Showing 1–3 of 3 results for author: Jost, T

Content, Nudges and Incentives: A Study on the Effectiveness and Perception of Embedded Phishing Training

Authors: Daniele Lain, Tarek Jost, Sinisa Matetic, Kari Kostiainen, Srdjan Capkun

Abstract: A common form of phishing training in organizations is the use of simulated phishing emails to test employees' susceptibility to phishing attacks, and the immediate delivery of training material to those who fail the test. This widespread practice is dubbed embedded training; however, its effectiveness in decreasing the likelihood of employees falling for phishing again in the future is questioned… ▽ More A common form of phishing training in organizations is the use of simulated phishing emails to test employees' susceptibility to phishing attacks, and the immediate delivery of training material to those who fail the test. This widespread practice is dubbed embedded training; however, its effectiveness in decreasing the likelihood of employees falling for phishing again in the future is questioned by the contradictory findings of several recent field studies. We investigate embedded phishing training in three aspects. First, we observe that the practice incorporates different components -- knowledge gains from its content, nudges and reminders from the test itself, and the deterrent effect of potential consequences -- our goal is to study which ones are more effective, if any. Second, we explore two potential improvements to training, namely its timing and the use of incentives. Third, we analyze employees' reception and perception of the practice. For this, we conducted a large-scale mixed-methods (quantitative and qualitative) study on the employees of a partner company. Our study contributes several novel findings on the training practice: in particular, its effectiveness comes from its nudging effect, i.e., the periodic reminder of the threat rather than from its content, which is rarely consumed by employees due to lack of time and perceived usefulness. Further, delaying training to ease time pressure is as effective as currently established practices, while rewards do not improve secure behavior. Finally, some of our results support previous findings with increased ecological validity, e.g., that phishing is an attention problem, rather than a knowledge one, even for the most susceptible employees, and thus enforcing training does not help. △ Less

Submitted 2 September, 2024; originally announced September 2024.

Comments: Extended version of the paper appearing in ACM CCS'24

On the Potential of Multi-Mode Antennas for Direction-of-Arrival Estimation

Authors: Robert Pöhlmann, Sami Alkubti Almasri, Siwei Zhang, Thomas Jost, Armin Dammann, Peter A. Hoeher

Abstract: In this paper, we show that a multi-mode antenna (MMA) is an interesting alternative to a conventional phased antenna array for direction-of-arrival (DoA) estimation. By MMA we mean a single physical radiator with multiple ports, which excite different characteristic modes. In contrast to phased arrays, a closed-form mathematical model of the antenna response, like a steering vector, is not straig… ▽ More In this paper, we show that a multi-mode antenna (MMA) is an interesting alternative to a conventional phased antenna array for direction-of-arrival (DoA) estimation. By MMA we mean a single physical radiator with multiple ports, which excite different characteristic modes. In contrast to phased arrays, a closed-form mathematical model of the antenna response, like a steering vector, is not straightforward to define for MMAs. Instead one has to rely on calibration measurement or electromagnetic field (EMF) simulation data, which is discrete. To perform DoA estimation, array interpolation technique (AIT) and wavefield modeling (WM) are suggested as methods with inherent interpolation capabilities, fully taking antenna nonidealities like mutual coupling into account. We present a non-coherent DoA estimator for low-cost receivers and show how coherent DoA estimation and joint DoA and polarization estimation can be performed with MMAs. Utilizing these methods, we assess the DoA estimation performance of an MMA prototype in simulations for both 2D and 3D cases. The results show that WM outperforms AIT for high SNR. Coherent estimation is superior to non-coherent, especially in 3D, because non-coherent suffers from estimation ambiguities. In conclusion, DoA estimation with a single MMA is feasible and accurate. △ Less

Submitted 25 January, 2019; v1 submitted 29 June, 2018; originally announced June 2018.

Power-Based Direction-of-Arrival Estimation Using a Single Multi-Mode Antenna

Authors: Robert Pöhlmann, Siwei Zhang, Thomas Jost, Armin Dammann

Abstract: Phased antenna arrays are widely used for direction-of-arrival (DoA) estimation. For low-cost applications, signal power or received signal strength indicator (RSSI) based approaches can be an alternative. However, they usually require multiple antennas, a single antenna that can be rotated, or switchable antenna beams. In this paper we show how a multi-mode antenna (MMA) can be used for power-bas… ▽ More Phased antenna arrays are widely used for direction-of-arrival (DoA) estimation. For low-cost applications, signal power or received signal strength indicator (RSSI) based approaches can be an alternative. However, they usually require multiple antennas, a single antenna that can be rotated, or switchable antenna beams. In this paper we show how a multi-mode antenna (MMA) can be used for power-based DoA estimation. Only a single MMA is needed and neither rotation nor switching of antenna beams is required. We derive an estimation scheme as well as theoretical bounds and validate them through simulations. It is found that power-based DoA estimation with an MMA is feasible and accurate. △ Less

Submitted 30 January, 2018; v1 submitted 29 June, 2017; originally announced June 2017.