Log In Sign Up

Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems

by   Mustafa Abdallah, et al.

We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making. We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters on the degree of suboptimality of security outcomes due to behavioral decision-making.


BASCPS: How does behavioral decision making impact the security of cyber-physical systems?

We study the security of large-scale cyber-physical systems (CPS) consis...

Over-representation of Extreme Events in Decision-Making: A Rational Metacognitive Account

The Availability bias, manifested in the over-representation of extreme ...

Bias amplification in experimental social networks is reduced by resampling

Large-scale social networks are thought to contribute to polarization by...

Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions

Accurately modeling human decision-making in security is critical to thi...

Local reservoir model for choice-based learning

Decision making based on behavioral and neural observations of living sy...

Many Phish in the C: A Coexisting-Choice-Criteria Model of Security Behavior

Normative decision theory proves inadequate for modeling human responses...

Behavioral and Game-Theoretic Security Investments in Interdependent Systems Modeled by Attack Graphs

We consider a system consisting of multiple interdependent assets, and a...