Toward Personalized Deceptive Signaling for Cyber Defense Using Cognitive Models

Recent research in cybersecurity has begun to develop active defense strategies using game-theoretic optimization of the allocation of limited defenses combined with deceptive signaling. These algorithms assume rational human behavior. However, human behavior in an online game designed to simulate an insider attack scenario shows that humans, playing the role of attackers, attack far more often than predicted under perfect rationality. We describe an instance-based learning cognitive model, built in ACT-R, that accurately predicts human performance and biases in the game. To improve defenses, we propose an adaptive method of signaling that uses the cognitive model to trace an individual's experience in real time. We discuss the results and implications of this adaptive signaling method for personalized defense.

[1]  Juliane Hahn,et al.  Security And Game Theory Algorithms Deployed Systems Lessons Learned , 2016 .

[2]  Quanyan Zhu,et al.  Dynamic Bayesian Games for Adversarial and Defensive Cyber Deception , 2018, Autonomous Cyber Deception.

[3]  Milind Tambe,et al.  Learning about Cyber Deception through Simulations: Predictions of Human Decision Making with Deceptive Signals in Stackelberg Security Games , 2018, CogSci.

[4]  John R Anderson,et al.  An integrated theory of the mind. , 2004, Psychological review.

[5]  Ion Juvina,et al.  Reciprocal Trust Mediates Deep Transfer of Learning Between Games of Strategic Interaction , 2013 .

[6]  Christian Lebiere,et al.  The dynamics of cognition: An ACT-R model of cognitive arithmetic , 1999, Kognitionswissenschaft.

[7]  Cleotilde Gonzalez,et al.  Instance-based learning in dynamic decision making , 2003, Cogn. Sci..

[8]  John R. Anderson,et al.  Cognitive Tutors: Lessons Learned , 1995 .

[9]  John R. Anderson,et al.  A Functional Model of Sensemaking in a Neurocognitive Architecture , 2013, Comput. Intell. Neurosci..

[10]  H. Simon,et al.  Rational choice and the structure of the environment. , 1956, Psychological review.

[11]  Sarit Kraus,et al.  ARMOR Security for Los Angeles International Airport , 2008, AAAI.

[12]  Cleotilde Gonzalez,et al.  Instance‐based Learning: A General Model of Repeated Binary Choice , 2012 .

[13]  Haifeng Xu,et al.  Exploring Information Asymmetry in Two-Stage Security Games , 2015, AAAI.

[14]  Milind Tambe,et al.  Adaptive Cyber Deception: Cognitively Informed Signaling for Cyber Defense , 2020, HICSS.

[15]  A. Miyake,et al.  Models of Working Memory: Mechanisms of Active Maintenance and Executive Control , 1999 .

[16]  Pierpaolo Battigalli Rationalization in Signaling Games: Theory and Applications , 2004 .

[17]  Milind Tambe,et al.  Warning Time: Optimizing Strategic Signaling for Security Against Boundedly Rational Adversaries , 2019, AAMAS.

[18]  John R. Anderson,et al.  The Geometry Tutor , 1985, IJCAI.

[19]  Alvin E. Roth,et al.  A choice prediction competition: Choices from experience and from description , 2010 .

[20]  Cleotilde Gonzalez,et al.  Design of Dynamic and Personalized Deception: A Research Framework and New Insights , 2020, HICSS.

[21]  Neil C. Rowe,et al.  Introduction to Cyberdeception , 2016, Springer International Publishing.

[22]  C. Lebiere,et al.  The Atomic Components of Thought , 1998 .

[23]  Bo An,et al.  PROTECT: a deployed game theoretic system to protect the ports of the United States , 2012, AAMAS.

[24]  David M. Kreps,et al.  Signaling Games and Stable Equilibria , 1987 .

[25]  C. Lebiere,et al.  Models of Working Memory: Modeling Working Memory in a Unified Architecture: An ACT-R Perspective , 1999 .

[26]  Cleotilde Gonzalez,et al.  Cognition and Technology , 2014, Cyber Defense and Situational Awareness.

[27]  Varun Dutt,et al.  Instance-based learning: integrating sampling and repeated decisions from experience. , 2011, Psychological review.

[28]  Bo An,et al.  Stackelberg Security Games: Looking Beyond a Decade of Success , 2018, IJCAI.