PsybORG+: Modeling and Simulation for Detecting Cognitive Biases in Advanced Persistent Threats

TL;DR

PsybORG+ is a simulation environment that models APT attackers influenced by cognitive biases, enabling better detection and understanding of sophisticated cyber threats through synthetic data and classification models.

Contribution

Introduces PsybORG+ for modeling APTs with cognitive biases, including a classification model for cognitive vulnerability inference and a synthetic data generator.

Findings

PsybORG+ effectively models APT behaviors with various cognitive biases.

The classification model achieves at least 83% accuracy in predicting vulnerabilities.

Synthetic data generated by PsybORG+ supports cybersecurity research.

Abstract

Advanced Persistent Threats (APTs) bring significant challenges to cybersecurity due to their sophisticated and stealthy nature. Traditional cybersecurity measures fail to defend against APTs. Cognitive vulnerabilities can significantly influence attackers' decision-making processes, which presents an opportunity for defenders to exploit. This work introduces PsybORG$^+$, a multi-agent cybersecurity simulation environment designed to model APT behaviors influenced by cognitive vulnerabilities. A classification model is built for cognitive vulnerability inference and a simulator is designed for synthetic data generation. Results show that PsybORG$^+$ can effectively model APT attackers with different loss aversion and confirmation bias levels. The classification model has at least a 0.83 accuracy rate in predicting cognitive vulnerabilities.