Decision-Making Biases and Cyber Attackers

Chelsea K. Johnson, Robert S. Gutzwiller, Joseph Gervais, Kimberly J. Ferguson-Walter

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cyber security is reliant on the actions of both machine and human and remains a domain of importance and continual evolution. While the study of human behavior has grown, less attention has been paid to the adversarial operator. Cyber environments consist of complex and dynamic situations where decisions are made with incomplete information. In such scenarios people form strategies based on simplified models of the world and are often efficient and effective, yet may result in judgement or decision-making bias. In this paper, we examine an initial list of biases affecting adversarial cyber actors. We use subject matter experts to derive examples and demonstrate these biases likely exist, and play a role in how attackers operate.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages140-144
Number of pages5
ISBN (Electronic)9781665435833
DOIs
StatePublished - 2021
Externally publishedYes
Event36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021 - Virtual, Online, Australia
Duration: Nov 15 2021Nov 19 2021

Publication series

NameProceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021

Conference

Conference36th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2021
Country/TerritoryAustralia
CityVirtual, Online
Period11/15/2111/19/21

Keywords

  • Peltzman effect
  • aversion to ambiguity
  • default effect
  • functional fixedness
  • loss aversion
  • sunk cost

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality
  • Control and Optimization

Fingerprint

Dive into the research topics of 'Decision-Making Biases and Cyber Attackers'. Together they form a unique fingerprint.

Cite this