Behavioral Spear Phishing Risk Simulation Tool

Behavioral Spear Phishing Risk Simulation Tool preview image

1 collaborator

Default-person Kim Kaivanto (Author)

Tags

behavioral decision making 

Tagged by Kim Kaivanto over 5 years ago

cumulative prospect theory 

Tagged by Kim Kaivanto over 5 years ago

signal detection 

Tagged by Kim Kaivanto over 5 years ago

spear phishing 

Tagged by Kim Kaivanto over 5 years ago

system-level risk 

Tagged by Kim Kaivanto over 5 years ago

Visible to everyone | Changeable by the author
Model was written in NetLogo 5.0.4 • Viewed 631 times • Downloaded 39 times • Run 0 times
Download the 'Behavioral Spear Phishing Risk Simulation Tool' modelDownload this modelEmbed this model

Do you have questions or comments about this model? Ask them here! (You'll first need to log in.)


Comments and Questions

Please note!

Requires the 'R-Extension' package available here http://r-ext.sourceforge.net/

Posted over 5 years ago

Extensions

Hi, Kim. FYI, you can upload the extension yourself, via the "files" tab. Then, whenever someone downloads the model via the "download" link, they'll get the extension along with it. Thanks for your contribution!

Posted over 5 years ago

Extensions

Hi Reuven! I'd be very happy to help streamline the process, but the r-extension requires machine-specific setup detailed on the http://r-ext.sourceforge.net/ site. I'm not sure that I can improve on the instructions available there. And if there are updates or bug fixes, again the sourceforge site will be up-to-date, whereas anything I would do here would not necessarily remain up-to-date.

Posted over 5 years ago

Click to Run Model

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;                                                                                                                               ;;
;;  Behavioral Spear Phishing Risk Simulation Tool, by Kim Kaivanto, November 2013                                               ;;
;;  Simulates 100 agents, whose responses to spear phishing emails are calculated, illustrated and recorded.                     ;;
;;  The vertical height of the world represents the duration of the spear-phishing attack in weeks.                              ;;
;;                                                                                                                               ;;
;;  Agents may be M0s (classical Signal Detection Theory (SDT), i.e. normatively rational, risk-neutral decision makers          ;;
;;                M1s ('behavioral' CPT-SDT decision makers)                                                                     ;;
;;                M2s ('behavioral' decision makers who employ CPT-SDT *and* are vulnerable to peripheral-route persuasion       ;;
;;                                                                                                                               ;;
;;  Requires the 'R-Extension' package available here http://r-ext.sourceforge.net/                                              ;;
;;                                                                                                                               ;;
;;  Height of world indicates duration, in weeks, of the spear-phishing attack (default 3 rows = 3 weeks                         ;;
;;                                                                                                                               ;;
;;  Once max-iter is reached and the run is complete, type the following in the command center: show phished-per-iter-list       ;;
;;  The resulting vector may be highlighted, copied and saved as a text file for analysis in a statistical software package      ;;
;;                                                                                                                               ;;
;;  Code licenced by Kim Kaivanto, http://www.lums.lancs.ac.uk/profiles/kim-kaivanto/                                            ;;
;;  under a Creative Commons Attribtion-Noncommercial-Share Alike 3.0                                                            ;;
;;  Unsupported License (see http://creativecommons.org/licenses/by-nc-sa/3.0/                                                   ;;
;;  If this model is used in original or modified form for research, please cite                                                 ;;
;;  (i) the code source on modelingcommons, as well as                                                                           ;;
;;  (ii) the published paper:                                                                                                    ;;
;;       Kaivanto K (2014) "The Effect of Decentralized Behavioral Decision Making on System-Level Risk",                        ;;
;;       Risk Analysis 34(12), pp. 2121--2142. DOI: 10.1111/risa.12219                                                           ;;
;;       available at the URL http://onlinelibrary.wiley.com/doi/10.1111/risa.12219/                                             ;;
;;                                                                                                                               ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


extensions [r] 

globals [
  iter                           ;; iteration count tracker
  phi                            ;; CPT value function exponent
  prob-of-phish                  ;; prior probability that an email will be a spear-phishing email
  phished-per-iter-list          ;; a list variable of length max-iter that records the number of security breaches (total) within each iteration
  ]
;; controlled by slider:
;;    prob-periph-pers              probability that peripherral-route persuasion is 'successful', causing the individual to use his/her 'lower' ROC curve
;;    no-of-spearphish-per-week     how many, out of the 250 emails per week, are spear phishing emails
;;    d-prime-vigilant              d' of the normal ROC curve
;;    d-prime-low                   d' when compromised by peripher-route persuasion (see prob-periph-pers above)
;;    max-iter                      maximum number of iterations to run, ranges from 1 to 10,000 
;;
;; controlled by drop-down menu:
;;    class-of-users                mzeros for M0s, mones for M1s, mtwos for M2s
;;                                  for detailed explanation of user classes see:
;;                                  Kaivanto (2013) "The Effect of Decentralized Behavioral Decision Making on System-Level Risk"

breed [ mzeros mzero ]  ;; Benchmark, normative rationality
breed [ mones mone ]    ;; CPT-SDT
breed [ mtwos mtwo ]    ;; CPT-SDT + psychology of deception (peripheral-route persuasion, visceral emotion, time pressure, contextual cues)

turtles-own [
  d-prime
  phished?      ;; in the current iteration, has the agent clicked on a phishing email? 
  theta-opt     ;; optimal cutoff threshold under the classical SDT (mzeros) or under the CPT-SDT (mones and mtwos)
  alpha         ;; false positive likelihood associated with the agent's theta-opt
  power         ;; true positive likelihood associated with the agent's theta-opt
  ]


