DeepAI
Log In Sign Up

BASCPS: How does behavioral decision making impact the security of cyber-physical systems?

04/04/2020
by   Mustafa Abdallah, et al.
0

We study the security of large-scale cyber-physical systems (CPS) consisting of multiple interdependent subsystems, each managed by a different defender. Defenders invest their security budgets with the goal of thwarting the spread of cyber attacks to their critical assets. We model the security investment decisions made by the defenders as a security game. While prior work has used security games to analyze such scenarios, we propose behavioral security games, in which defenders exhibit characteristics of human decision making that have been identified in behavioral economics as representing typical human cognitive biases. This is important as many of the critical security decisions in our target class of systems are made by humans. We provide empirical evidence for our behavioral model through a controlled subject experiment. We then show that behavioral decision making leads to a suboptimal pattern of resource allocation compared to non-behavioral decision making. We illustrate the effects of behavioral decision making using two representative real-world interdependent CPS. In particular, we identify the effects of the defenders' security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies, on the degree of suboptimality of security outcomes due to behavioral decision making. In this context, the adverse effects of behavioral decision making are most severe with moderate defense budgets. Moreover, the impact of behavioral suboptimal decision making is magnified as the degree of the interdependency between subnetworks belonging to different defenders increases. We also observe that selfish defense decisions together with behavioral decisions significantly increase security risk.

READ FULL TEXT

page 1

page 2

page 3

page 4

11/12/2020

Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems

We model the behavioral biases of human decision-making in securing inte...
12/15/2015

Conditions for Normative Decision Making at the Fire Ground

We discuss the changes in an attitude to decision making at the fire gro...
04/01/2021

The best laid plans or lack thereof: Security decision-making of different stakeholder groups

Cyber security requirements are influenced by the priorities and decisio...
09/21/2020

Entropy, Computing and Rationality

Making decisions freely presupposes that there is some indeterminacy in ...
08/02/2022

Detecting Individual Decision-Making Style: Exploring Behavioral Stylometry in Chess

The advent of machine learning models that surpass human decision-making...
05/16/2018

Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions

Accurately modeling human decision-making in security is critical to thi...
01/09/2020

Behavioral and Game-Theoretic Security Investments in Interdependent Systems Modeled by Attack Graphs

We consider a system consisting of multiple interdependent assets, and a...