Cyber Deception and Cyberpsychology for Defense

Permanent URI for this collectionhttps://hdl.handle.net/10125/107421

Browse

Recent Submissions

Now showing 1 - 7 of 7
  • Thumbnail Image
    Item type: Item ,
    The Enterprise Strikes Back: Conceptualizing the HackBot - Reversing Social Engineering in the Cyber Defense Context
    (2024-01-03) Lundie, Michael; Lindke, Kira; Amos-Binks, Adam; Aiken, Mary; Janosek, Diane
    Cyberattacks have become more complex and pervasive; associated costs are soaring; there is an urgent need for innovative solutions. Socially engineered attacks are escalating in scale, potency, and are increasing in frequency; defenses have not evolved and tactics currently deployed are passive, and arguably offer little deterrent value. Social engineering is rooted in psychology and mediated by technology, therefore, solutions must be informed by a transdisciplinary approach, with the cyber behavioral sciences taking a central role. Identifying and targeting cyberattacker psychological vulnerabilities by means of active cyber defense are under consideration. Automation and scale of response are key requirements, underscoring the need for and the utility of large language models (LLM), in terms of identifying context, scaling to attack type, and generating dialogue to engage the cyberattacker and effectively ‘hack back.’ Hence the present conceptualization of the “HackBot” - an automated strike back innovation, specifically devised to reverse socially engineered attacks in cyber defense contexts.
  • Thumbnail Image
    Item type: Item ,
    Adversarial Cognitive Engineering (ACE) and Defensive Cybersecurity: Leveraging Attacker Decision-Making Heuristics in a Cybersecurity Task
    (2024-01-03) Johnson, Chelsea; Van Tassel, Richard W.; Shade, Temmie; Rogers, Andrew; Ferguson-Walter, Kimberly
    The role of cyberspace continues to expand, touching nearly every aspect in our lives. Critical information, when stolen, can be devastating to a nation’s people, economy, and security. To defend against this threat, it is essential to understand the human behind the attack. A first step in developing new defenses where human attackers are involved is obtaining valid and reliable human performance and decision-making data. These data can be procured through rigorous human science research that experimentally evaluates foundational theory and measures human performance. Taking the key concepts from behavioral economics, the game-based testbed, CYPHER, was specifically designed to test the occurrence of the Sunk Cost Fallacy across multiple decisions in an abstract cyber environment. Evaluating decisions made over a series of actions to catch a fictitious cyber thief, we analyze the effects of two antecedents (uncertainty and project completion) and resource expenditure. Our results show that irrespective of condition, significantly more participants unnecessarily wasted resources, demonstrating behavior consistent with the Sunk Cost Fallacy. These data provide a baseline upon which to build artificial intelligence algorithms for automated cyber defense.
  • Thumbnail Image
    Item type: Item ,
    Physiological Response to Cyber and Psychological Deception
    (2024-01-03) Wymbs, Nicholas; Major, Maxine; Gabrys, Ryan; Ferguson-Walter, Kimberly
    The complex relationship between cyber attacks and human cognition remains a critical area of investigation, as understanding the psychological and related physiological aspects of attackers can lead to significant advancements in cybersecurity. This study expands on existing data by measuring heart rate variability (HRV) and electrodermal activity (EDA) that was collected during a two-day cyber exercise involving expert participants where the experimental conditions encompassed both cyber and psychological deception. The analysis of the physiological data revealed that participants’ stress responses were related to the experimental conditions involving deception (both psychological and cyber). These findings offer valuable insights into the stress levels experienced by cyber attackers and their potential impact on the success of cyber attacks. Decision analytics based off this information can be used by cyber defenders to improve cyber security tools and techniques.
  • Thumbnail Image
    Item type: Item ,
    A Novel Approach to Intrusion Detection Using a Cognitively-Inspired Algorithm
    (2024-01-03) Thomson, Robert; Cranford, Edward; Somers, Sterling; Lebiere, Christian
    We propose a novel algorithm for white-box intrusion detection using a cognitive model consistent with the principles of instance-based learning theory. Cognitive models inherit both mechanism and limitations from cognitive architectures implementing unified theories of human cognition. The mechanisms endow the models with powerful characteristics of human cognition, including robustness, generalization and adaptivity. Expanding upon previous research in malware identification and personalized deceptive signaling, the present paper presents a cognitive model able to achieve over 70% accuracy identifying anomalous (vs normal) traffic on the UNSW-NB15 dataset with only 8 features and using only one sample from each attack and 9 normal samples. Accuracy linearly increases to over 85% using up to 100x more samples. A cognitively-inspired salience algorithm then shows the relative impact of each feature driving correct vs incorrect classifications. Implications for integrating this algorithm with human operators are discussed.
  • Thumbnail Image
    Item type: Item ,
    Retrospectively Using Multilayer Deception in Depth Against Advanced Persistent Threats
    (2024-01-03) Landsborough, Jason; Nguyen, Thuy; Rowe, Neil
    Defensive cyber deception is useful in both the information and cognitive domains of warfare. Such deception works better when it is multilayer as a defense-in-depth strategy. We developed a tool to analyze the offensive tactics in the MITRE ATT&CK Enterprise framework that were popular with sixteen Advanced Persistent Threat (APT) groups, and identified deceptive defense methods that can counter each technique. With this knowledge defenders can make more informed decisions while planning the deception to use in different layers. We use as examples three recent high-profile APT events, and review how well the deception methods could interfere with them.
  • Thumbnail Image
    Item type: Item ,
    Evidence of Cognitive Biases in Cyber Attackers from An Empirical Study
    (2024-01-03) Aggarwal, Palvi; Rubaiyet Nowmi, Saeefa; Du, Yinuo; Gonzalez, Cleotilde
    In this study, the authors aimed to identify cognitive biases exhibited by cyber attackers in the study by Aggarwal et al. (2021). Specifically, this paper investigated whether attackers displayed a preference for targeting systems located in specific areas of the network, as well as investigated any discernible behavioral patterns such as consistently attacking the same system in every round (Default Setting Bias) or persistently targeting a particular system despite previous failures (Sunk Cost Fallacy). The results show evidence for the default effect and sunk cost fallacy in the decision-making processes of human attackers and suggest that they can have significant implications for the effectiveness of cyber defense. This study provides valuable insights for the development of targeted interventions and countermeasures in cyber defense.
  • Thumbnail Image
    Item type: Item ,
    Introduction to the Minitrack on Cyber Deception and Cyberpsychology for Defense
    (2024-01-03) Ferguson-Walter, Kimberly; Fugate, Sunny; Lafon, Dana; Patel, Tejas