Integrating Cognitive Work Analysis into an ACT-R Model for Cybersecurity Applications

Abstract

Cybersecurity is a trending concern with the rapid development of many systems. While humans are often considered vulnerable targets, research on human factors remains limited compared to the extensive technical focus on defense and mitigation strategies. Human-focused cognitive research in this domain faces two primary challenges: the evolving and complex nature of the cybersecurity landscape, and the domain-specific characteristics of the systems under attack. These challenges point to the need for modeling human performance in identifying vulnerabilities, with both precise dynamic measurement and domain-specific fidelity. Accordingly, we proposed a solution by integrating CWA into ACT-R models. A detailed elaboration on the CWA and ACT-R's structural compatibility across dimensions, their fundamental strengths as complements, and the functional competencies with integration was presented. This conceptual exploration demonstrated the feasibility of integrating the CWA and ACT-R, leading to improvements in model construction efficiency and domain-specific validity. We explored CWA and ACT-R for modeling humans in vehicle cybersecurity. While we were able to demonstrate a model, a follow-up study with human participants showed that drivers may not actively identify vulnerabilities and mitigate cyber threats. We then practically implemented and applied the integrated model, from model construction preparation to detailed rule development, guided by CWA’s Work Domain Analysis, Control Task Analysis, and Strategies Analysis, to simulate the SOC analysts' cybersecurity alert triage performance. The model construction process demonstrated better efficiency with a systematic approach, and the resulting model showed improvement trend in quantitative accuracy, domain-specific validity, and the interpretability of human adaptability and flexibility. However, the model is limited in capturing human exploratory behavior, prompting a brief test of using Generative AI (GAI) models to address this gap. This thesis is the first exploration and implementation of integrating CWA-guided domain-specific analysis with ACT-R’s computational capabilities to develop an integrated cognitive model for humans in complex work domains. The effort advances the development of cognitive modeling by providing theoretical grounding and practical insights for applying and extending cognitive models. Finally, we discuss whether GAI models might enhance cognitive modeling, as GAI capabilities become more available.