PsybORG+: Cognitive Modeling for Triggering and Detection of Cognitive Biases of Advanced Persistent Threats

Advanced Persistent Threats (APTs) bring significant challenge to cybersecurity due to their sophisticated and stealthy nature. Traditional cybersecurity measures fail to defend against APTs. Cognitive vulnerabilities can significantly influence attackers' decision-making processes, which presents an opportunity for defenders to exploit these weaknesses. This paper introduces PsybORG, a multi-agent cybersecurity simulation environment designed to model APT behaviors influenced by cognitive vulnerabilities. PsybORG uses a Hidden Markov Model (HMM) to simulate attacker behaviors. We use Bayesian inference and decision tree analysis of action sequences to do cognitive vulnerabilities inference. In addition, a system called PsybORG+ is built for generating synthetic data. We also design a trigger to stimulate the sunk cost fallacy in attackers. Our contributions include the mathematical modeling of APTs, the development of PsybORG, and the implementation of techniques to infer attackers' cognitive vulnerabilities.