A team of 亚洲AV researchers is probing the psychology behind cyberattacks as part of a U.S. intelligence community program aimed at turning the tables on hackers.
As the prevalence and severity of cyberattacks continue to grow, the Intelligence Advanced Research Project Activity (IARPA) has turned its focus on how best to exploit the weakest link in cyberattacks: the human factor.
Under a new IARPA program, researchers hope to better understand cyber attackers鈥 cognitive vulnerabilities and decision-making biases and use those vulnerabilities to derail future attacks.
Researchers , , and were recently selected as part of a broader team of computer science, cybersecurity, and psychology experts to forge new research pathways and deliver cutting-edge 听technology as part of IARPA鈥檚 Reimagining Security with Cyberpsychology-Informed Network Defense, or ReSCIND, program.
The team of researchers will build defensive tools that first cue in on hackers鈥 human limitations and use those weaknesses to delay or derail the attack while it is underway.听
鈥淵ou want to make them waste their time,鈥 said Barbar谩, a computer science professor at George Mason鈥檚 . 鈥淭he more they waste their time, the least damage they鈥檙e going to do.鈥
This can be accomplished by luring hackers with decoys such as false networks or documents to distract them.
But the trick is two-fold. The decoys must first and foremost appear to be real. They also need to entice the hackers away from their original aim. The latter is where understanding the psychological factors that influence hackers is essential.
As part of the first phase of the ReSCIND program, researchers will aim to fill gaps that exist in the current understanding of human cognition and decision making that influence cyber attackers鈥 behavior.
鈥淚t鈥檚 a challenging topic to address because hackers, of course, tend to be somewhat secretive,鈥 Matthews, a professor of psychology at George Mason, said. 鈥淭here aren鈥檛 many opportunities to study hacker psychology.鈥
Matthews said the current understanding of hackers鈥 behavior that provides the baseline for their research comes from several areas of study in psychology. Key among those areas is human performance and in particular how emotional states might influence performance.
鈥淗ackers themselves are under pressure and potentially anxious about getting caught,鈥 Matthews said. 鈥淭hey鈥檙e anxious about looking foolish to the people that they are working with.鈥
Cultural factors that motivate hackers are also important to consider and may vary greatly among hackers. Thrill-seeking college-age hackers, for example, would have different cultural norms and motives than highly trained professionals acting on behalf of a nation-state adversary, Matthews said.
Researchers hope to further understand the full scope of psychological factors that influence hackers, including how to measure, predict, and induce their cognitive vulnerabilities.
鈥淭here鈥檚 a certain amount of psychology that allows you to link the emotional reactions that hackers might have to cognitive biases and other vulnerabilities in performance,鈥 Matthews said. 鈥淪o, in this first part of the research, we鈥檙e trying to sketch out what some of those vulnerabilities might be.鈥
As part of the second phase, researchers will further define when cyberpsychology-informed defenses can best be used and how to determine the success of those defenses. The final phase will focus on modeling, adapting, and automating those defenses.
Ateniese, a computer science professor and eminent scholar in cybersecurity, said the ReSCIND program reflects the growing importance of cyberpsychology research in shaping emerging technology.
鈥淚 see a myriad of excellent applications, not just this project,鈥 Ateniese said. 鈥淎s you can imagine, people today are building AI systems that either mimic or seek to improve upon human behavior. So, the psychology perspective is very intriguing.鈥
The ReSCIND program will run for nearly four years and is being carried out through research contracts awarded across five teams.
Barbar谩, Ateniese, and Matthews鈥 research will contribute to a ReSCIND contract awarded to SRI International, an independent nonprofit research institute headquartered in California.
The George Mason team will work alongside experts from the Florida Institute for Human and Machine Cognition, Margin Research, Research and Assessment Design: Science Solution, Two Six Technologies, University of Florida, and Virtual Reality Medical Center.
In many ways, the project is a natural progression for the three professors who have worked together on several previous projects requiring a multidisciplinary approach.
They were first introduced in 2021 by Amarda Shehu, a computer science professor and co-director at the time of the George Mason鈥檚 transdisciplinary (CAHMP).
A call for proposals from Virginia鈥檚 Commonwealth Cyber Initiative for a project that sought to bridge cybersecurity and human factors research to help users build secure passwords immediately brought to mind Barbar谩, Ateniese, and Matthews鈥 expertise.
鈥淚 always had the agenda of putting teams together and finding some funding opportunities so that then they could obtain preliminary results through which to demonstrate credibility for larger projects,鈥 Shehu said.
The match has led to a series of successful projects by the team, including the Commonwealth Cyber Initiative password project and a project focused on distinguishing authentic videos from deepfakes.
鈥淭he IARPA project is, in some sense, an example of the culmination of an activity, how you put a team together,鈥 Shehu said. 鈥淭hey find some funding so that they can start that relationship and then that kind of blossoms into a larger project. It's really a perfect example of what we want to see in [鈥 in general at Mason in terms of transdisciplinary research and the fruit of that research.鈥
Shehu, now associate vice president for research for Mason鈥檚 , said bringing teams together with broad collective expertise is critical to solving the most complex impediments to technological progress.
鈥淭he most challenging problems nowadays don't reside specifically within one discipline,鈥 she said. 鈥淭hey bridge disciplines.鈥
In This Story
Related Stories
- December 3, 2024
- October 11, 2024
- August 28, 2024
- August 12, 2024
- May 10, 2024
听
This content appears in the Fall 2024 print edition of the Mason Spirit Magazine with the title "Using Psychology to Defend Against Cyberattacks."