DOCSLIB.ORG

Using Football Formations in a Honeypot Environment

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Int'l Conf. Security and Management | SAM'16 | 299 Using Football Formations in a Honeypot Environment Sebastian Kollmannsperger and Tyrone S. Toland Department of Informatics University of South Carolina Upstate 800 University Way, Spartanburg, SC 29303 [email protected], [email protected] Abstract — Unauthorized access to information continues to be a tools act rather passive. An intrusion detection system is an challenging problem, especially in a time where cyber attacks are example for a detection system. on the rise. Current security measures (e.g., access control systems, firewalls, intrusion detection systems) may not be sufficient to After an intruder has been detected, we have to react. Every protect the information technology (IT) infrastructure from a action in a system gets recorded and stored by one of the resourceful malicious attacker. This paper presents a novel approach to embed a football formation into a Honeypot detection tools. Therefore, also the intruder leaves behind environment. We show how executing football plays in a Honeypot evidences. By analyzing these evidences, we can find out environment can be used to gather information about a malicious how the attacker got in, what the attacker accessed and what attacker. This reconnaissance information can be used to prevent the intruder manipulated. With this information we can take future unauthorized access to sensitive information. We also steps to react adequately. Backup and recovery tools are an discuss of our implementation and provide some results from a example of response tools. proof of concept experiment. We now discuss a tool that can be used to assist in securing a Keywords — Honeypots, Intrusion Detection System, computer system. Information Security A. Honeypots I. INTRODUCTION Compared to other approaches to information security, Information security has been challenging since humans honeypots are a more aggressive and active form of defense began exchanging information. For example, cipher has against malicious attacks [2]. Honeypots are defined in always been discussed in information security. In fact, different ways. Schneier [3] defines a Honeypot as a security ciphers were used to encrypt important messages as far back resource whose value lies in being probed, attacked or as 50 BC [5]. The advent of the computer required stronger compromised. This paper defines a Honeypot as an IT measures to enforce security, which became an even bigger resource with the goal to attract potential malicious challenge with the rise of the Internet. As companies become attackers. That is, any access of the Honeypots is examined inter-connected more and more via the Internet, the and recorded to be used to deter similar attacks from challenge of protecting the infrastructure and information occurring in the future. Contrary to other components of an becomes an even bigger challenge. Nowadays many IT system, it is desired that the Honeypot gets attacked and different defense mechanisms work together to form a secure probed. Since Honeypots are masquerading as sensitive system. Firewalls, encryption tools, access control systems, resource, they do not provide any functionality for an intrusion detection systems as well as other security software organization. Therefore, if a malicious user accesses the contribute to information security in a slightly different way. Honeypot, then this access can be seen as unauthorized access and therefore as an intrusion [2]. Honeypots can be Schneier [3] identifies three tasks of information security categorized as either a production honeypot or a research which are prevention, detection and response. All security honeypot as follows [3][4]: tools can be assigned to either one of these tasks. • Production Honeypot: According to the name, Prevention is the attempt to protect resources from danger these kind of Honeypots are especially used in a and harm. Preparations have to be done, to set up production environment. Their main purpose is to mechanisms that protect the IT. The goal is to make it as gather information for a specific organization about hard as possible, for intruders and hackers to access intrusions. They add value to an organizations resources. Well known prevention tools are firewalls, information security. password protections, encryption tools and digital signatures. • Research Honeypot: These Honeypots are used When prevention is not effective, detection becomes an principally in a research environment to gather important process. With detection, we want to find out if our information about potential attackers. They do not system was compromised and from where. Detection is add value to a specific organization. Information therefore like a monitoring