The innovative program will be centered around the psychology of cyber attackers.
SRI announced today that it has been selected by Intelligence Advanced Research Projects Activity (IARPA) to deliver advanced technology for its recently announced Reimagining Security with Cyberpsychology-Informed Network Defenses (ReSCIND) program.
By putting psychology and human behavior at the center of cyber security systems, ReSCIND aims to design and build resilient systems that integrate human behavior with advanced computing added to already proven security systems to improve outcomes. The program focuses on the psychology of cyber attackers by understanding human limitations, such as innate decision-making biases and cognitive vulnerabilities as an innovative approach for enhancing cyber defenses.
“Aiming to use a cyber attacker’s cognitive vulnerabilities against them to reduce their efficiency and effectiveness is a novel concept,” said Rukman Senanayake, principal computer scientist for SRI and lead investigator on the project. “This approach for cyber security is revolutionary, especially since we are attempting to leverage known cognitive vulnerabilities and biases against attackers. Our approach involves identifying biases a cyber attacker may have, measuring them, techniques to induce these biases, and adapting in a near-real-time fashion to observed attacker behavior.”
SRI’s ASCEND (Adaptive Security through Cognitive Exploitation for Defense) program – the technology at the heart of this project – will revolutionize cyber defense by measuring, understanding, and exploiting cognitive vulnerabilities to prevent cyber attackers from achieving their goals effectively and efficiently.
“In the end, everything rises and falls with humans, and that applies to cyber security too,” said Grit Denker, SRI program director and co-principal investigator on ASCEND. “Until now, we have relied on advanced technologies and skilled cyber defenders. This approach adds a new dimension that allows us to stay ahead of the game – understanding the cyberpsychology of attackers and using it to defend ourselves.”
SRI is working with experts across fields of psychology, cognition, AI, and cyber-security including George Mason University, Florida Institute for Human & Machine Cognition, Margin Research, Research & Assessment Design (RAD): Science Solution, Two Six Technologies, University of Florida, and Virtual Reality Medical Center. The teams will work together to investigate the relevance of five chosen biases of cyber attackers, identify techniques to measure, predict, and influence attackers’ cognitive vulnerabilities and behavior, and develop bias sensors and triggers to establish their validity and reliability.
ASCEND team member Richard D. Roberts, co-founder of RAD, explains that “heuristics are shortcuts humans use when making decisions.” Quoting colleague and well-known cognitive psychologist scholar Larry L. Jacoby, who had a knack for aphorisms, Roberts says, “cognitive biases are heuristics in a bad neighborhood; we can use this notion to our advantage in this research.”