任务中断对用户识别网络钓鱼的漂移扩散实证研究

doi:10.3969/j.issn.1006-2475.2025.02.001

摘要/Abstract

摘要： 用户能否正确识别出网络钓鱼是防御其攻击的最后一道防线，频繁且难以避免的中断对用户在短时间内处理大量邮件并识别出网络钓鱼是一个严重的挑战。任务中断已被证明对主要任务既有积极影响也有消极影响且研究结论不统一，因此任务中断对用户识别网络钓鱼的影响需进一步探究。本文基于漂移扩散模型，构建中断状态、行为选择、中断状态×行为选择的研究模型，采用模型参数的贝叶斯估计分析在有无中断状态下用户识别网络钓鱼的漂移率、边界高度、起始点偏差、非决策时间。在线实验数据分析结果发现，任务中断对用户正确识别网络钓鱼邮件具有双刃剑效应，有中断时用户的反应时间变短，且在准确率上没有显著差异，但漂移率变低，导致更高的边界高度。此外，针对正确率差异、性别差异、易感性差异、知识经验差异的相关分析发现，当无中断时个体为男性、正确率越高、易感性越低、知识经验越低时，其漂移率越快，编码等非决策时间越短，而有中断时个体为女性、正确率越低、知识经验越低时，其漂移率越快。本文研究从主体、客体之外的第三方任务中断的视角拓展影响用户识别网络钓鱼的环境因素，为提高用户识别网络钓鱼的能力提供实践指导。

关键词: 网络钓鱼识别, 任务中断, 漂移扩散模型, 网络钓鱼易感性, 知识经验

Abstract: Whether users can correctly identify phishing is the last line of defense against their attacks， and frequent and unavoidable interruptions pose a serious challenge for users to quickly process large amounts of emails and identify phishing. Task interruption has been proven to have both positive and negative effects on the main task， and research conclusions are inconsistent. Therefore， the role of task interruption in identifying phishing needs further explorations. This article is based on the drift diffusion model and constructs a research model for interrupt state， behavior selection， behavior selection， and interrupt state. Bayesian estimation of model parameters is used to analyze the drift rate， boundary height， starting point deviation， and non-decision time of user identification phishing in the presence or absence of interruptions. The analysis of online experimental data found that task interruption has a double-edged sword effect on correctly identifying phishing emails for users. When there is interruption， the user’s reaction time becomes shorter and there is no significant difference in accuracy， but the drift rate decreases， leading to higher boundary heights. In addition， relevant analysis on differences in accuracy， gender， susceptibility， and knowledge and experience found that when there is no interruption， the individual is male， the higher the accuracy， the lower the susceptibility， and the lower the knowledge and experience， the drift rate is faster， and the non-decision-making time for coding is shorter. However， when there is interruption， the individual is female， the lower the accuracy， and the lower the knowledge and experience， the drift rate is faster. This study extends the perspective of third-party task interruptions beyond the subject and object to explore the environmental factors that affect user identification of phishing， provides practical guidance for improving users’ ability to recognize phishing attacks.

Key words: phishing identification, task interruption, drift diffusion model, phishing susceptibility, knowledge and experience

中图分类号:

TP391

王乐, 王志英. 任务中断对用户识别网络钓鱼的漂移扩散实证研究[J]. 计算机与现代化, 2025, 0(02): 1-12.

WANG Le, WANG Zhiying. An Empirical Study on the Drift Diffusion of Task Interruption in User Identification of Phishing[J]. Computer and Modernization, 2025, 0(02): 1-12.