tool. However, it does not from Research Honeypots can be used to find out contribute to the protection of systems, because detection about techniques and resources from attackers ISBN: 1-60132-445-6, CSREA Press © 300 Int'l Conf. Security and Management | SAM'16 | which can help to prepare the production system information collected by a Honeypot, we can for attacks. construct countermeasures to prevent similar attacks from occurring in the future. B. Value of Honeypots It should be noted, that the goal of a Honeypot is not to Honeypots are flexible tools and contribute to each one of prevent attacks, but to detect them. Therefore, a Honeypot the three security aspect as follows [4][3]: should be combined with other security tools (e.g., firewalls, encryption, password protection). • Prevention: Contrary to the belief of the majority, Honeypots can help to prevent attacks because of In this paper we discuss how American football plays can be deception and deterrence. Deception means, that used to gather information about malicious attackers in a potential attackers may waste time and resources on honeypot research environment. In particular, we propose honeypots. Without knowing, attackers interact using various offensive plays to provide valuable with a honeypot that imitates a valuable resource. reconnaissance information to defend sensitive information During this interaction, organizations have the time in an infrastructure. This reconnaissance information can be to react. After all, attacks can be stopped before analyzed and used to defend sensitive information in an even leaking information. Deterrence on the other infrastructure. Our novel approach to mapping football hand is the effect of scaring off attackers because of formations into a honeypot research environment can be the warning effect of Honeypots. When attackers extended to a networked infrastructure. know that an organization uses Honeypots, they may not even try to attack. As we can see, This paper is organized as follows. In Section II, we discuss honeypots contribute to the prevention of attacks in a research Honeypot environment. In Section III, we briefly a certain degree. Nonetheless, traditional prevention describe a simplified football formation. In Section IV, we tools like firewalls are more efficient. show how to map a football formation into a research Honeypot environment. Section V discusses our • Detection: Honeypots have the biggest impact in implementation and results from proof concept experiment. detection. For many organizations, detection is a Section VI concludes the paper. difficult topic. Schneier [3] identifies three challenges when it comes to detection: false II. RESEARCH HONEYPOT ENVIRONMENT positives, false negatives and data aggregation. False positives are mistakenly reported alerts. This Honeypots allow a wide range of application areas. Because happens, when the system interprets normal of their goal to distract and attract attackers, the best way to network traffic as an attack. The opposite false use Honeypots is within an IT infrastructure. The probability negatives are attacks, that the system does not that an attacker interacts with Honeypots are increased by notice. Finally, data aggregation is the struggle to masquerading as sensitive data. collect the data and transform it into valuable information. Common intrusion detection systems In Fig. 1, we illustrate a Honeypot integrated with other struggle in these three aspects. Intrusion detection important and possible sensitive IT resources. Fig. 1 is a systems act like a watchdog over a company’s IT variation of a model in [4]. infrastructure. They monitor the traffic and identify whether an access is authorized or not. Therefore, intrusion detection systems generate a lot of data, resulting in an overload of information. Honeypots however, help us to eliminate these negative aspects. Because every interaction with a honeypot can be seen as unauthorized, honeypots only register these interactions. The problem with data aggregation and false positives can be eliminated. False negatives can still occur, for example if an intrusion does not affect the Honeypot, but this risk can be mitigated by placing the Honeypot in an attracting position. Consequently, Honeypots help us to detect intrusions more effectively. • Response: After an intrusion is detected, response is the next step to take. Honeypots help us to identify evidences via log files. That is, the user can analyze Fig. 1 Honeypot in IT Infrastructure log files that are generated by Honeypots to find out how the attacker gain access to the system. With the ISBN: 1-60132-445-6, CSREA Press © Int'l Conf. Security and Management | SAM'16 | 301 The Honeypot is part of the infrastructure similar to other one player of the
Recommended publications
  • Illinois ... Football Guide

