Abstract
Human cognitive modeling techniques and related software tools have been widely used by researchers and practitioners to evalu- ate the e ectiveness of user interface (UI) designs and related human performance. However, they are rarely used in the cyber security eld despite the fact that human factors have been recognized as a key ele- ment for cyber security systems. For a cyber security system involving a relatively complicated UI, it could be di cult to build a cognitive model that accurately captures the di erent cognitive tasks involved in all user interactions. Using a moderately complicated user authentication system as an example system and CogTool as a typical cognitive modeling tool, this paper aims to provide insights into the use of eye-tracking data for facilitating human cognitive modeling of cognitive tasks more e ectively and accurately.We used visual scan paths extracted from an eye-tracking user study to facilitate the design of cognitive modeling tasks. This al- lowed us to reproduce some insecure human behavioral patterns observed in some previous lab-based user studies on the same system, and more importantly, we also found some unexpected new results about human behavior. The comparison between human cognitive models with and without eye-tracking data suggests that eye-tracking data can provide useful information to facilitate the process of human cognitive modeling as well as to achieve a better understanding of security-related human behaviors. In addition, our results demonstrated that cyber security re- search can bene t from a combination of eye-tracking and cognitive mod- eling to study human behavior related security problems.