What risk? I don't understand: an empirical study on users' understanding of the terms used in security texts

Tingmin (Tina) Wu, Rongjunchen Zhang, Wanlun Ma, Sheng Wen, Xin Xia, Cecile Paris, Surya Nepal, Yang Xiang

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

Users receive a multitude of security information in written articles, e.g., newspapers, security blogs, and training materials. However, prior research suggests that these delivery methods, including security awareness campaigns, mostly fail to increase people's knowledge about cyber threats. It seems that users find such information challenging to absorb and understand. Yet, to raise users' security awareness and understanding, it is essential to ensure the users comprehend the provided information so that they can apply the advice it contains in practice. We conducted a subjective study to measure the level of users' understanding of security texts. We find that 61% of the terms security experts used in their writings are hard for the public to understand, even for people with some IT backgrounds. We also observe that 88% of security texts have at least one such term. Moreover, we notice that existing dictionaries, including the online ones (e.g., Google Dictionary), cover no more than 35% of the terms found in security texts. To improve users' ability to understand security texts, we developed a framework to build a user-oriented security-centric dictionary from multiple sources. To evaluate the effectiveness of the dictionary, we developed a tool as a service to detect technical terms and explain their meanings to the user in pop-ups. The results of a subjective study to measure the tool's performance showed that it could increase users' ability to understand security articles by 30%.
Original languageEnglish
Title of host publicationProceedings of the 15th ACM Asia Conference on Computer and Communications Security
EditorsGuofei Gu, Giuseppe Ateniese
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Pages248–262
Number of pages15
ISBN (Electronic)9781450367509
DOIs
Publication statusPublished - 2020
EventACM Asia Conference on
Computer and Communications Security 2020
- Taipei, Taiwan
Duration: 5 Oct 20209 Oct 2020
Conference number: 15th
https://dl.acm.org/doi/proceedings/10.1145/3320269 (Proceedings)
https://asiaccs2020.cs.nthu.edu.tw (Website)

Conference

ConferenceACM Asia Conference on
Computer and Communications Security 2020
Abbreviated titleAsiaCCS ‘20
CountryTaiwan
CityTaipei
Period5/10/209/10/20
Internet address

Cite this