# Behavioral Spear Phishing Risk Simulation Tool

Model was written in NetLogo 5.0.4
•
Viewed 981 times
•
Downloaded 77 times
•
Run 0 times

Do you have questions or comments about this model? Ask them here! (You'll first need to log in.)

## Comments and Questions

Click to Run Model

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; ;; ;; Behavioral Spear Phishing Risk Simulation Tool, by Kim Kaivanto, November 2013 ;; ;; Simulates 100 agents, whose responses to spear phishing emails are calculated, illustrated and recorded. ;; ;; The vertical height of the world represents the duration of the spear-phishing attack in weeks. ;; ;; ;; ;; Agents may be M0s (classical Signal Detection Theory (SDT), i.e. normatively rational, risk-neutral decision makers ;; ;; M1s ('behavioral' CPT-SDT decision makers) ;; ;; M2s ('behavioral' decision makers who employ CPT-SDT *and* are vulnerable to peripheral-route persuasion ;; ;; ;; ;; Requires the 'R-Extension' package available here http://r-ext.sourceforge.net/ ;; ;; ;; ;; Height of world indicates duration, in weeks, of the spear-phishing attack (default 3 rows = 3 weeks ;; ;; ;; ;; Once max-iter is reached and the run is complete, type the following in the command center: show phished-per-iter-list ;; ;; The resulting vector may be highlighted, copied and saved as a text file for analysis in a statistical software package ;; ;; ;; ;; Code licenced by Kim Kaivanto, http://www.lums.lancs.ac.uk/profiles/kim-kaivanto/ ;; ;; under a Creative Commons Attribtion-Noncommercial-Share Alike 3.0 ;; ;; Unsupported License (see http://creativecommons.org/licenses/by-nc-sa/3.0/ ;; ;; If this model is used in original or modified form for research, please cite ;; ;; (i) the code source on modelingcommons, as well as ;; ;; (ii) the published paper: ;; ;; Kaivanto K (2014) "The Effect of Decentralized Behavioral Decision Making on System-Level Risk", ;; ;; Risk Analysis 34(12), pp. 2121--2142. DOI: 10.1111/risa.12219 ;; ;; available at the URL http://onlinelibrary.wiley.com/doi/10.1111/risa.12219/ ;; ;; ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; extensions [r] globals [ iter ;; iteration count tracker phi ;; CPT value function exponent prob-of-phish ;; prior probability that an email will be a spear-phishing email phished-per-iter-list ;; a list variable of length max-iter that records the number of security breaches (total) within each iteration ] ;; controlled by slider: ;; prob-periph-pers probability that peripherral-route persuasion is 'successful', causing the individual to use his/her 'lower' ROC curve ;; no-of-spearphish-per-week how many, out of the 250 emails per week, are spear phishing emails ;; d-prime-vigilant d' of the normal ROC curve ;; d-prime-low d' when compromised by peripher-route persuasion (see prob-periph-pers above) ;; max-iter maximum number of iterations to run, ranges from 1 to 10,000 ;; ;; controlled by drop-down menu: ;; class-of-users mzeros for M0s, mones for M1s, mtwos for M2s ;; for detailed explanation of user classes see: ;; Kaivanto (2013) "The Effect of Decentralized Behavioral Decision Making on System-Level Risk" breed [ mzeros mzero ] ;; Benchmark, normative rationality breed [ mones mone ] ;; CPT-SDT breed [ mtwos mtwo ] ;; CPT-SDT + psychology of deception (peripheral-route persuasion, visceral emotion, time pressure, contextual cues) turtles-own [ d-prime phished? ;; in the current iteration, has the agent clicked on a phishing email? theta-opt ;; optimal cutoff threshold under the classical SDT (mzeros) or under the CPT-SDT (mones and mtwos) alpha ;; false positive likelihood associated with the agent's theta-opt power ;; true positive likelihood associated with the agent's theta-opt ] ;; SETUP to setup clear-all ask patches [ set pcolor black ] set iter 0 set phished-per-iter-list (list) set prob-of-phish ( no-of-spearphish-per-week / 250 ) if ( class-of-users = "mzeros" ) [ create-mzeros 100 [ defaults calculate-mzeros-theta-opt set phished? false ] ] if ( class-of-users = "mones" ) [ create-mones 100 [ defaults calculate-mones-mtwos-theta-opt set phished? false ] ] if ( class-of-users = "mtwos" ) [create-mtwos 100 [ defaults ifelse (( random 100) < prob-periph-pers ) [ set d-prime d-prime-low ] [ set d-prime d-prime-vigilant ] calculate-mones-mtwos-theta-opt set phished? false ] ] reset-ticks end ;; defaults for use in SETUP of agents to defaults set color gray set heading 0 set xcor (who) set ycor min-pycor set phi 0.88 set d-prime d-prime-vigilant ;; the default value for mzeros and mones, and the starting default for mtwos end to calculate-mzeros-theta-opt set theta-opt ((1 / d-prime)*(ln C-FP - ln (C-FN - C-TP) + ln (1 - prob-of-phish ) - ln prob-of-phish + (((d-prime)^(2)) / 2))) end to calculate-mones-mtwos-theta-opt set theta-opt ((1 / d-prime)*((phi)*(ln (C-FP)) - ln (((C-FN)^(phi)) - ((C-TP)^(phi))) + ln ( 1 - prob-of-phish ) - ln prob-of-phish + (((d-prime)^(2)) / 2))) end ;; to go ask-concurrent turtles [ sdt ] ;; ;; if ( all? turtles [ ycor = max-pycor ] ) and ( iter = max-iter ) [ tick set phished-per-iter-list lput ( count turtles with [ phished? ] ) phished-per-iter-list if pause? [ user-message (word "End of iteration #" iter ". End of run.") ] histogram-plot user-message (word "Finished!") ;;;;;;;;; stop ] ;; if ( all? turtles [ ycor = max-pycor ] ) and ( iter < max-iter ) [ tick if pause? [ user-message (word "End of iteration #" iter ".") ] ask patches [ set pcolor black ] ask-concurrent turtles [ set ycor min-pycor ] set phished-per-iter-list lput ( count turtles with [ phished? ] ) phished-per-iter-list ask-concurrent turtles [ set phished? false ] ask-concurrent turtles [ sdt ] ;; ] ;; if (all? turtles [ ycor = max-pycor - 1 ]) [ tick ask-concurrent turtles [ forward 1 ] set iter iter + 1 ] ;; if ( all? turtles [ ycor < max-pycor - 1]) [ tick ask-concurrent turtles [ forward 1 ] ] end to sdt ifelse phished? [ set pcolor lime ] [ r:put "thetastar" theta-opt r:put "dprime" d-prime r:eval "power <- pnorm( dprime - thetastar )" r:eval "alpha <- pnorm( 0 - thetastar )" set alpha (r:get "alpha") set power (r:get "power") ifelse ((random-float 1 ) <= power) [ set phished? false set pcolor lime ] [ set phished? true set pcolor red ] ] end to histogram-plot r:setPlotDevice r:put "phishperiter" phished-per-iter-list r:eval "hist(phishperiter, xlim=c(0,80), ylim=c(0,50),breaks=16)" end

There are 2 versions of this model.

## Attached files

File | Type | Description | Last updated | |
---|---|---|---|---|

Behavioral Spear Phishing Risk Simulation Tool.png | preview | Preview for 'Behavioral Spear Phishing Risk Simulation Tool' | almost 11 years ago, by Kim Kaivanto | Download |

This model does not have any ancestors.

This model does not have any descendants.

Kim Kaivanto

## Please note!

Requires the 'R-Extension' package available here http://r-ext.sourceforge.net/

## Posted almost 11 years ago

Reuven M. Lerner

## Extensions

Hi, Kim. FYI, you can upload the extension yourself, via the "files" tab. Then, whenever someone downloads the model via the "download" link, they'll get the extension along with it. Thanks for your contribution!

## Posted almost 11 years ago

Kim Kaivanto

## Extensions

Hi Reuven! I'd be very happy to help streamline the process, but the r-extension requires machine-specific setup detailed on the http://r-ext.sourceforge.net/ site. I'm not sure that I can improve on the instructions available there. And if there are updates or bug fixes, again the sourceforge site will be up-to-date, whereas anything I would do here would not necessarily remain up-to-date.

## Posted almost 11 years ago