Ontology-Based Intelligent Interface Personalization for Protection Against Phishing Attacks

Millions of users on the Internet have fallen into phishing website traps. Detection tools are designed to warn users against such attacks but often fail to achieve this purpose due to usability issues. To address these issues and increase user self-protection against such attacks, we propose an ontology-based intelligent interface personalization (OBIIP) design for the warning interfaces of phishing website detection tools. Our design involves two phases: proof-of-concept and proof-of-value. The proof-of-concept phase consists of developing an ontology of warning interface elements (OWIE) based on the ontology approach in design science, expert feedback, and inputs from multiple populations through three rounds of surveys with 1,297 participants. OWIE is then used in the design and creation of an OBIIP prototype. The proof-of-value phase involves a controlled laboratory experiment (with 596 participants) to assess OBIIP’s value in terms of users’ self-protection performance as well as a posthoc online data collection (with 191 participants) and analysis to reveal the role of the design element categories in users’ trust and perceived personalization in OBIIP. The assessment results show the significant value of OBIIP in improving self-protection performance as well as the pervasive impact of OBIIP in improving users’ relationship with the security tool in terms of trust in and use of the tool. This work also identifies categories of design elements that matter in the OBIIP process.

History: Suprateek Sarker, Senior Editor; David (Jingjun) Xu, Associate Editor.

Funding: This work was partially supported by the U.S. National Science Foundation [Grant CNS-1049497].

Supplemental Material: The online appendices are available at https://doi.org/10.1287/isre.2021.0065.