    Illinois ... Football Guide

    University of Illinois at Urbana-Champaign !~he Quad s the :enter of :ampus ife 3 . H«H» H 1 i % UI 6 U= tiii L L,._ L-'IA-OHAMPAIGK The 1990 Illinois Football Media Guide • The University of Illinois . • A 100-year Tradition, continued ~> The University at a Glance 118 Chronology 4 President Stanley Ikenberrv • The Athletes . 4 Chancellor Morton Weir 122 Consensus All-American/ 5 UI Board of Trustees All-Big Ten 6 Academics 124 Football Captains/ " Life on Campus Most Valuable Players • The Division of 125 All-Stars Intercollegiate Athletics 127 Academic All-Americans/ 10 A Brief History Academic All-Big Ten 11 Football Facilities 128 Hall of Fame Winners 12 John Mackovic 129 Silver Football Award 10 Assistant Coaches 130 Fighting Illini in the 20 D.I.A. Staff Heisman Voting • 1990 Outlook... 131 Bruce Capel Award 28 Alpha/Numerical Outlook 132 Illini in the NFL 30 1990 Outlook • Statistical Highlights 34 1990 Fighting Illini 134 V early Statistical Leaders • 1990 Opponents at a Glance 136 Individual Records-Offense 64 Opponent Previews 143 Individual Records-Defense All-Time Record vs. Opponents 41 NCAA Records 75 UNIVERSITY LIBRARY 78 UI Travel Plans/ 145 Freshman /Single-Play/ ILLINOIS AT URBANA-CHAMPAIGN Opponent Directory Regular Season UNIVERSITY OF responsible for its charging this material is • A Look back at the 1989 Season Team Records The person on or before theidue date. 146 Ail-Time Marks renewal or return to the library Sll 1989 Illinois Stats for is $125.00, $300.00 14, Top Performances minimum fee for a lost item 82 1989 Big Ten Stats The 149 Television Appearances journals.
  • THE COFFIN CORNER: Vol. 26, No. 5 (2004) a SAFETY ANALYSIS

    THE COFFIN CORNER: Vol. 26, No. 5 (2004) a SAFETY ANALYSIS

    THE COFFIN CORNER: Vol. 26, No. 5 (2004) A SAFETY ANALYSIS By Gary Selby The Safety: One of football’s rarest scoring plays. The Digest of Rules in the NFL’s Record and Fact Book describes a safety as: “Two points are scored for the opposing team when the ball is dead on or behind a team’s own goal line if the impetus came from a player on that team.” Emphasis on impetus. A fairly straightforward definition. Most fans know a safety when they see one, despite there being numerous types. But when they happen, its like an electric shock. The responses range from “What? So what’s the score now?” to “Better get another beer and some pretzels. This thing’s getting complicated.” But I wanted to look a little deeper. How many safeties have there been in the NFL? What are the types? What is their effect on a game? Can it be measured? I had never seen an analysis of the safety, so I decided to do one myself. My interest was sparked while reviewing files for the PFRA’s Linescore Project. In a 1965 Giants-Cardinals game I saw the following entry for an individual score: StL – Team Safety. Team Safety? Huh? Did the entire Cardinals defense tackle Tucker Fredrickson in his end zone? After a trip to the library revealed the answer, I kept thinking about how devastating a safety can be. You give up possession, give your opponent 2 points, and then you have to punt the ball from your own 20, giving your opponent good, if not excellent, field position.
  • A Topic Model Approach to Represent and Classify American Football Plays

