Phishing is a highly prevalent form of social engineering where an attacker steals sensitive information by sending fraudulent emails that purport to be from a trustworthy source. Over time, phishing attacks have become both socially and contextually smarter, with the result that phishing continues to be a growing problem for organisations and individuals. To date, the majority of tools aimed at helping users identify phishing emails rely on visual indicators, such as additional text, saliency cues, and/or warnings. However, little work has explored auditory cues despite humans being sensitive to changes in rhythms and sequences of sounds.
This PhD project will focus predominantly on exploring the design space for the sonification of phishing detection in organisations. Employees heavily rely on email communication to perform their jobs, yet are historically poor at identifying fake emails. An auditory solution could help to relieve some of the visual fatigue associated with computer tasks and act as more effective warning to users.
This PhD project has two aims: (i) to identify the design space around the sonification of phishing tools for employees and (ii) to develop and evaluate a sonification tool for supporting phish detection in organisations.
Northumbria University has been recognised as an Academic Centre of Excellence in Cyber Security Research by the NCSC and EPSRC, and is one of the largest and most successful Human Computer Interaction groups in the world. The student will work with friendly colleagues across disciplines and will be based in the new state-of-the art £7m Computer and Information Sciences building in the Newcastle city centre.
Prospective candidates should have a background in computing, psychology, or related disciplines. Programming experience, or strong interest in learning to program, is highly desirable. Applicants will also ideally have an interest in usable security.
This project is supervised by Dr. James Nicholson.
Eligibility and How to Apply:
Please note eligibility requirement:
• Academic excellence of the proposed student i.e. 2:1 (or equivalent GPA from non-UK universities [preference for 1st class honours]); or a Masters (preference for Merit or above); or APEL evidence of substantial practitioner achievement.
• Appropriate IELTS score, if required.
For further details of how to apply, entry requirements and the application form, see https://www.northumbria.ac.uk/research/postgraduate-research-degrees/how-to-apply/
Please note: Applications that do not include a research proposal of approximately 1,000 words (not a copy of the advert), or that do not include the advert reference (e.g. SF19/EE/CIS/NICHOLSON) will not be considered.
Start Date: 1 March 2020 or 1 October 2020
Northumbria University takes pride in, and values, the quality and diversity of our staff. We welcome applications from all members of the community. The University holds an Athena SWAN Bronze award in recognition of our commitment to improving employment practices for the advancement of gender equality and is a member of the Euraxess network, which delivers information and support to professional researchers.
Nicholson, J., Coventry, L., & Briggs, P. (2017). Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection. In Symposium on Usable Privacy and Security (SOUPS).
Debashi, M., & Vickers, P. (2018). Sonification of network traffic flow for monitoring and situational awareness. PloS one, 13(4), e0195948.