Robust cyber data is commonly available during a cyber-attack; however, direct indices of CogVulns that underlie attacker behavior are not. ASCEND conducted hacker experiments in the form of capture-the-flag (CTF) competitions and used publicly available data—both structured, such as available in the MITRE ATT&CK framework, as well as unstructured reports about cyber incidents—to extract data that is relevant to hacker decision-making. The latter is done as part of the Cyber Behavioral Pattern Extractor (CBPE) task, which complements HSR results from CTF competitions. Using CTF-collected and publicly available data, we correlate patterns of cyber data to differentiate biases and the associated cognitive-emotional states that facilitate them. The resulting knowledge is used to identify CogVuln Sensors that only use cyber data as surrogates for attacker biases, emotional state, and psychological traits.  

Changes in attack behavior can be induced directly through feedback that amplifies the CogVuln or indirectly by amplifying the cognitive-emotional state that encourages CogVulns. ASCEND develops CogVuln triggers that induce observable and measurable changes in attacker CogVulns. CogVuln Triggers are tested in CTF competitions. 

Insights about CogVulns, Sensors and Triggers are stored in ASCEND’s CogVuln Playbook. The Playbook captures experimental insights and provides the basis to implement ASCEND’s rich bias sensors that dynamically correlate robust patterns of cyber data as surrogates for CogVulns. 

The ASCEND team conducted a variety of analyses. ASCEND’s analyses have two complementary aims. The first aim is to initiate construct validation of the CogVuln sensor package by testing for correlations between cyber behavioral measures logged during the CTFs – CogVuln Sensors – and other measures known to index CogVulns. The second aim is to validate CogVuln Trigger effectiveness using behavioral and physiological criteria.  

Specifically, analyses tested for: 

1. Validity of established trait vulnerability measures: to support using the established measures as criteria in further construct validation.  
2. Associations between CogVuln Sensors and established trait vulnerability measures: to support construct validity of the novel cyber behavioral measures. Two complementary methods were used for this purpose: LASSO and Clustering.   
3. Impact of cyber triggers on CogVuln Sensors: to validate Cyber Trigger Effectiveness. We also analyzed trigger impacts on cognitive-emotional states mapped to CogVulns within the rationale for ReSCIND.  

For more detail on the data collected during Human Subject Research (HSR) experiments and links to the data hosting server, please see the HSR & data sets below.

B. Hitaj, G. Denker, L. Tinnel, M. McAnally, B. DeBruhl, N. Bunting, A. Fafard, D. Aaron, R. D. Roberts, J. Lawson, G. McCain, D. Starink. A Case Study on the Use of Representativeness Bias as a Defense Against Adversarial Cyber Threats. To appear in the 4th Workshop on Active Defense and Deception (ADnD), co-located with the 10th IEEE European Symposium on Security and Privacy (EuroS&P 2025). View here. 

Hutcheson, T. L. & Raj, A. K. Autoencoding Coordinate Sequences from Psychophysiologic Signals. In Proceedings of 2025 IEEE Research and Applications of Photonics in Defense (RAPID) (pp. 1-2). View here.

S. Gilda, K. Martiny, J. Ho, L. Tinnel, G. Denker, B.J. Dorr. Navigating the Blue Nowhere: A Framework for Mapping Validated Adversarial Trajectories. Submitted to the 9^th Workshop on Graph Techniques for Adversarial Activity Analytics (GTA³ 2025) (at the IEEE International Conference on Data Mining, ICDM). View here.

For other technical reports, please fill out the form at the end of this page. 

Data is available here.

Data set cover sheets (incl. experiment description, research hypotheses, analysis results, and data descriptions) are available here.

ASCEND conducted Capture-the-Flag (CTF) experiments under the name SaikoCTF at international conferences, as online games, and in a lab setting. The project collected cyber data and survey measures of 327 participants from 59 countries across all SaikoCTF.