    A Topic Model Approach to Represent and Classify American Football Plays

    A Topic Model Approach to Represent and Classify American Football Plays Jagannadan Varadarajan1 1 Advanced Digital Sciences Center of Illinois, Singapore [email protected] 2 King Abdullah University of Science and Technology, Saudi Indriyati Atmosukarto1 Arabia [email protected] 3 University of Illinois at Urbana-Champaign, IL USA Shaunak Ahuja1 [email protected] Bernard Ghanem12 [email protected] Narendra Ahuja13 [email protected] Automated understanding of group activities is an important area of re- a Input ba Feature extraction ae Output motion angle, search with applications in many domains such as surveillance, retail, Play type templates and labels time & health care, and sports. Despite active research in automated activity anal- plays player role run left pass left ysis, the sports domain is extremely under-served. One particularly diffi- WR WR QB RB QB abc Documents RB cult but significant sports application is the automated labeling of plays in ] WR WR . American Football (‘football’), a sport in which multiple players interact W W ....W 1 2 D run right pass right . WR WR on a playing field during structured time segments called plays. Football . RB y y y ] QB QB 1 2 D RB plays vary according to the initial formation and trajectories of players - w i - documents, yi - labels WR Trajectories WR making the task of play classification quite challenging. da MedLDA modeling pass midrun mid pass midrun η βk K WR We define a play as a unique combination of offense players’ trajec- WR y QB d RB QB RB tories as shown in Fig.
  • BB Competition Rules V2

    BB Competition Rules V2

    BLOOD BOWL BLOOD BOWL COMPETITION RULES This rules pack contains a set of alternative game rules that have been developed in order to maintain game balance in leagues that last for long periods of time (e.g. for months or years rather than weeks), and for use in tournaments where very precise play balance and exact wording of the rules are important. They have been heavily tested by Blood Bowl coaches around the world, to ensure the best long-term balance and minimum of confusion. However, by necessity this makes the competition rules longer and more complex than the standard rules, and because of this their use is entirely optional. League commissioners and tournament organisers should therefore feel free to use either the competition rules or the standard rules included with the Blood Bowl game, whichever they consider to be the most appropriate for the league or tournament they plan to run. Note that the Competition Rules pack only includes the information and rules that you will need during play. All descriptions of game components, the history of Blood Bowl, and all illustrations and ‘Did You Knows’ have been removed, both in order to save repeating information already in the Blood Bowl Rulebook, and to save time and money when printing the document out. We recommend printing two pages to a sheet to save further paper. Also note that the original page numbering has been preserved as much as possible, to ensure that page references in the text remain correct, and this sometimes means that the page numbers ‘jump forward’ or that pages have a certain amount of empty space.
  • Ucla Football Schedules — a Glimpse at the Future

    Ucla Football Schedules — a Glimpse at the Future

    Tight End Marcedes Lewis Honors2005 Candidate Spring Football Media Guide Tailback Maurice Drew Wide Receiver Craig Bragg Honors Candidate All-America Candidate Linebacker Spencer Havner Center Mike McCloskey 2004 All-American Honors Candidate UCLA Honors Candidates Junior Taylor Kevin Brown Justin London Wide Receiver Defensive Tackle Linebacker Ed Blanton Jarrad Page Justin Medlock Offensive Tackle Safety Place Kicker 2005 UCLA FOOTBALL SCHEDULE Date Opponent Time Site Sept. 3 San Diego State TBD San Diego, CA Sept. 10 Rice TBD Rose Bowl Sept. 17 Oklahoma TBD Rose Bowl Oct. 1 *Washington TBD Rose Bowl Oct. 8 *California TBD Rose Bowl Oct. 15 *Washington State TBD Pullman, WA Oct. 22 *Oregon State † TBD Rose Bowl Oct. 29 *Stanford TBD Stanford, CA Nov. 5 *Arizona TBD Tucson, AZ Nov. 12 *Arizona State TBD Rose Bowl Dec. 3 *USC 1:30 p.m./ABC L.A. Coliseum ALL GAME TIMES TENTATIVE DUE TO TELEVISION All games broadcast on XTRA Sports 570 in Southern California and SIRIUS Satellite Radio nationally *Pacific-10 Conference Game †Homecoming For Season or Single Game Ticket Information, Please Call 310/UCLA W-I-N or visit www.uclabruins.com UCLA FOOTBALL SCHEDULES — A GLIMPSE AT THE FUTURE 2006 2007 Sept. 9 Rice Sept. 8 Brigham Young Sept. 16 at Oregon State Sept. 15 at Utah Sept. 23 Utah Sept. 22 Oregon Sept. 30 at Washington Sept. 29 at Arizona State Oct. 7 at California Oct. 6 Notre Dame Oct. 14 Washington State Oct. 13 California Oct. 21 at Notre Dame Oct. 20 at Oregon State Oct. 28 Stanford Oct. 27 Arizona Nov.
  • Automatic Annotation of American Football Video Footage for Game Strategy Analysis

