Adversarial Cognitive Engineering (ACE) and Defensive Cybersecurity: Leveraging Attacker Decision-Making Heuristics in a Cybersecurity Task

dc.contributor.authorJohnson, Chelsea
dc.contributor.authorVan Tassel, Richard W.
dc.contributor.authorShade, Temmie
dc.contributor.authorRogers, Andrew
dc.contributor.authorFerguson-Walter, Kimberly
dc.date.accessioned2023-12-26T18:36:36Z
dc.date.available2023-12-26T18:36:36Z
dc.date.issued2024-01-03
dc.identifier.doi10.24251/HICSS.2023.118
dc.identifier.isbn978-0-9981331-7-1
dc.identifier.othere62b59f1-acc9-4bc6-bc28-d650c8fc0a65
dc.identifier.urihttps://hdl.handle.net/10125/106495
dc.language.isoeng
dc.relation.ispartofProceedings of the 57th Hawaii International Conference on System Sciences
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subjectCyber Deception and Cyberpsychology for Defense
dc.subjectcognitive engineering
dc.subjectcybersecurity
dc.subjectdecision-making heuristics
dc.subjectsunk cost fallacy
dc.titleAdversarial Cognitive Engineering (ACE) and Defensive Cybersecurity: Leveraging Attacker Decision-Making Heuristics in a Cybersecurity Task
dc.typeConference Paper
dc.type.dcmiText
dcterms.abstractThe role of cyberspace continues to expand, touching nearly every aspect in our lives. Critical information, when stolen, can be devastating to a nation’s people, economy, and security. To defend against this threat, it is essential to understand the human behind the attack. A first step in developing new defenses where human attackers are involved is obtaining valid and reliable human performance and decision-making data. These data can be procured through rigorous human science research that experimentally evaluates foundational theory and measures human performance. Taking the key concepts from behavioral economics, the game-based testbed, CYPHER, was specifically designed to test the occurrence of the Sunk Cost Fallacy across multiple decisions in an abstract cyber environment. Evaluating decisions made over a series of actions to catch a fictitious cyber thief, we analyze the effects of two antecedents (uncertainty and project completion) and resource expenditure. Our results show that irrespective of condition, significantly more participants unnecessarily wasted resources, demonstrating behavior consistent with the Sunk Cost Fallacy. These data provide a baseline upon which to build artificial intelligence algorithms for automated cyber defense.
dcterms.extent10 pages
prism.startingpage974

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
0095.pdf
Size:
342.75 KB
Format:
Adobe Portable Document Format