Full metadata
Title
Decision-Making Biases in Cybersecurity: Measuring the Impact of the Sunk Cost Fallacy to Delay Attacker Behavior
Description
Cyber operations are a complex sociotechnical system where humans and computers are operating in an environments in constant flux, as new technology and procedures are applied. Once inside the network, establishing a foothold, or beachhead, malicious actors can collect sensitive information, scan targets, and execute an attack.Increasing defensive capabilities through cyber deception shows great promise by providing an opportunity to delay and disrupt an attacker once network perimeter security has already been breached. Traditional Human Factors research and methods are designed to mitigate human limitations (e.g., mental, physical) to improve performance. These methods can also be used combatively to upend performance. Oppositional Human Factors (OHF), seek to strategically capitalize on cognitive limitations by eliciting decision-making errors and poor usability. Deceptive tactics to elicit decision-making biases might infiltrate attacker processes with uncertainty and make the overall attack economics unfavorable and cause an adversary to make mistakes and waste resources.
Two online experimental platforms were developed to test the Sunk Cost Fallacy in an interactive, gamified, and abstracted version of cyber attacker activities. This work presents the results of the Cypher platform. Offering a novel approach to understand decision-making and the Sunk Cost Fallacy influenced by factors of uncertainty, project completion and difficulty on progress decisions. Results demonstrate these methods are effective in delaying attacker forward progress, while further research is needed to fully understand the context in which decision-making limitations do and do not occur. The second platform, Attack Surface, is described. Limitations and lessons learned are presented for future work.
Date Created
2022
Contributors
- Johnson, Chelsea Kae (Author)
- Gutzwiller, Robert S (Thesis advisor)
- Cooke, Nancy (Committee member)
- Shade, Temmie (Committee member)
- Ferguson-Walter, Kimberly (Committee member)
- Roscoe, Rod (Committee member)
- Gray, Rob (Committee member)
- Arizona State University (Publisher)
Topical Subject
Resource Type
Extent
213 pages
Language
eng
Copyright Statement
In Copyright
Primary Member of
Peer-reviewed
No
Open Access
No
Handle
https://hdl.handle.net/2286/R.2.N.172009
Level of coding
minimal
Cataloging Standards
Note
Partial requirement for: Ph.D., Arizona State University, 2022
Field of study: Engineering
System Created
- 2022-12-20 06:19:18
System Modified
- 2022-12-20 06:19:18
- 1 year 11 months ago
Additional Formats