    Automatic Annotation of American Football Video Footage for Game Strategy Analysis

    https://doi.org/10.2352/ISSN.2470-1173.2021.6.IRIACV-303 © 2021, Society for Imaging Science and Technology Automatic Annotation of American Football Video Footage for Game Strategy Analysis Jacob Newman, Jian-Wei Lin, Dah-Jye Lee, and Jen-Jui Liu, Brigham Young University, Provo, Utah, USA Abstract helping coaches study and understand both how their team plays Annotation and analysis of sports videos is a challeng- and how other teams play. This could assist them in game plan- ing task that, once accomplished, could provide various bene- ning before the game or, if allowed, making decisions in real time, fits to coaches, players, and spectators. In particular, Ameri- thereby improving the game. can Football could benefit from such a system to provide assis- This paper presents a method of player detection from a sin- tance in statistics and game strategy analysis. Manual analysis of gle image immediately before the play starts. YOLOv3, a pre- recorded American football game videos is a tedious and ineffi- trained deep learning network, is used to detect the visible play- cient process. In this paper, as a first step to further our research ers, followed by a ResNet architecture which labels the players. for this unique application, we focus on locating and labeling in- This research will be a foundation for future research in tracking dividual football players from a single overhead image of a foot- key players during a video. With this tracking data, automated ball play immediately before the play begins. A pre-trained deep game analysis can be accomplished. learning network is used to detect and locate the players in the image.
  • Using Camera Motion to Identify Types of American Football Plays

    Using Camera Motion to Identify Types of American Football Plays

    USING CAMERA MOTION TO IDENTIFY TYPES OF AMERICAN FOOTBALL PLAYS Mihai Lazarescu, Svetha Venkatesh School of Computing, Curtin University of Technology, GPO Box U1987, Perth 6001, W.A. Email: [email protected] ABSTRACT learning algorithm used to train the system. The results This paper presents a method that uses camera motion pa- are described in Section 5 with the conclusions presented rameters to recognise 7 types of American Football plays. in Section 6. The approach is based on the motion information extracted from the video and it can identify short and long pass plays, 2. PREVIOUS WORK short and long running plays, quaterback sacks, punt plays and kickoff plays. This method has the advantage that it is Motion parameters have been used in the past since they fast and it does not require player or hall tracking. The sys- provide a simple, fast and accurate way to search multi- tem was trained and tested using 782 plays and the results media databases for specific shots (for example a shot of show that the system has an overall classification accuracy a landscape is likely to involve a significant amount of pan, of 68%. whilst a shot of an aerobatic sequence is likely to contain roll). 1. INTRODUCTION Previous work done towards tbe recognition of Ameri- can Football plays has generally involved methods that com- The automatic indexing and retrieval of American Football bine clues from several sources such as video, audio and text plays is a very difficult task for which there are currently scripts. no tools available. The difficulty comes from both the com- A method for tracking players in American Football grey- plexity of American Football itself as well as the image pro- scale images that makes use of context knowledge is de- cessing involved for an accurate analysis of the plays.
  • Weekly Release Vs October 9, 2016 1:25 P.M

