Designing cyber defense systems to account for cognitive biases in human decision making has demonstrated significant success in improving performance against human attackers. However, much of the attention in this area has focused on relatively simple accounts of biases in human attackers, and little is known about adversarial behavior or how defenses could be improved by disrupting attacker's behavior. In this work, we present a novel model of human decision-making inspired by the cognitive faculties of Instance-Based Learning Theory, Theory of Mind, and Transfer of Learning. This model functions by learning from both roles in a security scenario: defender and attacker, and by making predictions of the opponent's beliefs, intentions, and actions. The proposed model can better defend against attacks from a wide range of opponents compared to alternatives that attempt to perform optimally without accounting for human biases. Additionally, the proposed model performs better against a range of human-like behavior by explicitly modeling human transfer of learning, which has not yet been applied to cyber defense scenarios. Results from simulation experiments demonstrate the potential usefulness of cognitively inspired models of agents trained in attack and defense roles and how these insights could potentially be used in real-world cybersecurity.

翻译：设计考虑人类决策认知偏见的网络防御系统，已在提升对抗人类攻击者的防御效能方面展现出显著成果。然而，该领域多数研究聚焦于人类攻击者偏见的简化模型，对对抗行为本身及如何通过干扰攻击者行为改进防御策略的认知仍存在显著空白。本研究提出一种受实例学习理论、心智理论与学习迁移认知机制启发的全新人类决策模型。该模型通过同时学习安全场景中防御者与攻击者两种角色，并预测对手的信念、意图与行动来实现功能。相比未考虑人类偏见的传统最优策略模型，本模型能更有效抵御来自各类对手的攻击。此外，通过显式建模尚未应用于网络防御场景的人类学习迁移机制，该模型在对抗多种类人行为时表现更优。仿真实验结果表明，基于认知启发的攻防角色训练智能体模型具有潜在应用价值，相关见解可服务于现实网络安全场景。