Decision-Making Biases and Cyber Attackers

Chelsea K. Johnson; Robert S. Gutzwiller; Joseph Gervais; Kimberly J. Ferguson-Walter

doi:10.1109/ASEW52652.2021.00038

Decision-Making Biases and Cyber Attackers

Chelsea K. Johnson, Robert S. Gutzwiller, Joseph Gervais, Kimberly J. Ferguson-Walter

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Cyber security is reliant on the actions of both machine and human and remains a domain of importance and continual evolution. While the study of human behavior has grown, less attention has been paid to the adversarial operator. Cyber environments consist of complex and dynamic situations where decisions are made with incomplete information. In such scenarios people form strategies based on simplified models of the world and are often efficient and effective, yet may result in judgement or decision-making bias. In this paper, we examine an initial list of biases affecting adversarial cyber actors. We use subject matter experts to derive examples and demonstrate these biases likely exist, and play a role in how attackers operate.

Original language	English (US)
Title of host publication	Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	140-144
Number of pages	5
ISBN (Electronic)	9781665435833
DOIs	https://doi.org/10.1109/ASEW52652.2021.00038
State	Published - 2021
Event	36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021 - Virtual, Online, Australia Duration: Nov 15 2021 → Nov 19 2021

Publication series

Name	Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021

Conference

Conference	36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021
Country/Territory	Australia
City	Virtual, Online
Period	11/15/21 → 11/19/21

Keywords

Peltzman effect
aversion to ambiguity
default effect
functional fixedness
loss aversion
sunk cost

ASJC Scopus subject areas

Software
Safety, Risk, Reliability and Quality
Control and Optimization

Access to Document

10.1109/ASEW52652.2021.00038

Cite this

Johnson, C. K., Gutzwiller, R. S., Gervais, J., & Ferguson-Walter, K. J. (2021). Decision-Making Biases and Cyber Attackers. In Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021 (pp. 140-144). (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASEW52652.2021.00038

Decision-Making Biases and Cyber Attackers. / Johnson, Chelsea K.; Gutzwiller, Robert S.; Gervais, Joseph et al.

Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 140-144 (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Johnson, CK, Gutzwiller, RS, Gervais, J & Ferguson-Walter, KJ 2021, Decision-Making Biases and Cyber Attackers. in Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021. Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021, Institute of Electrical and Electronics Engineers Inc., pp. 140-144, 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021, Virtual, Online, Australia, 11/15/21. https://doi.org/10.1109/ASEW52652.2021.00038

Johnson CK, Gutzwiller RS, Gervais J, Ferguson-Walter KJ. Decision-Making Biases and Cyber Attackers. In Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 140-144. (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021). doi: 10.1109/ASEW52652.2021.00038

Johnson, Chelsea K. ; Gutzwiller, Robert S. ; Gervais, Joseph et al. / Decision-Making Biases and Cyber Attackers. Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 140-144 (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021).

@inproceedings{4336f8442da04dc6b698e6ed4285b3c7,

title = "Decision-Making Biases and Cyber Attackers",

abstract = "Cyber security is reliant on the actions of both machine and human and remains a domain of importance and continual evolution. While the study of human behavior has grown, less attention has been paid to the adversarial operator. Cyber environments consist of complex and dynamic situations where decisions are made with incomplete information. In such scenarios people form strategies based on simplified models of the world and are often efficient and effective, yet may result in judgement or decision-making bias. In this paper, we examine an initial list of biases affecting adversarial cyber actors. We use subject matter experts to derive examples and demonstrate these biases likely exist, and play a role in how attackers operate. ",

keywords = "Peltzman effect, aversion to ambiguity, default effect, functional fixedness, loss aversion, sunk cost",

author = "Johnson, {Chelsea K.} and Gutzwiller, {Robert S.} and Joseph Gervais and Ferguson-Walter, {Kimberly J.}",

note = "Funding Information: *This work was funded by the Laboratory of Advanced Cybersecurity Research. Publisher Copyright: {\textcopyright} 2021 IEEE.; 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

doi = "10.1109/ASEW52652.2021.00038",

language = "English (US)",

series = "Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "140--144",

booktitle = "Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021",

}

TY - GEN

T1 - Decision-Making Biases and Cyber Attackers

AU - Johnson, Chelsea K.

AU - Gutzwiller, Robert S.

AU - Gervais, Joseph

AU - Ferguson-Walter, Kimberly J.

PY - 2021

Y1 - 2021

N2 - Cyber security is reliant on the actions of both machine and human and remains a domain of importance and continual evolution. While the study of human behavior has grown, less attention has been paid to the adversarial operator. Cyber environments consist of complex and dynamic situations where decisions are made with incomplete information. In such scenarios people form strategies based on simplified models of the world and are often efficient and effective, yet may result in judgement or decision-making bias. In this paper, we examine an initial list of biases affecting adversarial cyber actors. We use subject matter experts to derive examples and demonstrate these biases likely exist, and play a role in how attackers operate.

AB - Cyber security is reliant on the actions of both machine and human and remains a domain of importance and continual evolution. While the study of human behavior has grown, less attention has been paid to the adversarial operator. Cyber environments consist of complex and dynamic situations where decisions are made with incomplete information. In such scenarios people form strategies based on simplified models of the world and are often efficient and effective, yet may result in judgement or decision-making bias. In this paper, we examine an initial list of biases affecting adversarial cyber actors. We use subject matter experts to derive examples and demonstrate these biases likely exist, and play a role in how attackers operate.

KW - Peltzman effect

KW - aversion to ambiguity

KW - default effect

KW - functional fixedness

KW - loss aversion

KW - sunk cost

UR - http://www.scopus.com/inward/record.url?scp=85125636261&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85125636261&partnerID=8YFLogxK

U2 - 10.1109/ASEW52652.2021.00038

DO - 10.1109/ASEW52652.2021.00038

M3 - Conference contribution

AN - SCOPUS:85125636261

T3 - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021

SP - 140

EP - 144

BT - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021

Y2 - 15 November 2021 through 19 November 2021

ER -

Decision-Making Biases and Cyber Attackers

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this