# Guarding Against Malicious Biased Threats (GAMBiT) Experiments: Revealing Cognitive Bias in Human-Subjects Red-Team Cyber Range Operations

**Authors:** Brandon Beltz, Jim Doty, Yvonne Fonken, Nikolos Gurney, Brett Israelsen, Nathan Lau, Stacy Marsella, Rachelle Thomas, Stoney Trent, Peggy Wu, Ya-Ting Yang, Quanyan Zhu

arXiv: 2508.20963 · 2025-08-29

## TL;DR

This paper introduces large-scale datasets from human red-team cyber operations, capturing multi-modal data to study attacker behavior, cognitive biases, and support bias-aware analytics and benchmarking in cybersecurity research.

## Contribution

It provides the first comprehensive multi-modal datasets from human red-team cyber range experiments, enabling research on attacker cognition and bias detection.

## Key findings

- Collected multi-modal data from 19-20 skilled attackers per experiment
- Captured diverse data types including self-reports, logs, and network captures
- Released curated datasets for research and benchmarking

## Abstract

We present three large-scale human-subjects red-team cyber range datasets from the Guarding Against Malicious Biased Threats (GAMBiT) project. Across Experiments 1-3 (July 2024-March 2025), 19-20 skilled attackers per experiment conducted two 8-hour days of self-paced operations in a simulated enterprise network (SimSpace Cyber Force Platform) while we captured multi-modal data: self-reports (background, demographics, psychometrics), operational notes, terminal histories, keylogs, network packet captures (PCAP), and NIDS alerts (Suricata). Each participant began from a standardized Kali Linux VM and pursued realistic objectives (e.g., target discovery and data exfiltration) under controlled constraints. Derivative curated logs and labels are included. The combined release supports research on attacker behavior modeling, bias-aware analytics, and method benchmarking. Data are available via IEEE Dataport entries for Experiments 1-3.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/2508.20963/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/2508.20963/full.md

## References

22 references — full list in the complete paper: https://tomesphere.com/paper/2508.20963/full.md

---
Source: https://tomesphere.com/paper/2508.20963