Morshed: guiding behavioral decision-makers towards better security investment in interdependent systems

Mustafa Abdallah, Daniel Woods, Parinaz Naghizadeh, Issa Khalil, Timothy Cason, Shreyas Sundaram, Saurabh Bagchi

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

12 Citations (Scopus)

Abstract

We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making. We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters (e.g., the defenders' security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies) on the degree of suboptimality of security outcomes due to behavioral decision-making.

Original languageEnglish
Title of host publicationASIA CCS 2021
Subtitle of host publicationProceedings of the 2021 ACM Asia Conference on Computer and Communications Security
Place of PublicationHong Kong
PublisherAssociation for Computing Machinery, Inc
Pages378-392
Number of pages15
ISBN (Electronic)9781450382878
DOIs
Publication statusPublished - 24 May 2021
Externally publishedYes
Event16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021 - Virtual, Online, Hong Kong
Duration: 7 Jun 202111 Jun 2021

Conference

Conference16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021
Country/TerritoryHong Kong
CityVirtual, Online
Period7/06/2111/06/21

Keywords

  • attack graphs
  • behavioral decision-making
  • guiding security decision-makers
  • learning attacks
  • reinforcement learning
  • security games

Cite this