Detecting Ambiguity Aversion in Cyberattack Behavior to Inform Cognitive Defense Strategies

Stephan Carney; Soham Hans; Sofia Hirschmann; Stacy Marsella; Yvonne Fonken; Peggy Wu; Nikolos Gurney

doi:10.54941/ahfe1007038

AHFE International

Accelerating Open Access Science in Human Factors Engineering and Human-Centered Computing

Detecting Ambiguity Aversion in Cyberattack Behavior to Inform Cognitive Defense Strategies

Open Access

Article

Conference Proceedings

Authors: Stephan Carney, Soham Hans, Sofia Hirschmann, Stacy Marsella, Yvonne Fonken, Peggy Wu, Nikolos Gurney

Abstract

Adversaries (hackers) attempting to infiltrate networks frequently face uncertainty in their operational environments. This research explores the ability to model and detect when they exhibit ambiguity aversion, a cognitive bias reflecting a preference for known (versus unknown) probabilities. We introduce a novel methodological framework that (1) leverages rich, multi-modal data from human-subjects red-team experiments, (2) employs a large language model (LLM) pipeline to parse unstructured logs into MITRE ATT&CK-mapped action sequences, and (3) applies a new computational model to infer an attacker’s ambiguity aversion level in near-real time. By operationalizing this cognitive trait, our work provides a foundational component for developing adaptive cognitive defense strategies.

Keywords: decision making, ambiguity, cognitive biases, cybersecurity, human-computer interaction, predictive models

DOI: 10.54941/ahfe1007038

Cite this paper

Downloads

264

Visits

393

Download PDF