ReCAP (Repository for Cognitive Attack Patterns) is a comprehensive resource dedicated to cybersecurity in extended reality (XR) systems, including mixed reality (MR) and other immersive technologies. It catalogs known adversarial attack strategies—especially those exploiting cognitive vulnerabilities—to help developers and analysts identify and mitigate threats throughout the development and use of XR systems.
Cognitive attack categories
This view organises user issues based on common symptoms that emerge when a system feature is exploited in an XR environment. The categories in this view represent different user experience disruptions caused by specific attack techniques. Rather than focusing on the underlying goals or consequences of the attacks, these categories highlight observable symptoms that directly impact the user.
View more...Attacked entity Type
This view organises attacks based on the type of entity targeted within an XR system. Attacked entities refer to the specific components of the XR system that are directly involved in or exploited during the attack. Rather than focusing on the goals or outcomes of the attack, this view emphasises which system entities are used in the execution of the attack.
View more...Getting Started with ReCAP Terminology
The Repository for Cognitive Attack Patterns (ReCAP) includes a taxonomy designed to describe cognitive attacks. This page introduces the key terminology used within that taxonomy and offers helpful tips to get you started, so you can become familiar with ReCAP’s insights before exploring its more comprehensive knowledge base.
Cognitive Attack
An MR attack occurs when an attacker manipulates or disrupts an MR system and/or its human operators, resulting in damage or interference with the system, its users, or the tasks they are performing.
Environment
The environment refers to the context in which the attack takes place, describing the setting and conditions surrounding the incident. This may include details such as the physical location, the hardware and software involved.
Consequences
The consequences of an attack are the unexpected adverse outcomes, which may include a decline in system integrity, reduced operator performance, or a degradation of user experience.
Entity Attacked
A factor is a condition directly related to the hardware, software, or user interactions in the MR system, which can contribute to or induce such symptoms.
The attacked entities are the components of the MR system that are targeted during an attack, typically because they possess a factor that can be manipulated. The Entity Types categorizes these entities by type, such as hardware, software, human, and others.
Vulnerabilities
Vulnerabilities are weaknesses within the mixed reality (MR) system—whether in its components or in operator behaviors—that attackers can exploit to achieve their objectives. These may include user-related symptoms such as issues with physiology, perception, attention, confidence, status. A symptom becomes a vulnerability if there is a feasible way for it to be exploited by an attacker; otherwise, it remains a symptom without security implications.
Attack Sequence
An attack sequence involves the attacker executing a series of steps to exploit the vulnerabilities in the attacked entity.