参考文献

［1］弋晓洋，张健. 基于图像的网络钓鱼邮件检测方法研究［J］. 信息网络安全， 2021，21（09）:52-58.
［2］ TAM L， GLASSMAN M， VANDENWAUVER M. The psychology of password management: A tradeoff between security and convenience［J］. Behaviour & Information Technology， 2010， 29（3）: 233-244.
［3］ Anti-Phishing Working Group. Phishing Activity Trends Report， 2st Quarter 2023 ［EB/OL］. （2023-11-07）. https://apwg.org/.
［4］ MARK G， IQBAL S T， CZERWINSKI M， e t al. Email duration， batching and self-interruption: Patterns of email use on productivity and stress［C］// Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. ACM， 2016:1717-1728.
［5］ SLIFKIN E J D， NEIDER M B， et al. Phishing interrupted: The impact of task interruptions on phishing email classification［J］. International Journal of Human-Computer Studies， 2023，174. DOI: 10.1016/j.ijhcs.2023.103017.
［6］ LEROY S， GLOMB T M. Tasks interrupted: How anticipating time pressure on resumption of an interrupted task causes attention residue and low performance on interrupting ta sks and how a “ready-to-resume” plan mitigates the effects［J］. Organization Science， 2018，29（3）:380-397.
［7］乔万通，李爱梅，肖晨洁，等. 工作任务中断的双刃剑效应: 基于自我控制的理论模型［J］. 中国人力资源开发， 2021，38（2）:57-70.
［8］ FOROUGHI C K， WERNER N E， MCKENDRICK R， et al. Individual differences in working-memory capacity and task resumption following interruptions［J］. Journal of Experimental Psychology: Learning， Memory， and Cognition， 2016，42（9）:1480-1488.
［9］ ALTMANN E M， TRAFTON J G， HAMBRICK D Z. Momentary interruptions can derail the train of thought［J］. Journal of Experimental Psychology: General， 2014，143（1）:215-226.
［10］ ARIGA A， LLERAS A. Brief and rare mental “breaks” keep you focused: Deactivation and reactivation of task goals preempt vigilance decrements［J］. Cognition， 2011，118（3）:439-443.
［11］ WRIGHT R T， JOHNSON S L， KITCHENS B J. Phishing susceptibility in context: A multilevel information processing perspective on deception detection［J］. MIS Quarterly， 2023，47（2）:803-832.
［12］ RASH W. FBI Crime Report Lists Business Email Compromise as Top Scam［EB/OL］. （2019-04-25）. https://www.eweek.com/security/fbi-email-enterprises-scam/.
［13］袁昀，袁勤俭. 详尽可能性模型及其在信息系统研究领域的应用与展望［J］. 现代情报， 2023，43（5）:156-167.
［14］ PROCTOR R W， CHEN J. The role of human factors/ergonomics in the science of security: Decision making and action selection in cyberspace［J］. Human Factors， 2015，57（5）:721-727.
［15］ FLORES W R， HOLM H， NOHLBERG M， et al. Investigating personal determinants of phishing and the effect of national culture［J］. Information & Computer Security， 2015，23（2）:178-199.
［16］ GE Y， LU L， CUI X Y， et al. How personal characteristics impact phishing susceptibility: The mediating role of mail processing［J］. Applied Ergonomics， 2021，97. DOI: 10.1016/j.apergo.2021.103526.
［17］ MOODY G D， GALLETTA D F， DUNN B K. Which phish get caught? An exploratory study of individuals’ susceptibility to phishing［J］. European Journal of Information Systems， 2017，26（6）:564-584.
［18］ WILLIAMS R， MORRISON B W， WIGGINS M W， et al. The role of conscientiousness and cue utilisation in the detection of phishing emails in controlled and naturalistic settings［J］. Behaviour & Information Technology. 2023，43（9）:1842-1858.
［19］ HOUSE D， RAJA M K. Phishing: message Appraisal and the exploration of fear and self-confidence［J］. Behaviour & Information Technology， 2020，39（11）:1204-1224.
［20］ ZHOU Y， CUI X Y， QU W N， et al. The effect of automation trust tendency， system reliability and feedback on users’ phishing detection［J］. Applied Ergonomics， 2022，102. DOI: 10.1016/j.apergo.2022.103754.
［21］ PARSONS K， BUTAVICIUS M， DELFABBRO P， et al. Predicting susceptibility to social influence in phishing emails［J］. International Journal of Human-Computer Studies， 2019，128:17-26.
［22］ SARNO D M， NEIDER M B. So many phish， so little time: Exploring email task factors and phishing susceptibility［J］. Human Factors， 2022，64（8）:1379-1403.
［23］ WILLIAMS E J， POLAGE D. How persuasive is phishing email? The role of authentic design， influence and current events in email judgements［J］. Behaviour & Information Technology， 2019，38（2）:184-197.
［24］ BUTAVICIUS M， TAIB R， HAN S J. Why people keep falling for phishing scams: The effects of time pressure and deception cues on the detection of phishing emails［J］. Computers & Security， 2022，123. DOI: 10.1016/j.cose.2022.102937.
