Warning messages are one of the last lines of defense in computer security, and are fundamental to users' security interactions with technology. Unfortunately, research shows that users routinely ignore security warnings. A key contributor to this disregard is habituation, the diminishing of attention due to frequent exposure. However, previous research examining habituation has done so only indirectly, by observing the influence of habituation on security behavior, rather than measuring habituation itself. This project uses neuroscience to open the "black box" of the brain to observe habituation as it occurs. By investigating how repetition suppression occurs in the brain, researchers can make a more precise approach to designing security warnings that are resistant to the effects of habituation.
Specifically, functional magnetic resonance imaging (fMRI) is used to measure how neural activity in the visual processing centers of the brain sharply decrease with repeated exposure to warnings. This phenomenon, termed the repetition suppression effect, is directly antecedent to the process of habituation. This project aims to: (1) directly measure how habituation of security warnings occurs in the brain; (2) examine how habituation towards security warnings develops over time using a longitudinal design; and (3) use fMRI brain data to guide the design of polymorphic (dynamic) security warnings, as well as to empirically test their effectiveness compared with existing security warnings. The insights gained from this project have the potential to inform the design and evaluation of warnings that more effectively help users to respond to security threats.
