Learning to Defend by Attacking (and Vice-Versa): Transfer of Learning in Cybersecurity Games

TL;DR

This paper introduces a cognitively inspired model for cybersecurity that learns from both attack and defense roles, predicting opponent behavior and improving defense against human-like adversaries by incorporating transfer of learning.

Contribution

The work presents a novel human decision-making model based on cognitive theories, enhancing cyber defense by modeling transfer of learning and adversarial behavior.

Findings

Model outperforms traditional methods against human-like attackers

Explicit transfer of learning improves defense strategies

Simulation results show potential for real-world cybersecurity applications

Abstract

Designing cyber defense systems to account for cognitive biases in human decision making has demonstrated significant success in improving performance against human attackers. However, much of the attention in this area has focused on relatively simple accounts of biases in human attackers, and little is known about adversarial behavior or how defenses could be improved by disrupting attacker's behavior. In this work, we present a novel model of human decision-making inspired by the cognitive faculties of Instance-Based Learning Theory, Theory of Mind, and Transfer of Learning. This model functions by learning from both roles in a security scenario: defender and attacker, and by making predictions of the opponent's beliefs, intentions, and actions. The proposed model can better defend against attacks from a wide range of opponents compared to alternatives that attempt to perform optimally without accounting for human biases. Additionally, the proposed model performs better against a range of human-like behavior by explicitly modeling human transfer of learning, which has not yet been applied to cyber defense scenarios. Results from simulation experiments demonstrate the potential usefulness of cognitively inspired models of agents trained in attack and defense roles and how these insights could potentially be used in real-world cybersecurity.