A preview of the PDF is not available
Role of information about opponent's actions and intrusion-detection alerts on cyber-decisions in cybersecurity games
Abstract and Figures
Cyberspace is becoming increasingly prone to cyber-attacks. Cyber-attack and cyber-defend decisions may be influenced by the information about actions of adversaries and defenders available to opponents (interdependence information) as well as by alerts from intrusion detection systems (IDSs), systems that offer recommendations to defenders against cyber-attacks. However, currently little is known on how interdependence information and IDS alerts would influence the attack-and-defend decisions in cybersecurity. In this paper, we conducted a laboratory experiment involving participants (N = 140) performing as would-be adversaries (attackers) and defenders (analysts). Participants were randomly assigned to four between-subjects conditions in a cybersecurity game, where the conditions varied in interdependence information (full-information or no-information) and IDS alerts (present or absent). Results revealed that the proportion of defend (attack) actions were smaller (same) when IDS was present compared to absent. In addition, the proportion of defend (attack) actions were same (smaller) in conditions of full-information about opponents compared to no-information about opponents. Furthermore, to understand the experimental results, we calibrated cognitive models based upon Instance-Based Learning Theory (IBLT), a theory of decisions from experience. Based upon the experimental conditions, four different variants of a single IBL model were developed. Model results revealed excessive reliance on recency and frequency of information and cognitive noise among both attackers and defenders across different experimental conditions. We highlight the implications of our results for cyber-decisions in the real world.
Figures - uploaded by Varun Dutt
All figure content in this area was uploaded by Varun Dutt
Content may be subject to copyright.