertation contains the results of a research program designed to address each of these areas. First, an experiment was designed to investigate the accuracy rates of two promising noncontact measures of concealed information (oculometrics and vocalics) relative to electrodermal activity (EDA). Second, an experiment was designed to evaluate the feasibility of using a targetless CIT to elicit main effect differences between concealers and the control group to identify concealed information. And third, a thorough analysis of examinees' general perceptions, self-reported stress and arousal, perceived effort and performance, and use of countermeasures within the context of an automated credibility assessment interview was conducted. This research effort has yielded the following findings. First, eye tracking and vocalics can be used to identify significant differences in the behaviors and physiology of examinees concealing information, however, the accuracy with which truth tellers and information concealers can be classified remains impractical for an applied setting. Second, there are main effect differences between persons concealing information and telling the truth, however, the use of countermeasures may limit the accuracy with which concealers can be identified. Finally, the presence of concealed information and the use of crime-relevant questions alter how examinees perceive and react to a system designed to identify concealed information. The limitations of this research, as well as directions for future research, are discussed

A Comparison of Invasive and Noninvasive Sensors in the Concealed Information Test

Rapid screening requires identifying individuals concealing information promptly and noninvasively. The standard Concealed Information Test (CIT) is not conducive to a rapid screening context, however, researchers are investigating the ability to conduct adaptations of the CIT using noninvasive sensors. The purpose of this paper is to propose a study that will investigate and compare the accuracy rates of electro dermal, oculometric, and vocalic measures in identifying concealed information. The ability to detect criminals and high-risk individuals rapidly and with stand-off methods during security screening has implications for a wide variety of applications

Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics Monitoring and Just-in-Time Fear Appeals

Password reuse - using the same password for multiple accounts - is a prevalent phenomenon that can make even the most secure systems vulnerable. When passwords are reused across multiple systems, hackers may compromise accounts by stealing passwords from low-security sites to access sites with higher security. Password reuse can be particularly threatening to users in developing countries in which cybersecurity training is limited, law enforcement of cybersecurity is non-existent, or in which programs to secure cyberspace are limited. This article proposes a two-pronged solution for reducing password reuse through detection and mitigation. First, based on the theories of routine, cognitive load and motor movement, we hypothesize that password reuse can be detected by monitoring characteristics of users' typing behavior (i.e. keystroke dynamics). Second, based on protection motivation theory, we hypothesize that providing just-in-time fear appeals when a violation is detected will decrease password reuse. We tested our hypotheses in an experiment and found that users' keystroke dynamics are diagnostic of password reuse. By analyzing changes in typing patterns, we were able to detect password reuse with 81.71% accuracy. We also found that just-in-time fear appeals decrease password reuse; 88.41% of users who received a fear appeal subsequently created unique passwords, whereas only 4.45% of users who did not receive a fear appeal created unique passwords. Our results suggest that future research should continue to examine keystroke dynamics as an indicator of cybersecurity behaviors and use just-in-time fear appeals as a method for reducing non-secure behavior. The findings of our research provide a practical and cost-effective solution to bolster cybersecurity through discouraging password reuse. © 2013 © 2013 Commonwealth Secretariat.Link_to_subscribed_fulltex

Patterns of Nonverbal Behavior Associated with Truth and Deception: Illustrations from Three Experiments

The digital age has brought with it new and powerful computer-based methods of analyzing heretofore elusive patterns of nonverbal behavior. C-BAS (Meservy 2010) is a computer-assisted behavioral observation tool for identifying and tracking nonverbal behaviors from video. THEME (Magnusson, The hidden structure of interaction: from neurons to culture patterns, IOS Press, Amsterdam, pp 4–22, 2005) is a software program that discovers patterns among discrete events in time-ordered data. Together, these tools enable more precise measurement and analysis of nonverbal behavioral dynamics. Applications to three corpora derived from interpersonal deception experiments reveal unique nonverbal patterns that distinguish deceptive from nondeceptive interactions. The first and second experiments produced serial, hierarchically related patterns of behaviors that differed in length and complexity between truthful and deceptive participants during interviews about a theft and cheating, respectively. The third experiment produced differential patterns by and among group members completing a task. Deceivers were inclined toward strategic initiations and interactional control, whereas suspicious group members adopted a more passive, possibly watchful stance. Discovery of these patterns challenges the prevailing view that nonverbal behaviors are too faint and inconsistent to identify deceptive communication. Results have numerous implications regarding the following: the development of new measurement tools locating significant effects of nonverbal behaviors, support for theory that coherent and repetitive relationships exist within and among interactants’ communication, demonstration of the role of nonverbal behaviors in deceptive communication and the dynamic and strategic nature of deception