Towards a Cognitive Theory of Cyber Deception

Cranford, Edward A.; González, Cleotilde; Aggarwal, Palvi; Tambe, Milind; Cooney, Sarah; Lebière, Christian

doi:10.1111/cogs.13013

Cited by 26 publications

(35 citation statements)

References 47 publications

(103 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, humans find it difficult to detect an attacker's intentions in the context of cybersecurity teams 89 due to human biases. 90 Human biases are often used by cybercriminals to conduct phishing attacks and obtain credentials to access an organization's systems, for example. 91 The use of AI biases can also be used by cybercriminals as a means of attack.…”

Section: Human-autonomy Teaming Biasmentioning

confidence: 99%

Joint human and autonomy teaming for defense: status, challenges, and perspectives

El Alami,

Nwosu,

Rawat

2023

Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V

View full text Add to dashboard Cite

Human and Autonomy Teaming (HAT) involves humans, artificial intelligence and machine learning (AI/ML), and autonomous systems (AS) working together to enhance performance and efficiency across a variety of fields. The purpose of this paper is to outline the current status, challenges, and perspectives related to HAT in the defense applications, such as multi-domain operations (MDOs). This paper emphasizes that, although ASs have numerous benefits, humans, and machines need to work together to ensure effective communication and coordination. Furthermore, this paper addresses the issues of situation awareness, HAT bias, security, privacy, confidentiality, trust, transparency, and explainability as they relate to joint HAT in MDOs. Finally, this paper explores the potential of perspectives to overcome these challenges and enhance collaboration between humans, AI/ML, and AS in the context of defense.

show abstract

Section: Human-autonomy Teaming Biasmentioning

confidence: 99%

Joint human and autonomy teaming for defense: status, challenges, and perspectives

El Alami,

Nwosu,

Rawat

2023

Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V

View full text Add to dashboard Cite

show abstract

“…Contextual cues also feature centrally in models of end‐user response to phishing emails (Cranford et al., 2019) based on instance‐based learning theory (IBLT) (Gonzalez et al., 2003). The latter, which is a model of dynamic decision making in cognitive science, also draws on instance‐based learning algorithms (IBLAs) (Aha et al., 1991) from machine learning.…”

Section: Phishing Targets the Human Elementmentioning

confidence: 99%

“…As noted above, Equations () through () build on the conceptual apparatus introduced in the SDT‐based phishing susceptibility literature (Kaivanto, 2014). There are close parallels between the concepts employed here—histories of decision contexts

\lbrace Z_i\rbrace _{&lt;t}

, decision‐attributes

\lbrace {\bm{\alpha }}\rbrace _{&lt;t}

, decision‐outcomes

\lbrace D_i\rbrace _{&lt;t}

, as well as match quality

m_i^c(\bm{\alpha })

—and those employed in IBLT (Cranford et al., 2019; Gonzalez et al., 2003). Hence, the machine learning and NLP techniques developed in IBLT can in principle be used in computation implementation of ().…”

Section: Incorporating Intuitive Emotional and Fallible Decision Makingmentioning

confidence: 99%

Many phish in the C$\mathcal{C}$: A coexisting‐choice‐criteria model of security behavior

Embrey

Kaivanto

2022

Risk Analysis

View full text Add to dashboard Cite

Normative decision theory proves inadequate for modeling human responses to the social-engineering campaigns of advanced persistent threat (APT) attacks. Behavioral decision theory fares better, but still falls short of capturing social-engineering attack vectors which operate through emotions and peripheral-route persuasion. We introduce a generalized decision theory, under which any decision will be made according to one of multiple coexisting choice criteria. We denote the set of possible choice criteria by . Thus, the proposed model reduces to conventional Expected Utility theory when | EU | = 1, while Dual-Process (thinking fast vs. thinking slow) decision making corresponds to a model with | DP | = 2. We consider a more general case with || ≥ 2, which necessitates careful consideration of how, for a particular choice-task instance, one criterion comes to prevail over others. We operationalize this with a probability distribution that is conditional upon traits of the decisionmaker as well as upon the context and the framing of choice options. Whereas existing signal detection theory (SDT) models of phishing detection commingle the different peripheral-route persuasion pathways, in the present descriptive generalization the different pathways are explicitly identified and represented. A number of implications follow immediately from this formulation, ranging from the conditional nature of security-breach risk to delineation of the prerequisites for valid tests of security training. Moreover, the model explains the "steppingstone" penetration pattern of APT attacks, which has confounded modeling approaches based on normative rationality.

show abstract

“…Importantly, phishing emails often mimic benign emails-meaning that decision makers, who are influenced by typical memory effects such as recency and frequency of past instances, are susceptible to the cognitive biases that emerge from these very processes (Singh et al, 2019). An IBL model was built to emulate end-used classification decisions of emails (i.e., as phishing or benign), and the results from this model were compared to the classification decisions of humans in an email-processing task (Cranford et al, 2021). The model has turned out to be very accurate at predicting human's classification decisions.…”

Section: Phishing Detection and Trainingmentioning

confidence: 99%

Learning and Dynamic Decision Making

González

2021

Topics in Cognitive Science

View full text Add to dashboard Cite

Humans make decisions in dynamic environments (increasingly complex, highly uncertain, and changing situations) by searching for potential alternatives sequentially over time, to determine the best option at a precise moment. Surprisingly, the field of behavioral decision making has little to offer in terms of theoretical principles and practical guidelines on how people make decisions in dynamic situations. My research program aims to fill in this gap by developing theoretical understandings of decision processes as well as practical demonstrations of how these theoretical developments can improve human dynamic decision making. Throughout my research career, I have helped create, test, and improve a general theory of dynamic decision making, instance-based learning theory, IBLT. The methods I have used to contribute to IBLT are (1) laboratory experiments that rely on dynamic games in which humans make choices over time and space, individually and in teams, and from which we extrapolate robust phenomena and behavioral insights; and (2) computational, actionable cognitive models, which specify the decision-making process and the cognitive mechanisms involved into a computational algorithm. The combination of these methods spawned novel applications in areas such as cybersecurity, phishing, climate change, and human-machine interactions. In this paper, I will take you through my own intellectual exploratory experience of computational modeling of human decision processes, and how the integration of experimental work and cognitive modeling helped in discovering and uncovering the field of dynamic decision making.

show abstract

Towards a Cognitive Theory of Cyber Deception

Cited by 26 publications

References 47 publications

Joint human and autonomy teaming for defense: status, challenges, and perspectives

Joint human and autonomy teaming for defense: status, challenges, and perspectives

Many phish in the C$\mathcal{C}$: A coexisting‐choice‐criteria model of security behavior

Learning and Dynamic Decision Making

Contact Info

Product

Resources

About