    Weekly Release Vs October 9, 2016 1:25 P.M

    WEEKLY RELEASE VS OCTOBER 9, 2016 1:25 P.M. PT | OAKLAND-ALAMEDA COUNTY COLISEUM OAKLAND RAIDERS WEEKLY RELEASE 1220 HARBOR BAY PARKWAY | ALAMEDA, CA 94502 | RAIDERS.COM WEEK 5 | OCTOBER 9, 2016 | 1:25 P.M. PT | OAKLAND-ALAMEDA COUNTY COLISEUM VS. 3-1 1-3 GAME PREVIEW THE SETTING After back-to-back road games, the Oakland Raiders return Date: Sunday, October 9, 2016 home for two straight contests against AFC West rivals. This Kickoff: 1:25 p.m. PT week, the Raiders will host the Chargers at Oakland-Alameda Site: Oakland-Alameda County Coliseum (1966) County Coliseum on Sunday, Oct. 9 at 1:25 p.m. PT, marking the Capacity/Surface: 56,055/Overseeded Bermuda first of two games this year between the two longtime foes. The Regular Season: Raiders lead, 60-50-2 next time these teams play will be on Dec. 18 in San Diego. Last Postseason: Raiders lead, 1-0 week, the Raiders won their third road game of the year, pulling out another close victory against the Baltimore Ravens by a final of 28-27. The Chargers dropped a tight contest at home to the New Orleans Saints, 34-35. CLUTCH CRAB Getting to 3-1 on the year and 3-0 on the road last Sunday, In last week’s win over the Ravens in Baltimore, WR Michael Crab- the Raiders once again came from behind in the game’s final min- tree set a career high with three receiving touchdowns, including utes to secure the victory. Down 21-27 with 3:36 remaining, QB Derek Carr led the team on a six-play, 66-yard drive in 1:24, cul- the game-winning 23-yard catch from QB Derek Carr with 2:12 minating on a 23-yard touchdown pass to WR Michael Crabtree remaining.
  • BIG 33 Game History

    BIG 33 Game History

    1958-2015 BIG 33 Game History June 19, 2015 Pennsylvania’s next score. Toledo-bound tailback Terry June 16, 2012 58th Big 33 Football Classic Swanson made the turnover count as he punched in 55th Big 33 Football Classic Maryland 3 – Pennsylvania 20 a touchdown from 5 yards out. That made it a 24-14 Ohio 24 - Pennsylvania 21 Maryland lead with 4:23 to go in the third quarter. Pyles led Pennsylvania’s first drive of the fourth Six costly Pennsylvania turnovers It didn’t take Pennsylvania’s all- quarter and capitalized with a 20-yard touchdown run ultimately undid an outstanding star squad long to jump out to an to make it just a three-point deficit. The Pennsylvania defensive performance from the early lead, as South Fayette’s Brett defense took over after that, riding the momentum. The Keystone side, setting the stage Brumbaugh found Harrisburg’s defensive line swarmed into the Maryland backfield for Ohio kicker Tyler Grassman’s Amechie Walker on a deep slant between the hash and held them to negative 3 yards of offense in the 39-yard field goal that lifted Ohio to a stunning 24-21 marks. One play. One pass. 63 yards, six points and fourth quarter. Lower Dauphin kicker Joe Julius, who overtime victory. The outcome was especially painful barely 13 seconds off the clock. erased a disastrous start, nailed a 29-yard field goal that for Pennsylvania because of a 14-point fourth quarter Urbana’s Ray Grey started the game for Maryland at forged a 24-all battle with 1:19 left in regulation.
  • Flag Football Coach Packet

    Flag Football Coach Packet

    Flag Football Coach Packet The field 1st and 2nd Grade Division: 60 yards long and 40 yards wide. Each end zone is 10 yards wide. There is only one first down line at midfield. 3rd through 8th Grade Divisions: 80 yards long and 40 yards wide. Each end zone is 10 yards wide. There are two first down lines, 20 yards apart. Ball Line The ball line runs from goal line to goal line down the center of the field and is shown above in green. The ball line indicates where the ball is placed to start every play. No-Running Zone Two lines outside the ball line indicate the no-running zone and are marked in yellow above. The no- running zone is 15 yards wide. Runners must be outside of the no-running zone before heading up the field. Passing is allowed in the no-running zone, handoffs are not. If the quarterback intends to hand the ball of, he must move to the outside of the no-running zone before doing so. Neutral Zone The neutral zone is a 15x5-yard area in which no player can be to begin a play. It is marked by placing a cone at the line of scrimmage and a cone 5-yards forward from the line of scrimmage. The no-running zone marks the outside of the neutral zone. (See above image for no-running zone) EXAMPLE NEUTRAL ZONE Ball Sizes 1st grade-4th grade - Pee Wee Size 5 5th-8th grade- Junior Size 6 Cleats Soccer or football cleats are recommended but not required.
  • PYFA Reserves the Right to Change And/Or Modify And/Or Add Any Rule(S) That Is Deemed Necessary

