<p>This paper introduces GAMBiT (Guarding Against Malicious Biased Threats), a cognitive-informed cyber defense framework that leverages deviations from human rationality as a defensive surface. Conventional cyber defenses often assume rational, utility-maximizing attackers, yet real-world adversaries exhibit cognitive constraints and biases that shape their interactions with complex digital systems. GAMBiT embeds insights from cognitive science into cyber environments through cognitive triggers, which activate biases such as loss aversion, base-rate neglect, and sunk-cost fallacy, and through newly developed cognitive sensors that infer attackers’ cognitive states from behavioral and network data. Three rounds of human-subject experiments (total <i>n</i>=61) are conducted in a simulated small business network; the control condition uses the identical network topology and simulation setup, except for cognitive trigger artifacts. The results demonstrate that these manipulations significantly disrupt attacker performance, including reducing mission progress, diverting actions off the true attack path, and increasing detectability. These results demonstrate that cognitive biases can be systematically triggered to degrade the attacker’s efficiency and enhance the defender’s advantage. GAMBiT advances the paradigm in which the attacker’s mind becomes part of the battlefield, and cognitive manipulation becomes a proactive vector for cyber defense, complementing existing approaches through systematic trigger and sensor design as well as the collection of multimodal experimental data.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Guarding Against Malicious Biased Threats (GAMBiT): Experimental Design of Cognitive Sensors and Triggers with Behavioral Impact Analysis

  • Brandon Beltz,
  • Po-Yu Chen,
  • James Doty,
  • Yvonne Fonken,
  • Nikolos Gurney,
  • Hsiang-Wen Hsing,
  • Sofia Hirschmann,
  • Brett Israelsen,
  • Nathan Lau,
  • Mengyun Li,
  • Stacy Marsella,
  • Michael Murray,
  • Jinwoo Oh,
  • Amy Sliva,
  • Kunal Srivastava,
  • Stoney Trent,
  • Peggy Wu,
  • Ya-Ting Yang,
  • Quanyan Zhu

摘要

This paper introduces GAMBiT (Guarding Against Malicious Biased Threats), a cognitive-informed cyber defense framework that leverages deviations from human rationality as a defensive surface. Conventional cyber defenses often assume rational, utility-maximizing attackers, yet real-world adversaries exhibit cognitive constraints and biases that shape their interactions with complex digital systems. GAMBiT embeds insights from cognitive science into cyber environments through cognitive triggers, which activate biases such as loss aversion, base-rate neglect, and sunk-cost fallacy, and through newly developed cognitive sensors that infer attackers’ cognitive states from behavioral and network data. Three rounds of human-subject experiments (total n=61) are conducted in a simulated small business network; the control condition uses the identical network topology and simulation setup, except for cognitive trigger artifacts. The results demonstrate that these manipulations significantly disrupt attacker performance, including reducing mission progress, diverting actions off the true attack path, and increasing detectability. These results demonstrate that cognitive biases can be systematically triggered to degrade the attacker’s efficiency and enhance the defender’s advantage. GAMBiT advances the paradigm in which the attacker’s mind becomes part of the battlefield, and cognitive manipulation becomes a proactive vector for cyber defense, complementing existing approaches through systematic trigger and sensor design as well as the collection of multimodal experimental data.