［25］ FRANK M， JAEGER L， RANFT L M. Contextual drivers of employees’ phishing susceptibility: Insights from a field study［J］. Decision Support Systems， 2022，160. DOI: 10.1016/j.dss.2022.113818.
［26］ AYABURI E W， ANDOH-BAIDOO F K. How do technology use patterns influence phishing susceptibility? A two-wave study of the role of reformulated locus of control［J］. European Journal of Information Systems. 2024，33（4）:540-560.
［27］ PURANIK H， KOOPMAN J， VOUGH H C. Pardon the interruption: An integrative review and future research agenda for research on work interruptions［J］. Journal of Management， 2020，46（6）:806-842.
［28］ BAETHGE A， RIGOTTI T， ROE R A. Just more of the same， or different? An integrative theoretical framework for the study of cumulative interruptions at work［J］. European Journal of Work and Organizational Psychology， 2015，24（2）:308-323.
［29］ COUFFE C， MICHAEL G A. Failures due to interruptions or distractions: A review and a new framework［J］. The American Journal of Psychology， 2017，130（2）:163-181.
［30］ CLITHERO J A. Response times in economics: Looking through the lens of sequential s ampling models［J］. Journal of Economic Psychology， 2018，69:61-86.
［31］ JOHNSON D J， HOPWOOD C J， CESARIO J， et al. Advancing research on cognitive processes in social and personality psychology: A hierarchical drift diffusion model primer［J］. Psychological and Personality Science， 2017，8（4）:413-423.
［32］ PE M L， VANDEKERCKHOVE J， KUPPENS P. A diffusion model account of the relationship between the emotional flanker task and rumination and depression［J］. Emotion， 2013，13（4）:739-747.
［33］ WHITE C N， RATCLIFF R， VASEY M W， et al. Anxiety enhances threat processing without competition among multiple inputs: a diffusion model analysis［J］. Emotion， 2010，10（5）:662-677.
［34］ RATCLIFF R， ROUDER J N. Modeling response times for two-choice decisions［J］. Psychological Science， 1998，9（5）:347-356.
［35］ WIECKI T V， SOFER I， FRANK M J. HDDM: Hierarchical Bayesian estimation of the drift-diffusion model in Python［J］. Frontiers in Neuroinformatics， 2013，7. DOI: 10.3389/fninf.2013.00014.
［36］ RATCLIFF R， TUERLINCKX F. Estimating parameters of the diffusion model: Approaches to dealing with contaminant reaction times and parameter variability［J］. Psychonomic Bulletin & Review， 2002，9（3）:438-481.
［37］ GELMAN A， RUBIN D B. Inference from iterative simulation using multiple sequences［J］. Statistical Science， 1992，7（4）:457-472.
［38］ KUMARAGURU P， SHENG S， ACQUISTI A， et al. Teaching Johnny not to fall for phish［J］. ACM Transactions on Internet Technology， 2010，10（2）. DOI: 10.1145/1754393.1754396.
［39］ PATTINSON M， JERRAM C， PARSONS K， et al. Why do some people manage phishing e‐mails better than others?［J］. Information Management & Computer Security， 2012，20（1）:18-28.
［40］ RAJAB M. Visualisation model based on phishing features［J］. Journal of Information & Knowledge Management， 2019，18（1）. DOI: 10.1142/S0219649219500102.
［41］ CAVANAGH J F， WIECKI T V， COHEN M X， et al. Subthalamic nucleus stimulation reverses mediofrontal influence over decision threshold［J］. Nature Neuroscience， 2011，14（11）:1462-1467.
［42］ SPIEGELHALTER D J， BEST N G， CARLIN B P， et al. Bayesian measures of model complexity and fit［J］. Journal of the Royal Statistical Society， 2002，64（4）:583-639.
［43］ SARNO D M， LEWIS J E， BOHIL C J， et al. Which phish is on the hook? Phishing vulnerability for older versus younger adults［J］. Human Factors， 2020，62（5）:704-717.
［44］ CANFIELD C I， FISCHHOFF B， DAVIS A. Quantifying phishing susceptibility for detection and behavior decisions［J］. Human Factors， 2016，58（8）:1158-1172.
［45］ MARK G， GUDITH D， KLOCKE U. The cost of interrupted work: More speed and stress［C］// Proceedings Of The ACM CHI 2008 Conference on Human Factors in Computing Systems. ACM， 2008:107-110.
［46］ KONOVALOV A， KRAJBICH I. Revealed strength of preference: Inference from response times［J］. Judgment and Decision Making， 2019，14（4）:381-394.
［47］ FRYDMAN C， KRAJBICH I. Using response times to infer others’ private information: An application to information cascades［J］. Management Science， 2021，68（4）:2970-2986.
［48］ CHIONG K X， SHUM M， WEBB R， et al. Combining choice and response time data: a drift-diffusion model of mobile advertisements［J］. Management Science， 2024，70（2）:1238-1257.
［49］ ALTMANN E M， TRAFTON J G. Memory for goals: An activation‐based model［J］. Cognitive Science， 2002，26（1）:39-83.

