Cognitive Hacking

In this chapter, we define and propose countermeasures for a category of computer security exploits which we call "cognitive hacking." Cognitive hacking refers to a computer or information system attack that relies on changing human users' perceptions and corresponding behaviors in order to be successful. This is in contrast to denial of service (DOS) and other kinds of well-known attacks that operate solely within the computer and network infrastructure. Examples are given of several cognitive hacking techniques, and a taxonomy for these types of attacks is developed. Legal, economic, and digital government implications are discussed.

[1]  Ross Anderson,et al.  The Use of Information Retrieval Techniques for Intrusion Detection , 1997 .

[2]  Judee K. Burgoon,et al.  A Longitudinal Analysis of Language Behavior of Deception in E-mail , 2003, ISI.

[3]  D. Biber Spoken and Written Textual Dimensions in English: Resolving the Contradictory Findings , 1986 .

[4]  Alberto Trombetta,et al.  Optimal Comparison Strategies in Ulam's Searching Game with Two Errors , 1997, Theor. Comput. Sci..

[5]  Ayman Farahat,et al.  AuGEAS: authoritativeness grading, estimation, and sorting , 2002, CIKM '02.

[6]  Chrysanthos Dellarocas,et al.  Building Trust On-Line: The Design of Reliable Reputation Reporting : Mechanisms for Online Trading Communities , 2001 .

[7]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[8]  Jeannette M. Wing A symbiotic relationship between formal methods and security , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[9]  Clifford A. Lynch,et al.  When documents deceive: Trust and provenance as new factors for information retrieval in a tangled web , 2001, J. Assoc. Inf. Sci. Technol..

[10]  J. Burgoon,et al.  Interpersonal Deception Theory , 1996 .

[11]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[12]  John C. Munson,et al.  Watcher: the missing piece of the security puzzle , 2001, Seventeenth Annual Computer Security Applications Conference.

[13]  Jay F. Nunamaker,et al.  Designing Agent99 Trainer: A Learner-Centered, Web-Based Training System for Deception Detection , 2003, ISI.

[14]  George Cybenko,et al.  Cognitive Hacking: A Battle for the Mind , 2002, Computer.

[15]  Hsinchun Chen,et al.  Intelligence and security informatics : first NSF/NIJ symposium, ISI 2003, Tucson, AZ, USA, June 2-3, 2003 : proceedings , 2003 .

[16]  John Riedl,et al.  Item-based collaborative filtering recommendation algorithms , 2001, WWW '01.

[17]  Pankaj Rohatgi,et al.  Can Pseudonymity Really Guarantee Privacy? , 2000, USENIX Security Symposium.

[18]  Alexander Dekhtyar,et al.  Information Retrieval , 2018, Lecture Notes in Computer Science.

[19]  Jacob O. Wobbrock,et al.  Put your best face forward: anthropomorphic agents, e-commerce consumers, and the law , 2000, AGENTS '00.

[20]  Yougu Yuan,et al.  Web Spoofing 2001 , 2001 .

[21]  William S. Cooper,et al.  Foundations of Probabilistic and Utility-Theoretic Indexing , 1978, JACM.

[22]  Karen M. Cornetto,et al.  Identity and illusion on the Internet : interpersonal deception and detection in interactive Internet environments , 2001 .

[23]  Nicholas J. Belkin,et al.  Using problem structures for driving human-computer dialogues , 1997, RIAO.

[24]  Paul Thompson Semantic Hacking and Intelligence and Security Informatics (Extended Abstract) , 2003, ISI.

[25]  ChengXiang Zhai,et al.  Probabilistic Relevance Models Based on Document and Query Generation , 2003 .

[26]  Jay F. Nunamaker,et al.  Training Professionals to Detect Deception , 2003, ISI.

[27]  Philip E. Agre,et al.  The market logic of information , 2000 .

[28]  Sally M. Abel Trademark Issues in Cyberspace: The Brave New Frontier , 1999 .

[29]  M. E. Maron,et al.  On Relevance, Probabilistic Indexing and Information Retrieval , 1960, JACM.

[30]  George Cybenko,et al.  COGNITIVE HACKING : TECHNOLOGICAL AND LEGAL ISSUES , 2004 .

[31]  Dan S. Wallach,et al.  Web Spoofing: An Internet Con Game , 1997 .

[32]  H. V. Jagadish,et al.  Information warfare and security , 1998, SGMD.

[33]  Pontus Johansson,et al.  User Modeling in Dialog Systems , 2002 .

[34]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[35]  V. Rich Personal communication , 1989, Nature.

[36]  Martin C. Libicki The Mesh and The Net: Speculations on Armed Conflict in a Time of Free Silicon , 2004 .

[37]  Douglas Biber,et al.  Dimensions of Register Variation: A Cross-Linguistic Comparison , 1995 .

[38]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[39]  Elaine Rich,et al.  Users are Individuals: Individualizing User Models , 1999, Int. J. Man Mach. Stud..

[40]  Carl E. Landwehr,et al.  A security model for military message systems , 1984, TOCS.

[41]  Jay F. Nunamaker,et al.  Detecting Deception through Linguistic Analysis , 2003, ISI.

[42]  G. C. Tiao,et al.  Inference and Disputed Authorship: The Federalist , 1966 .

[43]  George Cybenko,et al.  Cognitive Hacking and the Value of Information , 2004 .

[44]  Masha Sosonkina,et al.  A New Model for Probabilistic Information Retrieval on the Web , 2002 .

[45]  Sergei Nirenburg,et al.  Natural language processing for information assurance and security: an overview and implementations , 2001, NSPW '00.

[46]  David R. Karger,et al.  Haystack: A Platform for Creating, Organizing and Visualizing Information Using RDF , 2002, Semantic Web Workshop.

[47]  Thomas Bozek,et al.  Research on Mitigating the Insider Threat to Information Systems - #2 , 2000 .

[48]  Jussi Karlgren,et al.  Recognizing Text Genres With Simple Metrics Using Discriminant Analysis , 1994, COLING.

[49]  Adam Kilgarriff,et al.  of the European Chapter of the Association for Computational Linguistics , 2006 .

[50]  Michael Lewis Next: The Future Just Happened , 2001 .