In sequential decision making, the goal is often to maximize long-term rewards while making selections among explicitly provided options. Under this theme, we investigate uncertainty, risk, context, and constraints of decision making including: time limits, feedback delays, and cognitive workload.

Initial contributions to understanding the process by which people make Decisions from Experience (DfE) emerged from the use of complex, dynamic decision making tasks (i.e., Microworlds). Microworlds represent highly complex tasks in computer simulations, such as dynamic resource allocation in real time and under time constraints. Currently, we also use simplified decision tasks in our research. For example, repeated choice tasks such as binary choice or bandit tasks.

Cybersecurity is a critical problem in our society. The assessment of the threats, vulnerabilities and successful defense in cyber space is surrounded by many challenges. Some of those challenges are technology-driven but many other challenges are human-driven. For example, how does an analyst evaluate the traffic data observed? How does an analyst assess the risk to the organization? How do defenders design networks to deceive the attackers?

At the DDMLab we develop a theoretical understanding of the socio-cognitive factors that impact decisions of attackers, defenders and end-users. The key advancement we provide to cybersecurity is the integration of models of human behavior to help develop better cyberdefense.

Our work in the area of cybersecurity started with initial research on models that would capture classification decisions made by a security analyst in simplified cyber scenarios. Given the high limitations on running experiments with human cyber analysts, we have largely relied on testbeds and subjects that range in their level of experience on cybersecurity. We have focused on modeling the decisions made by attackers and defenders and compared the predictions from these models against human behavior in equivalent tasks.

More recently, we have been interested in developing adaptive and personalized cyber defense strategies based on principles of human deception. Game Theory and particularly Stackelberg Security Games (SSGs) optimizations led to the development of algorithms that have been tested in the context of physical security (e.g., combating illicit poaching in national parks). SSGs are attacker-defender games, that solve the problem of allocation of limited defense resources in order to minimize the losses of the defender. We have advanced this line of research in AI and Computer Science by proposing the use of signals to deter the attacker instead of the costlier strategy of reallocating defense resources.

Our approach is described in Gonzalez et al 2020 and illustrated in this figure:

The IARPA ReSCIND program aims to improve cybersecurity by understanding how human cognition impacts cyber behavior and could affect cyber actors’ success in network attack activities. Specifically, well-established cognitive patterns, such as loss aversion and the representativeness bias, will be investigated as potentially mitigating factors in the efficacy of cyber attack behavior. Coty Gonzalez is the Principal Investigator of this project.

Coty Gonzalez is the Co-Principal Investigator and Institute's Research Co-Director. This collaboration brings together AI researchers and social scientists to develop tools for societal challenges.

Multi-University Research Initiative (MURI): Cyber Autonomy through Robust Learning and Effective Human-Bot Teaming

Coty Gonzalez is a Co-Investigator working in collaboration with Somesh Jha, University of Wisconsin; Lujo Bauer, CMU, and other universities in the USA and Australia to investigate how humans and bots can collaborate to develop better cyberdefense strategies.

Coty Gonzalez is the Principal Investigator for this project that aims at developing and advancing theories, methods and technologies to study and address the capabilities that promote and maintain mutual understanding between humans and machines.