FindAPhD Weekly PhD Newsletter | JOIN NOW FindAPhD Weekly PhD Newsletter | JOIN NOW

Deception Techniques and Countermeasures – Cybersecurity, Human Psychology and Cybercrime.


   School of Electronics, Electrical Engineering and Computer Science

This project is no longer listed on FindAPhD.com and may not be available.

Click here to search FindAPhD.com for PhD studentship opportunities
  Dr Oluwafemi Olukoya  No more applications being accepted  Funded PhD Project (Students Worldwide)

About the Project

A burgeoning cybercrime economy and the growing market for cybercrime services are all the effects of a sophisticated cyberattack landscape. From new levels of supply chain attacks to ransomware and extortion, cybercriminals continue to escalate their activities with increasing success. Cybercriminals are targeting and attacking all sectors of critical infrastructure. Most successful cybercriminals leverage known human weaknesses. This means that they need some form of human intervention to be effective, such as luring victims into clicking a malicious link, running an executable, installing, and opening an app, sending notifications with a sense of urgency to persuade users to click a link, and copying well-known legitimate login pages to trick users into imputing their credentials. Cybercriminals continue to exploit human prejudices and cognitive vulnerabilities by employing a variety of psychological manipulation techniques to entice victims to do their bidding. Some of the schemes are persuasive, and they may prey on users’ fears, anxieties, or emotions, causing them to relax their guard. Cybercriminals need to know how users think and exploit it. However, this aspect of human psychology and dark patterns often engineered for trickery in cyberattacks is not often giving the same weight as the technological aspect when researching, analysing, and understanding cyberattacks. The goal of this project is to exploit human psychology to foil cybercriminals’ abilities to manipulate unsuspecting users into doing their bidding. This project will add to the growing body of knowledge about the importance of dark patterns and human psychology in the development of effective cyber-attacks. The outcome of this project will be requirements elicitation, tools implemented to combat cybercriminals’ psychological attacks and the demonstration of the effectiveness of these tools in increasing end-users resilience to cybersecurity threats.

Project Description:

The goal of this project is to understand deceptive tactics and dark patterns for engineering trickery in effective cyber-attacks. In this PhD project, we will investigate different types of GUI deception attacks, social engineering attacks and other forms of dark patterns in mobile and web applications.

RESEARCH OBJECTIVES:

  1. Investigate prevalent and novel cybercriminals deception tactics and techniques, and the use of dark patterns and psychological tricks in cyber-attacks.
  2. Understand the psychological aspect of users’ (victims, humans) cybersecurity behaviour.
  3. Requirements elicitation for designing systems and building architectures that mirror human reasoning capabilities and prohibit perpetuating human cognitive vulnerabilities in technology.
  4. Design corresponding solutions for spotting and combatting the deception techniques in mobile applications and websites that might launch these attacks.
  5. Evaluation of the mitigation techniques against a variety of cyber threats, such as ransomware and extortion, phishing and other malicious emails, malware, nation-state threats, malicious domains, Supply chain, IoT and OT security etc.
  6. Demonstrating the effectiveness of the mitigation techniques in increasing end-users resilience to cybersecurity threats

This project spans Cybersecurity, Cybercrime and Human Psychology.

Project Key Words: Cybersecurity, Human-centred Computing, Dark Design, Behavioural Psychology, Mobile Applications, Dark Patterns, Deceptive Content, Nudging, Manipulation, Cybersecurity, Cybercrime, Websites.

Start Date: 01/10/22

Application Closing date: 28/02/22

For further information about eligibility criteria please refer to the DfE Postgraduate Studentship Terms and Conditions 2021-22 at https://go.qub.ac.uk/dfeterms

Applicants should apply electronically through the Queen’s online application portal at: https://dap.qub.ac.uk/portal/

Academic Requirements:

A minimum 2.1 honours degree or equivalent in Computer Science or Electrical and Electronic Engineering or relevant degree is required.

Funding Notes:

This three year studentship, for full-time PhD study, is potentially funded by the Department for the Economy (DfE) and commences on 1 October 2022. For UK domiciled students the value of an award includes the cost of approved tuition fees as well as maintenance support (Fees £4,500 pa and Stipend rate £15,609 pa - 2022-23 rates to be confirmed). To be considered eligible for a full DfE studentship award you must have been ordinarily resident in the United Kingdom for the full three year period before the first day of the first academic year of the course.

For candidates who do not meet the above residency requirements, a small number of international studentships may be available from the School. These are expected to be highly competitive, and a selection process will determine the strongest candidates across a range of School projects, who may then be offered funding for their chosen project.


References

1. Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C. and Vigna, G., 2015, May. What the app is that? deception and countermeasures in the android user interface. In 2015 IEEE Symposium on Security and Privacy (pp. 931-948). IEEE.
2. Fernandes, E., Chen, Q.A., Paupore, J., Essl, G., Halderman, J.A., Mao, Z.M. and Prakash, A., 2016, February. Android ui deception revisited: Attacks and defenses. In International Conference on Financial Cryptography and Data Security (pp. 41-59). Springer, Berlin, Heidelberg.
3. Alisa Esage G. 2017 Android Ad Malware on Google Play Combines Three Deception Techniques [Online] https://www.securitynewspaper.com/2017/02/04/android-ad-malware-google-play-combines-three-deception-techniques/
4. Mathur, A., Acar, G., Friedman, M.J., Lucherini, E., Mayer, J., Chetty, M. and Narayanan, A., 2019. Dark patterns at scale: Findings from a crawl of 11K shopping websites. Proceedings of the ACM on Human-Computer Interaction, 3(CSCW), pp.1-32.
5. Maier, M. and Harr, R., 2020. DARK DESIGN PATTERNS: AN END-USER PERSPECTIVE. Human Technology, 16(2).
6. M. Bhoot, A., A. Shinde, M. and P. Mishra, W., 2020, November. Towards the Identification of Dark Patterns: An Analysis Based on End-User Reactions. In IndiaHCI’20: Proceedings of the 11th Indian Conference on Human-Computer Interaction (pp. 24-33)
Search Suggestions
Search suggestions

Based on your current searches we recommend the following search filters.

PhD saved successfully
View saved PhDs