{"ID":2831891,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2512.08107","arxiv_id":"2512.08107","title":"Detecting Ambiguity Aversion in Cyberattack Behavior to Inform Cognitive Defense Strategies","abstract":"Adversaries (hackers) attempting to infiltrate networks frequently face uncertainty in their operational environments. This research explores the ability to model and detect when they exhibit ambiguity aversion, a cognitive bias reflecting a preference for known (versus unknown) probabilities. We introduce a novel methodological framework that (1) leverages rich, multi-modal data from human-subjects red-team experiments, (2) employs a large language model (LLM) pipeline to parse unstructured logs into MITRE ATT\u0026CK-mapped action sequences, and (3) applies a new computational model to infer an attacker's ambiguity aversion level in near-real time. By operationalizing this cognitive trait, our work provides a foundational component for developing adaptive cognitive defense strategies.","short_abstract":"Adversaries (hackers) attempting to infiltrate networks frequently face uncertainty in their operational environments. This research explores the ability to model and detect when they exhibit ambiguity aversion, a cognitive bias reflecting a preference for known (versus unknown) probabilities. We introduce a novel meth...","url_abs":"https://arxiv.org/abs/2512.08107","url_pdf":"https://arxiv.org/pdf/2512.08107v1","authors":"[\"Stephan Carney\",\"Soham Hans\",\"Sofia Hirschmann\",\"Stacey Marsella\",\"Yvonne Fonken\",\"Peggy Wu\",\"Nikolos Gurney\"]","published":"2025-12-08T23:26:08Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.HC\"]","methods":"[\"Large Language Model\",\"Language Model\"]","has_code":false}