Study On Polymorphic Warning Design And Its Relationship With User's Generalization Of Security Warnings

With the development of information technology,information security is attaching more and more attention.During our everyday use of computer,security warnings usually inform and guide us to avoid information security risks and handle information security problems,playing an important role in information security protection.However,users often neglect computer security warnings and this phenomenon has been proved by many researches.One important reason of the ignorance is habituation,which happens when users see a same warning repeatedly.Habituation can cause users to reduce attention towards warnings.In addition,besides security warnings,there are also many security-neutral notifications without security issue in the computer.These security-neutral notifications have similar appearance with security warnings and higher frequency of occurrence,therefore they could also cause habituation which could generalize to security warnings,inducing less attention towards warnings.This phenomenon is called generalization.The polymorphic design of security warnings is proved to resist habituation significantly,and this research is intended to investigate whether and how polymorphic security warning design can resist generalization.This research is composed of three small studies.Study 1 intends to firstly prove the existence of habituation of security-neutral notifications and its generalization to security warnings,then to explore the relationship between the two.Based on Study 1,Study 2 intends to investigate whether polymorphic security warning designs can resist generalization,and which designs perform the best.Based on Study 1 and 2,Study 3 is intended to find whether polymorphic warning designs have side-effects of the interrupted major task efficiency,thus get a comprehensive understanding of polymorphic security warning design effects.We finally draw the following main conclusions:(1)The habituation of security-neutral notifications and its generalization to security warnings do exist according to the performances of experiment subjects.The habituation level has interacted effects with polymorphic warning design.Polymorphic warning design can resist generalization significantly,and at the sametime,if the habituation level increases,it lowers the effect of polymorphic warning design.(2)About the effect of polymorphic warning design,we find that the scale dynamic style performs better than jiggle and significantly enhances subjects'memory of warnings.The red background style can significantly increase subjects'attention,but not significantly increase the memory level.(3)The accurate rate of major task interrupted by polymorphic-designed warnings is not influenced generally.Among all polymorphic styles,only jiggle and red background style increases the reaction time of the corresponding major tasks significantly.