TY - GEN
T1 - Measuring expertise and bias in cyber security using cognitive and neuroscience approaches
AU - Krawczyk, Daniel
AU - Bartlett, James
AU - Kantarcioglu, Murat
AU - Hamlen, Kevin
AU - Thuraisingham, Bhavani
PY - 2013/9/9
Y1 - 2013/9/9
N2 - Toward the ultimate goal of enhancing human performance in cyber security, we attempt to understand the cognitive components of cyber security expertise. Our initial focus is on cyber security attackers - often called 'hackers'. Our first aim is to develop behavioral measures of accuracy and response time to examine the cognitive processes of pattern-recognition, reasoning and decision-making that underlie the detection and exploitation of security vulnerabilities. Understanding these processes at a cognitive level will lead to theory development addressing questions about how cyber security expertise can be identified, quantified, and trained. In addition to behavioral measures our plan is to conduct a functional magnetic resonance imaging (fMRI) study of neural processing patterns that can differentiate persons with different levels of cyber security expertise. Our second aim is to quantitatively assess the impact of attackers' thinking strategies - conceptualized by psychologists as heuristics and biases - on their susceptibility to defensive techniques (e.g., 'decoys,' 'honeypots'). Honeypots are an established method to lure attackers into exploiting a dummy system containing misleading or false content, distracting their attention from genuinely sensitive information, and consuming their limited time and resources. We use the extensive research and experimentation that we have carried out to study the minds of successful chess players in order to study the minds of hackers with the ultimate goal of enhancing the security of current systems. This paper outlines our approach.
AB - Toward the ultimate goal of enhancing human performance in cyber security, we attempt to understand the cognitive components of cyber security expertise. Our initial focus is on cyber security attackers - often called 'hackers'. Our first aim is to develop behavioral measures of accuracy and response time to examine the cognitive processes of pattern-recognition, reasoning and decision-making that underlie the detection and exploitation of security vulnerabilities. Understanding these processes at a cognitive level will lead to theory development addressing questions about how cyber security expertise can be identified, quantified, and trained. In addition to behavioral measures our plan is to conduct a functional magnetic resonance imaging (fMRI) study of neural processing patterns that can differentiate persons with different levels of cyber security expertise. Our second aim is to quantitatively assess the impact of attackers' thinking strategies - conceptualized by psychologists as heuristics and biases - on their susceptibility to defensive techniques (e.g., 'decoys,' 'honeypots'). Honeypots are an established method to lure attackers into exploiting a dummy system containing misleading or false content, distracting their attention from genuinely sensitive information, and consuming their limited time and resources. We use the extensive research and experimentation that we have carried out to study the minds of successful chess players in order to study the minds of hackers with the ultimate goal of enhancing the security of current systems. This paper outlines our approach.
KW - Cognitive newro science
KW - chess expert
KW - cyber security
KW - decoys
KW - fMRI
KW - hackers
KW - honeypot
UR - http://www.scopus.com/inward/record.url?scp=84883357978&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883357978&partnerID=8YFLogxK
U2 - 10.1109/ISI.2013.6578859
DO - 10.1109/ISI.2013.6578859
M3 - Conference contribution
AN - SCOPUS:84883357978
SN - 9781467362115
T3 - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics
SP - 364
EP - 367
BT - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics
T2 - 11th IEEE International Conference on Intelligence and Security Informatics, IEEE ISI 2013
Y2 - 4 June 2013 through 7 June 2013
ER -