EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Learning About the Effects of Alert Uncertainty in Attack and Defend Decisions via Cognitive Modeling

Palvi Aggarwal, Frederic Moisan (), Cleotilde Gonzalez and Varun Dutt
Additional contact information
Palvi Aggarwal: CMU - Carnegie Mellon University [Pittsburgh]
Frederic Moisan: EM - EMLyon Business School, GATE Lyon Saint-Étienne - Groupe d'Analyse et de Théorie Economique Lyon - Saint-Etienne - UL2 - Université Lumière - Lyon 2 - UJM - Université Jean Monnet - Saint-Étienne - EM - EMLyon Business School - CNRS - Centre National de la Recherche Scientifique
Cleotilde Gonzalez: CMU - Carnegie Mellon University [Pittsburgh]
Varun Dutt: IIT Mandi - Indian Institute of Technology Mandi

Post-Print from HAL

Abstract: Objective We aim to learn about the cognitive mechanisms governing the decisions of attackers and defenders in cybersecurity involving intrusion detection systems (IDSs). Background Prior research has experimentally studied the role of the presence and accuracy of IDS alerts on attacker's and defender's decisions using a game-theoretic approach. However, little is known about the cognitive mechanisms that govern these decisions. Method To investigate the cognitive mechanisms governing the attacker's and defender's decisions in the presence of IDSs of different accuracies, instance-based learning (IBL) models were developed. One model (NIDS) disregarded the IDS alerts and one model (IDS) considered them in the instance structure. Both the IDS and NIDS models were trained in an existing dataset where IDSs were either absent or present and they possessed different accuracies. The calibrated IDS model was tested in a newly collected test dataset where IDSs were present 50% of the time and they possessed different accuracies. Results Both the IDS and NIDS models were able to account for human decisions in the training dataset, where IDS was absent or present and it possessed different accuracies. However, the IDS model could accurately predict the decision-making in only one of the several IDS accuracy conditions in the test dataset. Conclusions Cognitive models like IBL may provide some insights regarding the cognitive mechanisms governing the decisions of attackers and defenders in conditions not involving IDSs or IDSs of different accuracies. Application IBL models may be helpful for penetration testing exercises in scenarios involving IDSs of different accuracies.

Keywords: cybersecurity; behavioral game theory; instance-based learning theory; alerts (search for similar items in EconPapers)
Date: 2022-03
References: Add references at CitEc
Citations:

Published in Human Factors, 2022, 64 (2), 343-358 p. ⟨10.1177/0018720820945425⟩

There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:hal:journl:hal-03188211

DOI: 10.1177/0018720820945425

Access Statistics for this paper

More papers in Post-Print from HAL
Bibliographic data for series maintained by CCSD ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:hal:journl:hal-03188211