Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)
Understanding how psychological traits shape attack strategies of cyber attackers is critical for developing proactive defenses. This paper presents an early-stage study using a controlled, multi-stage Capture-the-Flag (CTF) environment designed to elicit behavioral expressions of persistence, resilience, risk-taking, and openness to experience. Participants complete validated personality inventories before engaging in a cyberattack task within a simulated but realistic environment that mimics a corporate network. That environment contains both real and deceptive vulnerabilities that attackers can exploit to escalate their privilege and access resources in the system. During that time, system logs, continuously taken screenshots, and think-aloud data will capture their actions and strategies. From that data, behavioral indicators, such as retries, strategic pivots, early high-risk actions, and exploration breadth, will be extracted and used to predict traits. The larger goal is to automatically guess attackers’ future actions, and proactively deploy defense mechanisms in run time. As a vision-track contribution, this work establishes a methodological foundation for profiling attackers through behavioral telemetry, supporting the future development of human-aware, proactive cyber defense strategies.