Cargando…

Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling

Cyber-attacks are deliberate attempts by adversaries to illegally access online information of other individuals or organizations. There are likely to be severe monetary consequences for organizations and its workers who face cyber-attacks. However, currently, little is known on how monetary consequ...

Descripción completa

Detalles Bibliográficos
Autores principales: Maqbool, Zahid, Aggarwal, Palvi, Pammi, V. S. Chandrasekhar, Dutt, Varun
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Frontiers Media S.A. 2020
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6999552/
https://www.ncbi.nlm.nih.gov/pubmed/32063872
http://dx.doi.org/10.3389/fpsyg.2020.00011
_version_ 1783493944950128640
author Maqbool, Zahid
Aggarwal, Palvi
Pammi, V. S. Chandrasekhar
Dutt, Varun
author_facet Maqbool, Zahid
Aggarwal, Palvi
Pammi, V. S. Chandrasekhar
Dutt, Varun
author_sort Maqbool, Zahid
collection PubMed
description Cyber-attacks are deliberate attempts by adversaries to illegally access online information of other individuals or organizations. There are likely to be severe monetary consequences for organizations and its workers who face cyber-attacks. However, currently, little is known on how monetary consequences of cyber-attacks may influence the decision-making of defenders and adversaries. In this research, using a cyber-security game, we evaluate the influence of monetary penalties on decisions made by people performing in the roles of human defenders and adversaries via experimentation and computational modeling. In a laboratory experiment, participants were randomly assigned to the role of “hackers” (adversaries) or “analysts” (defenders) in a laboratory experiment across three between-subject conditions: Equal payoffs (EQP), penalizing defenders for false alarms (PDF) and penalizing defenders for misses (PDM). The PDF and PDM conditions were 10-times costlier for defender participants compared to the EQP condition, which served as a baseline. Results revealed an increase (decrease) and decrease (increase) in attack (defend) actions in the PDF and PDM conditions, respectively. Also, both attack-and-defend decisions deviated from Nash equilibriums. To understand the reasons for our results, we calibrated a model based on Instance-Based Learning Theory (IBLT) theory to the attack-and-defend decisions collected in the experiment. The model’s parameters revealed an excessive reliance on recency, frequency, and variability mechanisms by both defenders and adversaries. We discuss the implications of our results to different cyber-attack situations where defenders are penalized for their misses and false-alarms.
format Online
Article
Text
id pubmed-6999552
institution National Center for Biotechnology Information
language English
publishDate 2020
publisher Frontiers Media S.A.
record_format MEDLINE/PubMed
spelling pubmed-69995522020-02-14 Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling Maqbool, Zahid Aggarwal, Palvi Pammi, V. S. Chandrasekhar Dutt, Varun Front Psychol Psychology Cyber-attacks are deliberate attempts by adversaries to illegally access online information of other individuals or organizations. There are likely to be severe monetary consequences for organizations and its workers who face cyber-attacks. However, currently, little is known on how monetary consequences of cyber-attacks may influence the decision-making of defenders and adversaries. In this research, using a cyber-security game, we evaluate the influence of monetary penalties on decisions made by people performing in the roles of human defenders and adversaries via experimentation and computational modeling. In a laboratory experiment, participants were randomly assigned to the role of “hackers” (adversaries) or “analysts” (defenders) in a laboratory experiment across three between-subject conditions: Equal payoffs (EQP), penalizing defenders for false alarms (PDF) and penalizing defenders for misses (PDM). The PDF and PDM conditions were 10-times costlier for defender participants compared to the EQP condition, which served as a baseline. Results revealed an increase (decrease) and decrease (increase) in attack (defend) actions in the PDF and PDM conditions, respectively. Also, both attack-and-defend decisions deviated from Nash equilibriums. To understand the reasons for our results, we calibrated a model based on Instance-Based Learning Theory (IBLT) theory to the attack-and-defend decisions collected in the experiment. The model’s parameters revealed an excessive reliance on recency, frequency, and variability mechanisms by both defenders and adversaries. We discuss the implications of our results to different cyber-attack situations where defenders are penalized for their misses and false-alarms. Frontiers Media S.A. 2020-01-28 /pmc/articles/PMC6999552/ /pubmed/32063872 http://dx.doi.org/10.3389/fpsyg.2020.00011 Text en Copyright © 2020 Maqbool, Aggarwal, Pammi and Dutt. http://creativecommons.org/licenses/by/4.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner(s) are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
spellingShingle Psychology
Maqbool, Zahid
Aggarwal, Palvi
Pammi, V. S. Chandrasekhar
Dutt, Varun
Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling
title Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling
title_full Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling
title_fullStr Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling
title_full_unstemmed Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling
title_short Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling
title_sort cyber security: effects of penalizing defenders in cyber-security games via experimentation and computational modeling
topic Psychology
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6999552/
https://www.ncbi.nlm.nih.gov/pubmed/32063872
http://dx.doi.org/10.3389/fpsyg.2020.00011
work_keys_str_mv AT maqboolzahid cybersecurityeffectsofpenalizingdefendersincybersecuritygamesviaexperimentationandcomputationalmodeling
AT aggarwalpalvi cybersecurityeffectsofpenalizingdefendersincybersecuritygamesviaexperimentationandcomputationalmodeling
AT pammivschandrasekhar cybersecurityeffectsofpenalizingdefendersincybersecuritygamesviaexperimentationandcomputationalmodeling
AT duttvarun cybersecurityeffectsofpenalizingdefendersincybersecuritygamesviaexperimentationandcomputationalmodeling