Projects

A collection of links to project pages referenced in blog posts and the like

Some research I’m working on; some things I’ve made.

Research

Recent research, grouped by stream.

See my vita or my google scholar profile for a full list of my publications.

Stream: Behavioral Cybersecurity

This research seeks to understand predictors of why individuals disregard security messages, and to develop and test interventions for mitigating the same. It applies theories and methods from both psychology and neuroscience.

1. Do Security Fear Appeals Work when they Interrupt Tasks? A Multi-Method Examination of Password Strength

With: Anthony Vance, Dennis Eggett, Detmar Straub, Kirk Ouimet

Accepted for forthcoming open-access publication at MISQ.

This paper is a follow-up to the wildly popular “Enhancing Password Security through Interactive Fear Appeals: A Web-Based Field Experiment”, HICSS 2013.

The original data for this paper was collected through a deception protocol on a website Socwall.com, with password tooltip treatments designed and implemented by Kirk Ouimet. Later versions of the paper required collecting additional data, including running a focus group. I re-implemented the password tooltip treatments in several other website shells – first for BYU, then for Temple. We didn’t end up using the BYU one to collect more data, but we did use the Temple one during a focus group run by Tony with students from there. I also re-implemented the Socwall one – all three on Heroku. I initially used the social engineering toolkit to clone the sites, because I’m cool.

MISQ forthcoming
Vance, A., Eargle, D., Eggett, D., Straub, D., Ouimet, K. “Do Security Fear Appeals Work When They Interrupt Tasks? A Multi-Method Examination of Password Strength,” MIS Quarterly, forthcoming.
HICSS 2013
Vance, A., Eargle, D., Ouimet, K. and Straub, D. “Enhancing password security through interactive fear appeals: A web-based field experiment.” In 2013 46th Hawaii International Conference on System Sciences (HICSS): (2013), pp. 2988-2997.

Links to resources:

See below for links to live demonstrations of some of the tooltip portals. Be warned though, the README’s there are “research notes,” which means they are messy.

2. More harm than good? How security messages that interrupt make us vulnerable

Examinations of the impact of dual-task interference on security message disregard, and tests a timing-based intervention to discover the best times to present security messages in online browsing contexts. Uses fMRI and field study methodologies.

Citation
Jenkins, J., Anderson, B., Vance, A., Kirwan, B. and Eargle, D. “More harm than good? How security messages that interrupt make us vulnerable.” Information Systems Research, 27, 4 (2016), 880-896. Awarded ISR’s “Best Published Paper” for 2016. doi: 10.1287/isre.2016.0644

3. The Fog of Warnings: How Non-essential Notifications Blur with Security Warnings

With: Anthony Vance, Bonnie Anderson, Brock Kirwan, Jeff Jenkins

Through a series of lab and field experiments, the impact of exposure to system notifications of varying degree of visual similarity to security messages is assessed using objective methods such as reaction times and fMRI response data.

Targeting MISQ Submission October 2021

Conference version
A Vance, D Eargle, JL Jenkins, CB Kirwan, BB Anderson. (2019) “The Fog of Warnings: How Non-Essential Notifications Blur with Security Warnings.” In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). Santa Clara, CA: USENIX Association, 2019. https://www.usenix.org/conference/soups2019/presentation/vance

Resources:

  • Symposium on Usable Privacy and Security (SOUPS’19) submission (abstract, USENIX pdf)
  • A testing page for some of the modals I made for use during the task, and A portal for testing treatment conditions and full or piecemeal task protocol. I built the whole experimental task from scratch using javascript and the PsiTurk python framework.

4. How much is your security worth? Applying a risk tradeoff paradigm to explain the bimodal nature of user elaboration over interruptive security messages

With: Dennis Galletta

Why do employees disregard computer security messages, opening the organization to potential information security breaches? One research perspective assumes that humans who fall prey to such attacks solely use automatic information processing, and therefore, user interfaces (such as Google Chrome browser security popups and overlays or Microsoft Word security dialogs) must be better designed to capture and hold attention, and to educate users, to the end that users more carefully consciously evaluate their information security decisions. However, this research project takes the view that employees also make monetary cost-benefit approaches to adhering to or disregarding security messages. It gathers data using a series of online deception-protocol website experiments, wherein users are exposed to security messages that interrupt an ostensible primary task. Psychometric measures of attention, including mouse-cursor tracking and reaction times, are captured and used to predict security behaviors. The monetary “cost” of disregarding a security message is experimentally varied, and its impact on prompting attention and security behaviors is examined. Survey data and focus group data is also captured to probe users’ thought processes.

Targeting MISQ submission in first quarter 2022

Stream: Online News

This stream tests the degree to which political ideological confirmation bias influences individual’s reactions to online news. It tests elements such as reader-source and reader-content ideological alignment, in addition to predictors of perceptions of comments posted related to online news. It seeks mitigations that can help address online news-related societal divides.

1. A Spoonful of Sugar: Blending Online News Source and Content to Counter Ideological-Alignment News Biases and Encourage Political Group Depolarization

With: Valerie Bartelt, Zlatana Nenova, Dennis Galletta

Anecdotes suggest that political group polarization may impact readers’ perceptions of news articles so strongly that readers may call articles “fake news” solely based on their ideological alignment with the publication source, regardless of the article’s content. While researchers have explored confirmation bias in social media, studies have not yet teased out the differential effects of reader ideological alignment with article content (“content-friendliness”) and source (“source-friendliness”) on attitudes, beliefs, and intended behaviors. Using a mixed design, 133 MTurk participants read and reacted to polarizing news articles, with article-content being presented as if from random sources.

