{"title":"Eye tracking analysis of browser security indicators","authors":"A. Darwish, Emad Bataineh","doi":"10.1109/ICCSII.2012.6454330","DOIUrl":null,"url":null,"abstract":"Understanding the natural human behavior when people interact with Web browsers is essential for building more user-centric interface design that is customized based on user's perception and experience. This paper presents the first empirical study of users' interaction with security indicators in Web browsers in a controlled real life security risk. The work focuses on the natural and spontaneous behavior of the victim's eyes on several predetermined area of interest, and empirically presents users' evaluation of several online logon pages. The experiment and its results provide a quantitative evidence of the usability of visual security indicators in Internet Explorer (IE8). We first categorized a set of Websites and created phishing Web Pages using most known phishing techniques, and then a group of users from different backgrounds and age groups took the controlled experiment on an eye tracking machine. We found that the simplicity approach in Web design causes more damage rather than helping in online security, and that the current sleek design of Web pages helps users find the logon area and overlook the security indicators instead. We also found that the security certificate cue was not used by the participants to determine the legitimacy of the presented Websites.","PeriodicalId":281140,"journal":{"name":"2012 International Conference on Computer Systems and Industrial Informatics","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Computer Systems and Industrial Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCSII.2012.6454330","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 27
Abstract
Understanding the natural human behavior when people interact with Web browsers is essential for building more user-centric interface design that is customized based on user's perception and experience. This paper presents the first empirical study of users' interaction with security indicators in Web browsers in a controlled real life security risk. The work focuses on the natural and spontaneous behavior of the victim's eyes on several predetermined area of interest, and empirically presents users' evaluation of several online logon pages. The experiment and its results provide a quantitative evidence of the usability of visual security indicators in Internet Explorer (IE8). We first categorized a set of Websites and created phishing Web Pages using most known phishing techniques, and then a group of users from different backgrounds and age groups took the controlled experiment on an eye tracking machine. We found that the simplicity approach in Web design causes more damage rather than helping in online security, and that the current sleek design of Web pages helps users find the logon area and overlook the security indicators instead. We also found that the security certificate cue was not used by the participants to determine the legitimacy of the presented Websites.
理解人们与Web浏览器交互时的自然行为对于构建基于用户感知和经验定制的以用户为中心的界面设计至关重要。本文首次在现实生活安全风险可控的情况下,对Web浏览器中用户与安全指标的交互进行了实证研究。这项工作着重于受害者的眼睛在几个预定的兴趣区域上的自然和自发的行为,并经验地呈现了用户对几个在线登录页面的评价。该实验及其结果为Internet Explorer (IE8)中视觉安全指示器的可用性提供了定量证据。我们首先对一组网站进行了分类,并使用大多数已知的网络钓鱼技术创建了网络钓鱼网页,然后一组来自不同背景和年龄段的用户在眼动仪上进行了对照实验。我们发现,Web设计中的简单方法对在线安全没有帮助,反而造成了更多的损害,而当前Web页面的圆滑设计反而帮助用户找到登录区域,而忽略了安全指标。我们还发现,参与者没有使用安全证书提示来确定所呈现网站的合法性。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
