Using Neuroscience to Explain User Responses to Malware Warnings
ABSTRACT
We are planning a research agenda looking at how people react to malware warnings. Prior research has shown that people ignore malware warnings. Our research will look at the neuroscience associated with subjects’ identification, recall, and reaction to malware warnings.
We recently completed a study where we used EEGs to monitor response of the P300 when subjects were faced with regular websites as well as malware warnings. We found that people are good at recognizing the warnings. However, we found differences in the brains of women compared to men when responding to both the normal and stimulus conditions.
We are moving forward on a number of projects to expand upon these initial findings.
One project will be adaptive with task-related motivation. Depending on how people respond to the malware warnings, either ignore or heed, we will adjust the number of warnings and consequences. They will have a task to complete, so they are more likely to ignore the warnings.
A second project is dealing with memory, specifically what about a malware makes it memorable. We’ve planned some studies to examine color, animation, and a variety of other characteristics that makes a warning memorable or not. We are looking into using eye tracking tools.
The third project in this series is using an fMRI machine to watch the blood flow in the brain when the subject is trying to complete a computer task and interrupted with malware warnings. This project is still preliminary.