Abstract
We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making. We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters (e.g., the defenders' security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies) on the degree of suboptimality of security outcomes due to behavioral decision-making.
Original language | English |
---|---|
Title of host publication | ASIA CCS 2021 |
Subtitle of host publication | Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security |
Place of Publication | Hong Kong |
Publisher | Association for Computing Machinery, Inc |
Pages | 378-392 |
Number of pages | 15 |
ISBN (Electronic) | 9781450382878 |
DOIs | |
Publication status | Published - 24 May 2021 |
Externally published | Yes |
Event | 16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021 - Virtual, Online, Hong Kong Duration: 7 Jun 2021 → 11 Jun 2021 |
Conference
Conference | 16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021 |
---|---|
Country/Territory | Hong Kong |
City | Virtual, Online |
Period | 7/06/21 → 11/06/21 |
Keywords
- attack graphs
- behavioral decision-making
- guiding security decision-makers
- learning attacks
- reinforcement learning
- security games