Cyberspace is an ever-evolving battleground involving adversaries seeking to circumvent existing safeguards and defenders aiming to stay one step ahead by predicting and mitigating the next threat. Existing mitigation strategies have focused primarily on solutions that consider software or hardware aspects, often ignoring the human factor. This paper takes a first step towards psychology-informed, active defense strategies, where we target biases that human beings are susceptible to under conditions of uncertainty.Using capture-the-flag events, we create realistic challenges that tap into a particular cognitive bias: representativeness. This study finds that this bias can be triggered to thwart hacking attempts and divert hackers into non-vulnerable attack paths. Participants were exposed to two different challenges designed to exploit representativeness biases. One of the representativeness challenges significantly thwarted attackers away from vulnerable attack vectors and onto non-vulnerable paths, signifying an effective bias-based defense mechanism. This work paves the way towards cyber defense strategies that leverage additional human biases to thwart future, sophisticated adversarial attacks.
View on arXiv@article{hitaj2025_2504.20245,
title={ A Case Study on the Use of Representativeness Bias as a Defense Against Adversarial Cyber Threats },
author={ Briland Hitaj and Grit Denker and Laura Tinnel and Michael McAnally and Bruce DeBruhl and Nathan Bunting and Alex Fafard and Daniel Aaron and Richard D. Roberts and Joshua Lawson and Greg McCain and Dylan Starink },
journal={arXiv preprint arXiv:2504.20245},
year={ 2025 }
}