Quantifying Loss Aversion in Cyber Adversaries via LLM Analysis

TL;DR

This paper introduces a novel approach using large language models to quantify loss aversion in cyber adversaries by analyzing hacker behavior, providing new insights into attacker decision-making for improved cybersecurity defenses.

Contribution

It presents a new methodology leveraging LLMs to extract and analyze cognitive biases from hacker actions, specifically focusing on loss aversion in cybersecurity contexts.

Findings

LLMs can effectively interpret hacker behavioral patterns.

Loss aversion manifests in specific hacker decision-making behaviors.

The approach enables real-time, behavior-based cyber defense insights.

Abstract

Understanding and quantifying human cognitive biases from empirical data has long posed a formidable challenge, particularly in cybersecurity, where defending against unknown adversaries is paramount. Traditional cyber defense strategies have largely focused on fortification, while some approaches attempt to anticipate attacker strategies by mapping them to cognitive vulnerabilities, yet they fall short in dynamically interpreting attacks in progress. In recognition of this gap, IARPA's ReSCIND program seeks to infer, defend against, and even exploit attacker cognitive traits. In this paper, we present a novel methodology that leverages large language models (LLMs) to extract quantifiable insights into the cognitive bias of loss aversion from hacker behavior. Our data are collected from an experiment in which hackers were recruited to attack a controlled demonstration network. We process the hacker generated notes using LLMs using it to segment the various actions and correlate the actions to predefined persistence mechanisms used by hackers. By correlating the implementation of these mechanisms with various operational triggers, our analysis provides new insights into how loss aversion manifests in hacker decision-making. The results demonstrate that LLMs can effectively dissect and interpret nuanced behavioral patterns, thereby offering a transformative approach to enhancing cyber defense strategies through real-time, behavior-based analysis.