Analyzing Instance Representation in Cognitive Models of Phishing Decision Making

preprint OA: closed
Full text JSON View at publisher

Abstract

Abstract Phishing attacks remain a significant security threat. One approach to addressing this challenge is through personalized and adaptive anti-phishing training solutions capable of tailoring learning experiences to individual needs and context. This requires cognitive models that are predictive of individual phishing responses and are amenable to analyzing and measuring the cognitive factors underlying people's susceptibility to phishing attacks. In this paper, we study a key challenge associated with developing cognitive models of phishing decision making grounded in instance based learning theory (IBLT): instance engineering. We investigate the effectiveness of different approaches to designing instances using transformer based methods for natural language representation. This work also investigates which aspects of phishing decision making IBL models could represent and predict. We found that using representations that consider contextual meanings assigned by humans could enable cognitive agents to predict human responses to phishing emails with high accuracy. Notably, we also found that IBL models were predictive of responses from participants who engaged in the quick and intuitive form of decision making process. This work underscores cognitive models' potential to analyze differences in individual's responses to phishing attacks, identify gaps in security awareness, and enhance anti-phishing training effectiveness.
Full text 12,653 characters · extracted from preprint-html · click to expand
Analyzing Instance Representation in Cognitive Models of Phishing Decision Making | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Analyzing Instance Representation in Cognitive Models of Phishing Decision Making Tianhao Xu, Prashanth Rajivan This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4451592/v1 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 06 Feb, 2026 Read the published version in User Modeling and User-Adapted Interaction → Version 1 posted 9 You are reading this latest preprint version Abstract Phishing attacks remain a significant security threat. One approach to addressing this challenge is through personalized and adaptive anti-phishing training solutions capable of tailoring learning experiences to individual needs and context. This requires cognitive models that are predictive of individual phishing responses and are amenable to analyzing and measuring the cognitive factors underlying people's susceptibility to phishing attacks. In this paper, we study a key challenge associated with developing cognitive models of phishing decision making grounded in instance based learning theory (IBLT): instance engineering. We investigate the effectiveness of different approaches to designing instances using transformer based methods for natural language representation. This work also investigates which aspects of phishing decision making IBL models could represent and predict. We found that using representations that consider contextual meanings assigned by humans could enable cognitive agents to predict human responses to phishing emails with high accuracy. Notably, we also found that IBL models were predictive of responses from participants who engaged in the quick and intuitive form of decision making process. This work underscores cognitive models' potential to analyze differences in individual's responses to phishing attacks, identify gaps in security awareness, and enhance anti-phishing training effectiveness. Phishing Decision Making IBL ACT-R Language Models Cybersecurity Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Published Journal Publication published 06 Feb, 2026 Read the published version in User Modeling and User-Adapted Interaction → Version 1 posted Editorial decision: Revision requested 02 Apr, 2025 Reviews received at journal 02 Apr, 2025 Reviewers agreed at journal 02 Apr, 2025 Reviews received at journal 05 Nov, 2024 Reviewers agreed at journal 08 Oct, 2024 Reviewers invited by journal 23 Jul, 2024 Submission checks completed at journal 21 May, 2024 Editor assigned by journal 21 May, 2024 First submitted to journal 20 May, 2024 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4451592","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":308301404,"identity":"23eab265-d058-4b39-89b2-e9644f590451","order_by":0,"name":"Tianhao Xu","email":"","orcid":"","institution":"University of Washington","correspondingAuthor":false,"prefix":"","firstName":"Tianhao","middleName":"","lastName":"Xu","suffix":""},{"id":308301406,"identity":"5f25b4c3-6908-4a48-901f-aef314ea19a0","order_by":1,"name":"Prashanth Rajivan","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAtklEQVRIiWNgGAWjYJACgwQgwQ9mspGiRbKBFC0QfQeI1WIuffhBwcM2uzzjGzkGDB/KDhPWYtmXZmCQ2JZcbAbUwjjjHBFaDM4wGBgknGFO3HYjdwMzbxtRWtg/ALXUJ26eAdTylzgtPEBbKg4nbpAAamEkRotlD08BUMvxxBln3n842HMunbAWcx72bYY/DKoT+9vTEh/8KLMmwmHAuDCAcQ4QVg/RwvyAKJWjYBSMglEwcgEAPF87oez+l24AAAAASUVORK5CYII=","orcid":"","institution":"University of Washington","correspondingAuthor":true,"prefix":"","firstName":"Prashanth","middleName":"","lastName":"Rajivan","suffix":""}],"badges":[],"createdAt":"2024-05-21 02:06:04","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4451592/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4451592/v1","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.1007/s11257-026-09441-z","type":"published","date":"2026-02-06T15:57:33+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":102234924,"identity":"4f656552-e71c-4291-9e68-8c39c3a2d9ba","added_by":"auto","created_at":"2026-02-09 16:14:06","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1223121,"visible":true,"origin":"","legend":"","description":"","filename":"XuRajivanIBLsubmission.