Resources:

Stream: Identifying the IS Nomological Network via Machine learning

This stream applies methods from machine learning and topographical data analysis to explore the nomological network of constructs used in information systems research, and to create tools to improve academic literature review and construct-creation processes.

1. Creating Construct Distance Maps with Machine Learning: Stargazing Trust

With: Kai Larsen, David Gefen, Stacie Petter

A design-science approach to creating a tool to graph the nomological space of all survey items used in information systems literature. Applies methods from the domain of topological data analysis to visually graph the nomological space, based on predicted “distances” between item pairs generated by a machine learning predictive model trained on a sampling of survey item-pair relationships (distances) coded by domain experts. Besides leading to insights into already-used IS constructs, the resulting tool can be used to identify placement of new survey items in context in the nomological space.

Ongoing research.

AMCIS Citation
Larsen KR, Gefen D, Petter S, Eargle D. (2020) “Creating Construct Distance Maps with Machine Learning: Stargazing Trust.” In Conference of the Association for Information Systems (AMCIS 2020). Online. Awarded AMCIS’ “Best Completed Paper” for 2020. 60% acceptance rate.

Links:

Stream: Crowdsourcing

This research is related to developing and using open-source code to collect data on crowdsourcing platforms. It stems from collaborations that have arisen from my open-source code contributions to code projects used to facilitate collecting experimental design data on online crowdsourcing platforms, such as psiTurk.

1. When Bots Attack: Threat Modeling and Mitigations of Attacks Against Online Behavioral Experiments

With: Todd M. Gureckis, Jordan W. Suchow

Psychology and behavioral data is increasingly shifting to being collected online, instead of in brick-and-mortar lab rooms. However, panic has arisen about the degree to which such data is impacted by “bots”, or by malicious actors gaming the system in order to maximize participation payouts. This paper applies models from cybersecurity – specifically, the NIST Cybersecurity Framework’s Five Functions – to systematically evaluate the threat of bots, and to show the process by which controls can be developed to mitigate identified threats. Several cross-industry controls are suggested, including the development of machine learning models to detect anomalous participant behavior, aggregated across participating researchers’ data. The behavioral research community can use these models to defend collected data, and to argue for cross-industry grants to develop novel approaches.

Ongoing research

Github Projects

Check out my github activity! deargle

I publish as much of my class content as I can online, via Github Pages rendering. Much of that content is in the deargle-classes github organization. I encourage my students to contribute to class-related repos. Sometimes they do.

I am involved more heavily with development of a few open-source repositories, such as the ones below.

Kepler Mapper: A flexible Python implementation of the Mapper algorithm

With: Hendrik Jacob van Veen, Nathaniel Saul, and Sam W. Mangham

Kepler-mapper is a library implementing the Mapper algorithm in Python. KeplerMapper can be used for visualization of high-dimensional data and 3D point cloud data. KeplerMapper can make use of Scikit-Learn API compatible cluster and scaling algorithms.

KeplerMapper employs approaches based on the MAPPER algorithm (Singh et al.) as first described in the paper “Topological Methods for the Analysis of High Dimensional Data Sets and 3D Object Recognition”.

I became a core developer for this project circa 2018. I do work both on the python side and also the javascript / html d3 visualization side.

Repo
https://github.com/scikit-tda/kepler-mapper
Docs
https://kepler-mapper.scikit-tda.org/en/latest/
Paper
https://joss.theoj.org/papers/10.21105/joss.01315
JOSS citation
Hendrik van Veen, Nathaniel Saul, David Eargle, and Sam Mangham. “Kepler Mapper: A Flexible Python Implementation of the Mapper Algorithm.” Journal of Open Source Software 4, no. 42 (2019): 1315.
Zenodo citation
Hendrik Jacob van Veen, Nathaniel Saul, David Eargle, & Sam W. Mangham. (2019, October 14). Kepler Mapper: A flexible Python implementation of the Mapper algorithm (Version 1.4.1). Zenodo. http://doi.org/10.5281/zenodo.4077395

psiTurk: An open platform for science on Amazon Mechanical Turk

With: Todd M. Gureckis, Jordan W. Suchow

Psiturk is a python Flask app bundled with a javascript library to facilitate interacting with mturkers through all stages of the AMT process – posting HITs, serving an experiment website, approving work, analyzing data.

I have been a core developer for psiTurk since during my phd in ~2016, and the lead developer since ~2018. I havee done work on the psiturk command-line shell, a web interface, python unit testing, database optimizations, and bug fixes and features-adds throughout the python code.

Citation
Eargle, David, Gureckis, Todd, Rich, Alexander S., McDonnell, John, & Martin, Jay B. (2020, January 6). psiTurk: An open platform for science on Amazon Mechanical Turk (Version v2.3.7). Zenodo. http://doi.org/10.5281/zenodo.3598652
Repo
https://github.com/NYUCCL/psiturk
Docs
https://psiturk.readthedocs.io/en/latest/
Paper
https://doi.org/10.5281/zenodo.3598651

Tools

Some things I’ve made. Links are scattered throughout blog posts, so I’m gathering them here.

College Financial Calculator

https://daveeargle.com/college-financial-calculator/

Calculator that helps plan how much needs to be invested now, using a variety of investment strategies, in order to pay for college in the future.

Grade curve calculator

https://daveeargle.com/mandatory-grading-guidelines/

Some schools have guidelines for distribution of letter grades for a class. This tool helps with compliance with those guidelines.

Kali on GCP

https://github.com/deargle/kali-on-gcp

DevOps for material for my information security management class. Includes a pen test lab on GCP.

NIST Cybersecurity Framework ⭤ 800‑53 Controls Mapping

https://daveeargle.com/nist_csf_800_53_mapping/

The NIST CSF Core maps controls from 800-53 (and other) informative references, but only by code, which makes text-searching impossible. Mashup!