Detecting Ambiguity Aversion in Cyberattack Behavior to Inform Cognitive Defense Strategies

Adversaries (hackers) attempting to infiltrate networks frequently face uncertainty in their operational environments. This research explores the ability to model and detect when they exhibit ambiguity aversion, a cognitive bias reflecting a preference for known (versus unknown) probabilities. We introduce a novel methodological framework that (1) leverages rich, multi-modal data from human-subjects red-team experiments, (2) employs a large language model (LLM) pipeline to parse unstructured logs into MITRE ATT&CK-mapped action sequences, and (3) applies a new computational model to infer an attacker’s ambiguity aversion level in near-real time. By operationalizing this cognitive trait, our work provides a foundational component for developing adaptive cognitive defense strategies.

💡 Research Summary

The paper presents a comprehensive framework for detecting and quantifying ambiguity aversion—a cognitive bias where decision‑makers prefer known probabilities over unknown ones—in cyber‑attack behavior. The authors argue that traditional security models treat attackers as perfectly rational agents operating under risk, but real‑world adversaries often face Knightian uncertainty, making ambiguity aversion a more ecologically valid construct.

The methodology consists of three tightly coupled stages. First, the authors leverage the GAMBiT dataset, a high‑fidelity human‑red‑team experiment conducted on a realistic enterprise cyber range. Over two 8‑hour sessions, roughly 30 participants each controlled a network of about 40 virtual hosts, pursuing objectives such as infiltration, privilege escalation, and data exfiltration. Crucially, participants recorded free‑form operation notes (OpNotes) describing their thought processes, tool selections, and justifications, providing a rich, multimodal view of decision making.

Second, the raw, unstructured OpNotes and Suricata NetFlow logs are passed through a large language model (LLM) pipeline that translates natural‑language descriptions into structured MITRE ATT&CK‑mapped action sequences. This LLM‑based annotation overcomes the brittleness of rule‑based parsers, captures nuanced contextual cues (e.g., “deceptive artifact” or “risky shortcut”), and tags actions that occur under experimentally induced “cognitive triggers.”

Third, the structured sequences feed into a PsychSim‑based computational model. PsychSim implements a partially observable Markov decision process (POMDP) with Theory‑of‑Mind (ToM) recursion, allowing a defender agent to maintain and update an internal model of the attacker. Ambiguity aversion is operationalized via the comparative ignorance hypothesis: when an attacker must choose between a well‑understood (low‑ambiguity) option and a vague (high‑ambiguity) alternative, a deviation from Subjective Expected Utility (SEU) toward the known option signals ambiguity aversion. The model quantifies ambiguity using heuristics such as action novelty, technique complexity, and historical variance in success rates; higher scores indicate Knightian uncertainty.

When applied to the GAMBiT data (1,583 observations from 29 participants), the ambiguity aversion model produced markedly different probability distributions compared to the existing loss‑aversion model. The loss‑aversion model yielded higher mean probabilities (0.44 vs. 0.21) but generated no high‑confidence (p > 0.5) estimates. In contrast, the ambiguity model generated 237 high‑confidence estimates (≈15 % of observations), demonstrating that while it is more selective, it provides stronger signals when the bias is present.

A tactic‑level analysis revealed divergent patterns: loss aversion probabilities peaked for Lateral Movement techniques, whereas ambiguity aversion probabilities were highest for Discovery techniques. This suggests that loss aversion drives behavior during later stages when preserving footholds is paramount, while ambiguity aversion influences early reconnaissance when information about the target is scarce.

The authors acknowledge key limitations. The experimental environment did not impose substantial penalties for ambiguous choices (e.g., being detected or losing persistence), likely attenuating observable ambiguity aversion. Model parameters were set heuristically on a modest dataset, requiring larger‑scale calibration. Moreover, true validation demands an interactive “in‑the‑loop” setting where a defensive agent manipulates perceived ambiguity and observes attacker responses.

In sum, the paper delivers the first end‑to‑end pipeline that integrates multimodal human‑generated cyber‑attack data, LLM‑based semantic parsing, and a theory‑driven POMDP model to infer a latent cognitive trait. By quantifying ambiguity aversion, it opens a pathway toward cognitive‑adaptive defenses that anticipate and exploit attackers’ preferences for known risks, complementing existing loss‑aversion‑based approaches and enriching the toolbox for next‑generation cyber‑security.