Ontology-Based Intelligent Interface Personalization for Protection Against Phishing Attacks.

Millions of users on the Internet have fallen into phishing website traps. Detection tools are designed to warn users against such attacks, but often fail to achieve this purpose. One crucial reason behind this is that users rarely have a chance to interact and build a relationship with a detection tool that stealthily runs at the backend. A warning message on a rarely seen interface from such a tool hardly inspires users' trust in its authenticity and accuracy. In this study, we propose an ontology-based intelligent interface personalization (OBIIP) design for the warning interfaces of phishing website detection tools. We first constructed an ontology of warning interface elements (OWIE), which is a comprehensive knowledgebase for warning interface design. We then used OWIE in the design and creation of an OBIIP prototype and assessed it in a laboratory experiment and an online experiment. The results show the significant value of OBIIP in improving users' performance in terms of self-protection against website phishing attacks and building a stronger relationship with the detection tool in terms of trust in and use of the tool. Millions of users on the Internet have fallen into phishing website traps. Detection tools are designed to warn users against such attacks but often fail to achieve this purpose due to usability issues. To address these issues and increase user self-protection against such attacks, we propose an ontology-based intelligent interface personalization (OBIIP) design for the warning interfaces of phishing website detection tools. Our design involves two phases: proof-of-concept and proof-of-value. The proof-of-concept phase consists of developing an ontology of warning interface elements (OWIE) based on the ontology approach in design science, expert feedback, and inputs from multiple populations through three rounds of surveys with 1,297 participants. OWIE is then used in the design and creation of an OBIIP prototype. The proof-of-value phase involves a controlled laboratory experiment (with 596 participants) to assess OBIIP's value in terms of users' self-protection performance as well as a posthoc online data collection (with 191 participants) and analysis to reveal the role of the design element categories in users' trust and perceived personalization in OBIIP. The assessment results show the significant value of OBIIP in improving self-protection performance as well as the pervasive impact of OBIIP in improving users' relationship with the security tool in terms of trust in and use of the tool. This work also identifies categories of design elements that matter in the OBIIP process. History: Suprateek Sarker, Senior Editor; David (Jingjun) Xu, Associate Editor. Funding: This work was partially supported by the U.S. National Science Foundation [Grant CNS-1049497]. Supplemental Material: The online appendices are available at https://doi.org/10.1287/isre.2021.0065. [ABSTRACT FROM AUTHOR]