SaikoCTF: Online Games 

• 11-hour CTF event; ten challenges, each designed to elicit one CogVuln
• CogVulns: Loss Aversion Bias (Loss/Gain Framing); Representativeness Bias (Sample Size Insensitivity); Confirmation Bias; Anchoring Bias (Number Priming); Socio-Cultural (Hierarchicalism and Individualism/Collectivism)
• Surveys, cyber data (e.g., pcap, syslog, commands, keyboard), screen recordings
• CTF players recruited worldwide online
• Total of 187 participants from 32 countries in Online Games
• Participants can be pooled (exceptions are noted below)
• Link to data set cover sheet (same for all four online games)
• Link to data from all four online games
• “clubs” online games: 29 participants from 13 countries 
  • Socio-Cultural Bias CTF challenges are different from other OGames and cannot be pooled 
• “pwn” online games: 45 participants from 14 countries  
• “wicked6” online games: 20 participants from 9 countries  
• “mayday” online games: 93 participants from 13 countries  

SaikoCTF: In-Person EkoParty Conference 

• 2.5-hour CTF event; six challenges, each designed to elicit one CogVuln.
• CogVulns: Confirmation; Anchoring (Numeric Priming); Socio-Cultural (Gender Bias and Ageism)
• Surveys, cyber data, screen recordings
• 24 participants wore physiological sensors (EEG, ECG, GSR)
• Attendees of the EkoParty Security Conference in Argentina
• 53 participants from 13 countries
• Link to data set cover sheet
• Link to data set

SaikoCTF: In-Person ECSC Conference 

• 2.5-hour CTF event; six challenges, each designed to elicit one CogVuln.
• CogVulns: Loss Aversion (Loss/Gain Framing); Representativeness (Sample Size Insensitivity); Socio-Cultural (Gender Bias and Ageism)
• Surveys, cyber data, screen recordings
• 34 participants wore physiological sensors (EEG, ECG, GSR)
• Attendees of the European Cybersecurity Challenge (ECSC) Conference in Italy
• 60 participants from 23 countries
• Link to data set cover sheet
• Link to data set

SaikoCTF: In-Person HITBSec Conference 

• 2.5-hour CTF event; six challenges, each designed to elicit one CogVuln.
• CogVulns: Loss Aversion (Loss/Gain Framing); Representativeness (Sample Size Insensitivity); Socio-Cultural (Gender Bias & Ageism)
• Surveys, cyber data, physiological data, screen recordings
• Attendees of Hack in The Box Security (HITBSec) Conference in Thailand
• 16 participants from 5 countries
• Link to data set cover sheet
• Link to data set

SaikoCTF: In-Person Lab Cyber Exercise  

• 6-hour CTF event; ten challenges, each designed to elicit one CogVuln
• CogVulns: Loss Aversion Bias (Loss/Gain Framing); Representativeness Bias (Sample Size Insensitivity); Confirmation Bias; Anchoring Bias (Number Priming); Socio-Cultural (Hierarchicalism and Individualism/Collectivism)
• Surveys, cyber data, and screen recordings
• 2 cyber warfare technicians from the U.S. Navy Information Warfare Center, Corry Station (provided retrospective verbal protocols)
• 2 Cyber Club students from the University of West Florida (physiological data)
• Link to data set cover sheet
• Link to data set

Multi-Country Heuristics Online Study 

• Cognitive bias and individual difference questionnaires and surveys to measure the magnitude of cognitive effects and individual differences across geographically distributed populations.
• Over 2,100 crowdsourced participants from 78 countries worldwide
• Big Five, Portrait Values Questionnaire; C-Test (English language proficiency); CRT-3, GRiPS, ADMC, overclaiming, Assessment of Biases in Cognition (ABC) measures etc.
• Link to data set cover sheet
• Link to data set

ASCEND Cognitive Task Analysis 

• A systematic approach to understanding knowledge, decision-making, and planning processes.
• Relies on domain analysis, subject matter expert (SME) input, and semi-structured interviews to produce actionable insights
• 5 SMEs
• Task Diagrams, Goal-Directed Task Analysis, Fuzzy Cognitive Maps, Recent Case Walkthroughs, and CTF challenges
• Link to data set cover sheet
• Link to data set