EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

The role of information about opponent’s actions and intrusion-detection alerts on cyber decisions in cyber security games

Palvi Aggarwal and Varun Dutt
Additional contact information
Palvi Aggarwal: Dynamic Decision Making Laboratory, Carnegie Mellon University, Pittsburgh, PA 15213, USA
Varun Dutt: Applied Cognitive Science Laboratory, Indian Institute of Technology Mandi, Kamand 175005

Cyber Security: A Peer-Reviewed Journal, 2020, vol. 3, issue 4, 363-378

Abstract: Cyberspace is becoming increasingly prone to cyberattacks. Cyberattack and cyber-defend decisions may be influenced by the information about actions of adversaries and defenders available to opponents (interdependence information) as well as by alerts from intrusion detection systems (IDSs), which offer recommendations to defenders against cyberattacks. Little is currently known, however, on how interdependence information and IDS alerts would influence the attack-and-defend decisions in cyber security. This paper discusses a laboratory experiment involving participants (N = 140) performing as would-be adversaries (attackers) and defenders (analysts). Participants were randomly assigned to four between-subjects conditions in a cyber security game, where the conditions varied in interdependence information (full-information or no-information) and IDS alerts (present or absent). Results revealed that the proportion of defend (attack) actions were smaller (same) when IDS was present compared to absent. In addition, the proportion of defend (attack) actions were same (smaller) in conditions of full-information about opponents compared to no-information about opponents. Furthermore, to understand the experimental results, the authors calibrated cognitive models based upon instance-based learning theory (IBLT), a theory of decisions from experience. Based upon the experimental conditions, four different variants of a single instance-based learning (IBL) model were developed. Model results revealed excessive reliance on recency and frequency of information and cognitive noise among both attackers and defenders across different experimental conditions. The paper highlights the implications of our results for cyber-decisions in the real world.

Keywords: defender; attacker; behavioural cyber security; intrusion detection system alerts; instance-based learning theory; interdependence information (search for similar items in EconPapers)
JEL-codes: M15 (search for similar items in EconPapers)
Date: 2020
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/5815/download/ (application/pdf)
https://hstalks.com/article/5815/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2020:v:3:i:4:p:363-378

Access Statistics for this article

More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:csj000:y:2020:v:3:i:4:p:363-378