Rajivan, Prashanth PRMehrabi, Elaheh2025-10-022025-10-022025Mehrabi_washington_0250E_28746.pdfhttps://hdl.handle.net/1773/54039Thesis (Ph.D.)--University of Washington, 2025Phishing attacks use deceptive emails to manipulate individuals into revealing sensitive information or performing harmful actions. They continue to remain a widespread threat because they exploit human cognitive vulnerabilities rather than technological weaknesses. Unlike hardware or software weaknesses that can often be patched, human susceptibility to phishing cannot be intervened with a one-size-fits-all anti-phishing training solution. People differ in the types of phishing threats to which they are susceptible, which require personalized and adaptive anti-phishing training solutions capable of tailoring learning experiences to individual needs and context. Cognitive models could enable analyses of cognitive processes predictive of individuals susceptibilities to phishing threats. They could enable anti-phishing training solutions to identify gaps in individuals' knowledge about phishing threats, assess people's ability to recall training when faced with real threats, and estimate how well individuals can generalize training received to recognize new types of attacks. However, a key challenge in the developing such cognitive models lies with instance representation. In the context of models of phishing decision making, it would be the information communicated through email text. It remains unclear how people encode and recall past email conversations when making decisions about phishing attacks. This dissertation addresses this critical gap by investigating how different text representations affect cognitive models of human decision-making in phishing contexts. Specifically, it explores how people encode and recall textual information from emails when deciding whether to engage with or ignore them, and how to generate representations aligned with human memory processes for use in computational cognitive models. My research began by integrating existing cognitive models into a simulated environment emulating user interactions with phishing emails. Early experiments revealed that these models struggled to capture the processes by which humans recall and interpret complex email content when making response decisions, highlighting a fundamental limitation in current modeling approaches. As a first step toward addressing this gap, I developed a privileged learning framework that was trained on a set of high-level cues derived from human-labeled data. Once trained, the model was able to generate similar representation cues for new, unseen emails that lacked these annotations. This approach demonstrated the potential to bridge the gap between raw email text and more abstract decision-making features, while also highlighting the need for deeper analysis of how different representation methods impact cognitive modeling. Motivated by these findings, I systematically evaluated two broad categories of text representations within the instance-based learning (IBL) framework. The first category included lower-order, text-based representations, such as embeddings of full sentences, embeddings of email summaries from generative AI, and recall-based keywords. The second category encompassed higher-order, intent-driven representations capturing cues like tone, sentiment, and inferred communicative intent—features inspired by speech act theory hypothesized to better reflect how humans remember the intent behind what was communicated through an email.Through extensive evaluation within the instance-based learning theory framework, my findings demonstrate that higher-level, abstract representations—such as inferred intent, sentiment, and tone—more accurately model human decision-making than full-text embeddings or even embeddings based on email summaries. These representations not only improved prediction performance but also enhanced robustness when simulating users whose behaviors were less consistent or dissimilar from the majority, suggesting greater generalizability across diverse individuals. In a subsequent exploratory effort, I implemented IF-THEN production rules based on intent representations within the ACT-R cognitive architecture to examine how rule-based cognitive modeling could enhance model alignment with human responses. While preliminary, this effort highlighted the potential of explicit rule-guided frameworks to support future human decision-making modeling directions and offer interpretable decision mechanisms. Together, these contributions advance our understanding of how cognitively grounded representations of email content influence the modeling and analysis of phishing decisions. They underscore the value of aligning computational models with human memory processes to support the development of personalized, adaptive, and cognitively-informed anti-phishing interventions.application/pdfen-USnoneCognitionDecision MakingInstance Based LearningMemoryPhishingIndustrial engineeringCognitive psychologyComputer scienceIndustrial engineeringThesis