    PYFA Reserves the Right to Change And/Or Modify And/Or Add Any Rule(S) That Is Deemed Necessary

    PIQUA YOUTH FOOTBALL ASSOCIATION FLAG FOOTBALL RULES Mission: The purpose shall be to provide, promote, conduct and govern the game of football by teaching the fundamentals, sportsmanship, and physical health. Where: Pitsenbarger Park Sports Complex, Piqua Youth Football Fields Teams: The number of teams will be determined in accordance with the number of participants. Children K-2nd grade are able to participate. The number of players per team will also be determined by the number of participants. Positions: Center: 1 Guards: 2 Quarterback: 1 (Coach) Running Backs: 1 or 2 Wide Receivers: 1 or 2 7 total defensive players and 6 offensive players plus the coach as quarterback will be allowed on the field during game play for each team; UNLESS one team has less than 7 players, then the teams will adjust their numbers according to the team that has the least amount of players. RULES: 1. The playing field will be a 70-yard playing field with 2, 10-yard end zones for a total of 90 yards. The width of the field will be 1⁄4 of a regular sized football field. 2. Game length will be four quarters and each quarter will last 8 minutes. The clock will run continuously except after scores and time outs. Halftime will be 8 minutes in length. 3. The ball being placed on the 20-yard line at the beginning of each half. Game play will start on the 20-yard line after each score. 4. A touchdown is worth 6 points. Following a touchdown, there will be an untimed down for a 2-point conversion.
  • For the Win: Risk-Sensitive Decision-Making in Teams

    For the Win: Risk-Sensitive Decision-Making in Teams

    Journal of Behavioral Decision Making, J. Behav. Dec. Making, 30: 462–472 (2017) Published online 1 June 2016 in Wiley Online Library (wileyonlinelibrary.com) DOI: 10.1002/bdm.1965 For the Win: Risk-Sensitive Decision-Making in Teams JOSH GONZALES,1 SANDEEP MISHRA2* and RONALD D. CAMP II2 1Department of Psychology, University of Regina, Regina, Saskatchewan Canada 2Faculty of Business Administration, University of Regina, Regina, Saskatchewan Canada ABSTRACT Risk-sensitivity theory predicts that decision-makers should prefer high-risk options in high need situations when low-risk options will not meet these needs. Recent attempts to adopt risk-sensitivity as a framework for understanding human decision-making have been promising. However, this research has focused on individual-level decision-making, has not examined behavior in naturalistic settings, and has not examined the influ- ence of multiple levels of need on decision-making under risk. We examined group-level risk-sensitive decision-making in two American football leagues: the National Football League (NFL) and the National College Athletic Association (NCAA) Division I. Play decisions from the 2012 NFL (Study 1; N = 33 944), 2013 NFL (Study 2; N = 34 087), and 2012 NCAA (Study 3; N = 15 250) regular seasons were analyzed. Results dem- onstrate that teams made risk-sensitive decisions based on two distinct needs: attaining first downs (a key proximate goal in football) and acquiring points above parity. Evidence for risk-sensitive decisions was particularly strong when motivational needs were most salient. These findings are the first empirical demonstration of team risk-sensitivity in a naturalistic organizational setting. Copyright © 2016 John Wiley & Sons, Ltd.