Biblio
Filters: Author is Gutzwiller, Robert S. [Clear All Filters]
Decision-Making Biases and Cyber Attackers. 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW). :140–144.
.
2021. Cyber security is reliant on the actions of both machine and human and remains a domain of importance and continual evolution. While the study of human behavior has grown, less attention has been paid to the adversarial operator. Cyber environments consist of complex and dynamic situations where decisions are made with incomplete information. In such scenarios people form strategies based on simplified models of the world and are often efficient and effective, yet may result in judgement or decision-making bias. In this paper, we examine an initial list of biases affecting adversarial cyber actors. We use subject matter experts to derive examples and demonstrate these biases likely exist, and play a role in how attackers operate.
Oppositional Human Factors in Cybersecurity: A Preliminary Analysis of Affective States. 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW). :153–158.
.
2021. The need for cyber defense research is growing as more cyber-attacks are directed at critical infrastructure and other sensitive networks. Traditionally, the focus has been on hardening system defenses. However, other techniques are being explored including cyber and psychological deception which aim to negatively impact the cognitive and emotional state of cyber attackers directly through the manipulation of network characteristics. In this study, we present a preliminary analysis of survey data collected following a controlled experiment in which over 130 professional red teamers participated in a network penetration task that included cyber deception and psychological deception manipulations [7]. Thematic and inductive analysis of previously un-analyzed open-ended survey responses revealed factors associated with affective states. These preliminary results are a first step in our analysis efforts and show that there are potentially several distinct dimensions of cyber-behavior that induce negative affective states in cyber attackers, which may serve as potential avenues for supplementing traditional cyber defense strategies.