Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems

We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making. We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters (e.g., the defenders' security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies) on the degree of suboptimality of security outcomes due to behavioral decision-making.

Keywords

Behavioral biases, Human decision-making, Decision-making model

Cite As

Abdallah M, Woods D, Naghizadeh P, et al. Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. ASIA CCS ’21. Association for Computing Machinery; 2021:378-392. doi:10.1145/3433210.3437534

Journal

ASIA CCS ’21

Rights

Publisher Policy

Source

ArXiv

Type

Article

Permanent Link

https://hdl.handle.net/1805/43270

DOI

https://doi.org/10.1145/3433210.3437534

Version

Author's manuscript

Collections

Open Access Policy Articles
Engineering Technology Works

Full item page