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4451592/v1_covered_9b445901-138d-463a-a914-bec525475d3a.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Analyzing Instance Representation in Cognitive Models of Phishing Decision Making","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"user-modeling-and-user-adapted-interaction","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"umui","sideBox":"Learn more about [User Modeling and User-Adapted Interaction](http://link.springer.com/journal/11257)","snPcode":"11257","submissionUrl":"https://submission.nature.com/new-submission/11257/3","title":"User Modeling and User-Adapted Interaction","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Phishing, Decision Making, IBL, ACT-R, Language Models, Cybersecurity","lastPublishedDoi":"10.21203/rs.3.rs-4451592/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4451592/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Phishing attacks remain a significant security threat. One approach to addressing this challenge is through personalized and adaptive anti-phishing training solutions capable of tailoring learning experiences to individual needs and context. This requires cognitive models that are predictive of individual phishing responses and are amenable to analyzing and measuring the cognitive factors underlying people's susceptibility to phishing attacks. In this paper, we study a key challenge associated with developing cognitive models of phishing decision making grounded in instance based learning theory (IBLT): instance engineering. We investigate the effectiveness of different approaches to designing instances using transformer based methods for natural language representation. This work also investigates which aspects of phishing decision making IBL models could represent and predict. We found that using representations that consider contextual meanings assigned by humans could enable cognitive agents to predict human responses to phishing emails with high accuracy. Notably, we also found that IBL models were predictive of responses from participants who engaged in the quick and intuitive form of decision making process. This work underscores cognitive models' potential to analyze differences in individual's responses to phishing attacks, identify gaps in security awareness, and enhance anti-phishing training effectiveness.","manuscriptTitle":"Analyzing Instance Representation in Cognitive Models of Phishing Decision Making","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-06-03 06:33:40","doi":"10.21203/rs.3.rs-4451592/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2025-04-02T20:12:02+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-04-02T20:08:48+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"27237261287683940077005219097624395213","date":"2025-04-02T19:13:54+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-11-05T21:56:04+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"140628822709712837327437425830483378882","date":"2024-10-08T14:16:32+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2024-07-23T16:10:11+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2024-05-21T15:41:17+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2024-05-21T15:41:17+00:00","index":"","fulltext":""},{"type":"submitted","content":"User Modeling and User-Adapted Interaction","date":"2024-05-21T02:03:10+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"user-modeling-and-user-adapted-interaction","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"umui","sideBox":"Learn more about [User Modeling and User-Adapted Interaction](http://link.springer.com/journal/11257)","snPcode":"11257","submissionUrl":"https://submission.nature.com/new-submission/11257/3","title":"User Modeling and User-Adapted Interaction","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"9446ebad-9e0f-4612-9f18-62ba7d929880","owner":[],"postedDate":"June 3rd, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[],"tags":[],"updatedAt":"2026-02-09T16:10:02+00:00","versionOfRecord":{"articleIdentity":"rs-4451592","link":"https://doi.org/10.1007/s11257-026-09441-z","journal":{"identity":"user-modeling-and-user-adapted-interaction","isVorOnly":false,"title":"User Modeling and User-Adapted Interaction"},"publishedOn":"2026-02-06 15:57:33","publishedOnDateReadable":"February 6th, 2026"},"versionCreatedAt":"2024-06-03 06:33:40","video":"","vorDoi":"10.1007/s11257-026-09441-z","vorDoiUrl":"https://doi.org/10.1007/s11257-026-09441-z","workflowStages":[]},"version":"v1","identity":"rs-4451592","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4451592","identity":"rs-4451592","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00