;;           SETUP

to setup
  clear-all
  ask patches [ set pcolor black ]
  set iter 0
  set phished-per-iter-list (list)
  set prob-of-phish ( no-of-spearphish-per-week / 250 )
  if ( class-of-users = "mzeros" ) 
    [ create-mzeros 100 
        [ 
          defaults 
          calculate-mzeros-theta-opt
          set phished? false
        ] 
    ]
  if ( class-of-users = "mones" ) 
    [ create-mones 100  
        [ 
          defaults 
          calculate-mones-mtwos-theta-opt
          set phished? false
        ] 
    ]
  if ( class-of-users = "mtwos" ) 
    [create-mtwos 100 
      [ defaults 
        ifelse (( random 100) < prob-periph-pers ) 
          [ set d-prime d-prime-low ] [ set d-prime d-prime-vigilant ]
        calculate-mones-mtwos-theta-opt
        set phished? false
      ] 
    ]
  reset-ticks
end 

;;            defaults for use in SETUP of agents 

to defaults
    set color gray
    set heading 0
    set xcor (who) 
    set ycor min-pycor 
    set phi 0.88
    set d-prime d-prime-vigilant   ;; the default value for mzeros and mones, and the starting default for mtwos
end 

to calculate-mzeros-theta-opt
      set theta-opt ((1 / d-prime)*(ln C-FP - ln (C-FN - C-TP) + ln (1 - prob-of-phish ) - ln prob-of-phish + (((d-prime)^(2)) / 2))) 
end 

to calculate-mones-mtwos-theta-opt
      set theta-opt ((1 / d-prime)*((phi)*(ln (C-FP)) - ln (((C-FN)^(phi)) - ((C-TP)^(phi))) + ln ( 1 - prob-of-phish ) - ln prob-of-phish + (((d-prime)^(2)) / 2)))
end 

;;

to go
  ask-concurrent turtles [ sdt ] ;; 
;; 
  if ( all? turtles [ ycor = max-pycor ] ) and ( iter = max-iter )
    [ tick
      set phished-per-iter-list lput ( count turtles with [ phished? ] ) phished-per-iter-list
      if  pause?  [ user-message (word "End of iteration #" iter ". End of run.") ]
      histogram-plot
      user-message (word "Finished!")      ;;;;;;;;;
      stop ]
;;
  if ( all? turtles [ ycor = max-pycor ] ) and ( iter < max-iter )
    [ 
      tick
      if  pause?  [ user-message (word "End of iteration #" iter ".") ]
      ask patches [ set pcolor black ]
      ask-concurrent turtles [ set ycor min-pycor ]
      set phished-per-iter-list lput ( count turtles with [ phished? ] ) phished-per-iter-list
      ask-concurrent turtles [ set phished? false ]
      ask-concurrent turtles [ sdt ] ;; 
    ]  
;;
  if (all? turtles [ ycor = max-pycor - 1 ])
    [
      tick
      ask-concurrent turtles [ forward 1 ]
      set iter iter + 1
    ]  
;;
  if ( all? turtles [ ycor < max-pycor - 1])
    [ 
      tick
      ask-concurrent turtles [ forward 1 ]
    ]
end 

to sdt
  ifelse phished? 
  [
    set pcolor lime
  ]
  [
    r:put "thetastar"  theta-opt 
    r:put "dprime" d-prime
    r:eval "power <- pnorm( dprime - thetastar )"
    r:eval "alpha <- pnorm( 0 - thetastar )"
    set alpha (r:get "alpha") 
    set power (r:get "power")
    ifelse ((random-float 1 ) <= power) 
    [ set phished? false 
      set pcolor lime
    ] 
    [ set phished? true 
      set pcolor red
    ]
  ]   
end 

to histogram-plot
  r:setPlotDevice
  r:put "phishperiter" phished-per-iter-list
  r:eval "hist(phishperiter, xlim=c(0,80), ylim=c(0,50),breaks=16)"
end 

There are 2 versions of this model.

Uploaded by When Description Download
Kim Kaivanto over 4 years ago Journal, year, volume and issue details updated. Download this version
Kim Kaivanto over 5 years ago Initial upload Download this version

Attached files

File Type Description Last updated
Behavioral Spear Phishing Risk Simulation Tool.png preview Preview for 'Behavioral Spear Phishing Risk Simulation Tool' over 5 years ago, by Kim Kaivanto Download

This model does not have any ancestors.

This model does not have any descendants.