Turning hackers’ behavior against them
By identifying psychological biases of hackers, a new program aims to develop proactive network defenses that go beyond tech-based solutions and rely on analysis of attackers’ behavior to thwart them.
Hackers may meet their match thanks to a new program aimed at using cyberpsychology to thwart and dissuade cybercriminals.
Cyberpsychology is the scientific field that integrates human behavior and decision-making into the cyber domain, according to the Intelligence Advanced Research Projects Activity. It manipulates vulnerabilities in human psychology, much the same way online advertising or gaming does, but it has rarely been used in cyber defense to understand, anticipate and influence cyber operator behavior.
The Reimagining Security with Cyberpsychology-Informed Network Defenses (ReSCIND) program aims to leverage hackers’ psychological patterns to reduce cyberattack success and effectiveness, IARPA said in the new program’s announcement. The agency wants to research and model hackers’ cognitive vulnerabilities—such as their mental or emotional states or decision-making biases—to learn how defenders can manipulate them to prevent a successful cyberattack. Understanding the reasoning behind hackers tactics will allow network operators to construct defenses that make an attacker’s job harder.
“By imposing the cyber-penalties of wasted time and effort on attackers, ReSCIND will ultimately delay and potentially thwart attacks, and more rapidly expose attackers,” ReSCIND Program Manager Kimberly Ferguson-Walter said in a statement. “And while there will always be a need for layered cyber defense, we also require a new approach that enhances our defenses.”
The program is divided into three phases, the first of which will focus on the development of bias sensors that detect bad actors’ cognitive vulnerabilities.
Participants may conduct experiments to model a hacker’s cyberpsychology during common cyberattacks such as denials of service, data modifications, software supply chain attacks or data and intellectual property theft, IARPA stated. Bias sensors will be developed into software components on a network or host to provide data on the presence and extent of a particular cognitive vulnerability.
During the second phase, participants will create cyberpsychology-informed defenses (CyphiDs) to induce, exploit or intensify a hackers’ cognitive vulnerabilities by developing software that links bias sensors with bias triggers, which are network or host manipulations that prompt those vulnerabilities, according to the program description.
Successful CyphiDs include one or more bias sensors to measure the presence of a cognitive vulnerability, logic to determine which bias trigger to use based on sensor output and one or more triggers to create a cyber situation that targets the hacker, IARPA stated.
In the final phase, participants will create computational cognitive models that reflect and predict attacker behavior based on findings from the previous phases. They must also develop an adaptive psychology-informed defense that uses intelligent algorithms—including game theory, expert system or rule-based system—to select optimal CyphiDs during a cyberattack.
ReSCIND will operate for 45 months and is slated to launch by the end of 2023.
NEXT STORY: State mandates K-12 cyber education