[1]	冯心洁, 王伟. 基于孪生特征融合网络的自然场景文本图像超分辨率方法[J]. 计算机与现代化, 2025, 0(02): 86-93.
[2]	封祖焱, 魏延, 陈家坤, 余昕. 基于门控融合的实时语义分割[J]. 计算机与现代化, 2025, 0(02): 121-126.
[3]	韩霄龙, 曾曦, 刘锟, 尚钰. 基于LoRA高效微调通用语言大模型的文本立场检测[J]. 计算机与现代化, 2025, 0(01): 1-6.
[4]	徐胜超, 陈富强 . 基于BP神经网络的食品安全风险预警方法[J]. 计算机与现代化, 2025, 0(01): 20-24.
[5]	陈思贇1, 马怀波2, 张华君2, 兰子柠2, 陈文鑫2, 胡杰1, 常胜1. 基于国产AI芯片的目标检测算法优化与部署[J]. 计算机与现代化, 2025, 0(01): 25-29.
[6]	袁杰, 朱焱 . 基于属性异质图的多目标对抗跨领域推荐[J]. 计算机与现代化, 2025, 0(01): 37-43.
[7]	闫晓奇, 彭逸清, 任小玲. 位置自适应卷积PointNet++的点云数据分类方法[J]. 计算机与现代化, 2025, 0(01): 44-49.
[8]	刘海涛, 冯帆. 基于BD格缩减辅助的连续干扰消除检测算法[J]. 计算机与现代化, 2025, 0(01): 67-73.
[9]	郑久超, 赵新元. 基于主题与描述信息的实体链接方法[J]. 计算机与现代化, 2024, 0(12): 10-14.
[10]	张昆1, 张永伟1, 吴永城1, 张笑文2, 翟世臣2. 基于大模型的设备故障知识图谱自动构建方法[J]. 计算机与现代化, 2024, 0(11): 46-53.
[11]	张宇1, 2, 黎靖1, 2, 马铭1, 2, 王众祥1, 2, 孙妍1, 2. YOLOLW:一个新的轻量级目标检测模型[J]. 计算机与现代化, 2024, 0(11): 91-98.
[12]	杜猛俊1, 李昂1, 童俊1, 钱锦1, 康恺1, 王若丁1, 靳文星2. 基于改进极限学习算法的电力信息数据融合模型[J]. 计算机与现代化, 2024, 0(10): 61-64.
[13]	焦一凯1, 2, 朱欣娟1, 2. 公共文化资源标签推荐方法[J]. 计算机与现代化, 2024, 0(10): 107-112.
[14]	杨俞沣1, 2, 夏小云2, 陈泽丰3, 廖伟志2, 李积武2. 融合多策略蜣螂优化算法的外卖订单配送路径优化[J]. 计算机与现代化, 2024, 0(09): 25-32.
[15]	马钰, 杨勇, 任鸽, 帕力旦·吐尔逊. 基于GCN和微调BERT的作文自动评分方法[J]. 计算机与现代化, 2024, 0(09): 33-37.