Cargando…
Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling
Cyber-attacks are deliberate attempts by adversaries to illegally access online information of other individuals or organizations. There are likely to be severe monetary consequences for organizations and its workers who face cyber-attacks. However, currently, little is known on how monetary consequ...
Autores principales: | , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
Frontiers Media S.A.
2020
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6999552/ https://www.ncbi.nlm.nih.gov/pubmed/32063872 http://dx.doi.org/10.3389/fpsyg.2020.00011 |
_version_ | 1783493944950128640 |
---|---|
author | Maqbool, Zahid Aggarwal, Palvi Pammi, V. S. Chandrasekhar Dutt, Varun |
author_facet | Maqbool, Zahid Aggarwal, Palvi Pammi, V. S. Chandrasekhar Dutt, Varun |
author_sort | Maqbool, Zahid |
collection | PubMed |
description | Cyber-attacks are deliberate attempts by adversaries to illegally access online information of other individuals or organizations. There are likely to be severe monetary consequences for organizations and its workers who face cyber-attacks. However, currently, little is known on how monetary consequences of cyber-attacks may influence the decision-making of defenders and adversaries. In this research, using a cyber-security game, we evaluate the influence of monetary penalties on decisions made by people performing in the roles of human defenders and adversaries via experimentation and computational modeling. In a laboratory experiment, participants were randomly assigned to the role of “hackers” (adversaries) or “analysts” (defenders) in a laboratory experiment across three between-subject conditions: Equal payoffs (EQP), penalizing defenders for false alarms (PDF) and penalizing defenders for misses (PDM). The PDF and PDM conditions were 10-times costlier for defender participants compared to the EQP condition, which served as a baseline. Results revealed an increase (decrease) and decrease (increase) in attack (defend) actions in the PDF and PDM conditions, respectively. Also, both attack-and-defend decisions deviated from Nash equilibriums. To understand the reasons for our results, we calibrated a model based on Instance-Based Learning Theory (IBLT) theory to the attack-and-defend decisions collected in the experiment. The model’s parameters revealed an excessive reliance on recency, frequency, and variability mechanisms by both defenders and adversaries. We discuss the implications of our results to different cyber-attack situations where defenders are penalized for their misses and false-alarms. |
format | Online Article Text |
id | pubmed-6999552 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2020 |
publisher | Frontiers Media S.A. |
record_format | MEDLINE/PubMed |
spelling | pubmed-69995522020-02-14 Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling Maqbool, Zahid Aggarwal, Palvi Pammi, V. S. Chandrasekhar Dutt, Varun Front Psychol Psychology Cyber-attacks are deliberate attempts by adversaries to illegally access online information of other individuals or organizations. There are likely to be severe monetary consequences for organizations and its workers who face cyber-attacks. However, currently, little is known on how monetary consequences of cyber-attacks may influence the decision-making of defenders and adversaries. In this research, using a cyber-security game, we evaluate the influence of monetary penalties on decisions made by people performing in the roles of human defenders and adversaries via experimentation and computational modeling. In a laboratory experiment, participants were randomly assigned to the role of “hackers” (adversaries) or “analysts” (defenders) in a laboratory experiment across three between-subject conditions: Equal payoffs (EQP), penalizing defenders for false alarms (PDF) and penalizing defenders for misses (PDM). The PDF and PDM conditions were 10-times costlier for defender participants compared to the EQP condition, which served as a baseline. Results revealed an increase (decrease) and decrease (increase) in attack (defend) actions in the PDF and PDM conditions, respectively. Also, both attack-and-defend decisions deviated from Nash equilibriums. To understand the reasons for our results, we calibrated a model based on Instance-Based Learning Theory (IBLT) theory to the attack-and-defend decisions collected in the experiment. The model’s parameters revealed an excessive reliance on recency, frequency, and variability mechanisms by both defenders and adversaries. We discuss the implications of our results to different cyber-attack situations where defenders are penalized for their misses and false-alarms. Frontiers Media S.A. 2020-01-28 /pmc/articles/PMC6999552/ /pubmed/32063872 http://dx.doi.org/10.3389/fpsyg.2020.00011 Text en Copyright © 2020 Maqbool, Aggarwal, Pammi and Dutt. http://creativecommons.org/licenses/by/4.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner(s) are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms. |
spellingShingle | Psychology Maqbool, Zahid Aggarwal, Palvi Pammi, V. S. Chandrasekhar Dutt, Varun Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling |
title | Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling |
title_full | Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling |
title_fullStr | Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling |
title_full_unstemmed | Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling |
title_short | Cyber Security: Effects of Penalizing Defenders in Cyber-Security Games via Experimentation and Computational Modeling |
title_sort | cyber security: effects of penalizing defenders in cyber-security games via experimentation and computational modeling |
topic | Psychology |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6999552/ https://www.ncbi.nlm.nih.gov/pubmed/32063872 http://dx.doi.org/10.3389/fpsyg.2020.00011 |
work_keys_str_mv | AT maqboolzahid cybersecurityeffectsofpenalizingdefendersincybersecuritygamesviaexperimentationandcomputationalmodeling AT aggarwalpalvi cybersecurityeffectsofpenalizingdefendersincybersecuritygamesviaexperimentationandcomputationalmodeling AT pammivschandrasekhar cybersecurityeffectsofpenalizingdefendersincybersecuritygamesviaexperimentationandcomputationalmodeling AT duttvarun cybersecurityeffectsofpenalizingdefendersincybersecuritygamesviaexperimentationandcomputationalmodeling |