IDEAS home Printed from https://ideas.repec.org/p/arx/papers/2001.03213.html
   My bibliography  Save this paper

Behavioral and Game-Theoretic Security Investments in Interdependent Systems Modeled by Attack Graphs

Author

Listed:
  • Mustafa Abdallah
  • Parinaz Naghizadeh
  • Ashish R. Hota
  • Timothy Cason
  • Saurabh Bagchi
  • Shreyas Sundaram

Abstract

We consider a system consisting of multiple interdependent assets, and a set of defenders, each responsible for securing a subset of the assets against an attacker. The interdependencies between the assets are captured by an attack graph, where an edge from one asset to another indicates that if the former asset is compromised, an attack can be launched on the latter asset. Each edge has an associated probability of successful attack, which can be reduced via security investments by the defenders. In such scenarios, we investigate the security investments that arise under certain features of human decision-making that have been identified in behavioral economics. In particular, humans have been shown to perceive probabilities in a nonlinear manner, typically overweighting low probabilities and underweighting high probabilities. We show that suboptimal investments can arise under such weighting in certain network topologies. We also show that pure strategy Nash equilibria exist in settings with multiple (behavioral) defenders, and study the inefficiency of the equilibrium investments by behavioral defenders compared to a centralized socially optimal solution.

Suggested Citation

  • Mustafa Abdallah & Parinaz Naghizadeh & Ashish R. Hota & Timothy Cason & Saurabh Bagchi & Shreyas Sundaram, 2020. "Behavioral and Game-Theoretic Security Investments in Interdependent Systems Modeled by Attack Graphs," Papers 2001.03213, arXiv.org, revised May 2020.
    • Handle: RePEc:arx:papers:2001.03213
    as

    Download full text from publisher

    File URL: http://arxiv.org/pdf/2001.03213
    File Function: Latest version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Gerald Brown & Matthew Carlyle & Ahmad Abdul‐Ghaffar & Jeffrey Kline, 2011. "A defender‐attacker optimization of Port Radar surveillance," Naval Research Logistics (NRL), John Wiley & Sons, vol. 58(3), pages 223-235, April.
    2. Daniel Kahneman & Amos Tversky, 2013. "Prospect Theory: An Analysis of Decision Under Risk," World Scientific Book Chapters, in: Leonard C MacLean & William T Ziemba (ed.), HANDBOOK OF THE FUNDAMENTALS OF FINANCIAL DECISION MAKING Part I, chapter 6, pages 99-127, World Scientific Publishing Co. Pte. Ltd..
    3. Ashish R. Hota & Siddharth Garg & Shreyas Sundaram, 2014. "Fragility of the Commons under Prospect-Theoretic Risk Attitudes," Papers 1408.5951, arXiv.org, revised Jun 2016.
    4. Drazen Prelec, 1998. "The Probability Weighting Function," Econometrica, Econometric Society, vol. 66(3), pages 497-528, May.
    5. Hota, Ashish R. & Garg, Siddharth & Sundaram, Shreyas, 2016. "Fragility of the commons under prospect-theoretic risk attitudes," Games and Economic Behavior, Elsevier, vol. 98(C), pages 135-164.
    6. Dhami, Sanjit, 2016. "The Foundations of Behavioral Economic Analysis," OUP Catalogue, Oxford University Press, number 9780198715535.
    7. Nicholas C. Barberis, 2013. "Thirty Years of Prospect Theory in Economics: A Review and Assessment," Journal of Economic Perspectives, American Economic Association, vol. 27(1), pages 173-196, Winter.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Ashish R. Hota & Shreyas Sundaram, 2017. "Game-Theoretic Vaccination Against Networked SIS Epidemics and Impacts of Human Decision-Making," Papers 1703.08750, arXiv.org, revised Mar 2019.
    2. Ashish R. Hota & Shreyas Sundaram, 2018. "Controlling Human Utilization of Failure-Prone Systems via Taxes," Papers 1802.09490, arXiv.org, revised Apr 2020.
    3. Amedeo Piolatto & Matthew D. Rablen, 2017. "Prospect theory and tax evasion: a reconsideration of the Yitzhaki puzzle," Theory and Decision, Springer, vol. 82(4), pages 543-565, April.
    4. Stephen G Dimmock & Roy Kouwenberg & Olivia S Mitchell & Kim Peijnenburg, 2021. "Household Portfolio Underdiversification and Probability Weighting: Evidence from the Field," The Review of Financial Studies, Society for Financial Studies, vol. 34(9), pages 4524-4563.
    5. Christos Pelekis & Panagiotis Promponas & Juan Alvarado & Eirini Eleni Tsiropoulou & Symeon Papavassiliou, 2021. "A fragile multi-CPR game," Mathematical Methods of Operations Research, Springer;Gesellschaft für Operations Research (GOR);Nederlands Genootschap voor Besliskunde (NGB), vol. 94(3), pages 461-492, December.
    6. Ryan O. Murphy & Robert H. W. ten Brincke, 2018. "Hierarchical Maximum Likelihood Parameter Estimation for Cumulative Prospect Theory: Improving the Reliability of Individual Risk Parameter Estimates," Management Science, INFORMS, vol. 64(1), pages 308-328, January.
    7. Li, Baibing & Hensher, David A., 2017. "Risky weighting in discrete choice," Transportation Research Part B: Methodological, Elsevier, vol. 102(C), pages 1-21.
    8. Aurélien Baillon & Han Bleichrodt & Vitalie Spinu, 2020. "Searching for the Reference Point," Management Science, INFORMS, vol. 66(1), pages 93-112, January.
    9. Georgalos, Konstantinos & Paya, Ivan & Peel, David A., 2021. "On the contribution of the Markowitz model of utility to explain risky choice in experimental research," Journal of Economic Behavior & Organization, Elsevier, vol. 182(C), pages 527-543.
    10. Kpegli, Yao Thibaut & Corgnet, Brice & Zylbersztejn, Adam, 2023. "All at once! A comprehensive and tractable semi-parametric method to elicit prospect theory components," Journal of Mathematical Economics, Elsevier, vol. 104(C).
    11. Alex Markle & George Wu & Rebecca White & Aaron Sackett, 2018. "Goals as reference points in marathon running: A novel test of reference dependence," Journal of Risk and Uncertainty, Springer, vol. 56(1), pages 19-50, February.
    12. Giannikos, Christos I. & Kakolyris, Andreas & Suen, Tin Shan, 2023. "Prospect theory and a manager's decision to trade a blind principal bid basket," Global Finance Journal, Elsevier, vol. 55(C).
    13. Belianin, A., 2017. "Face to Face to Human Being: Achievements and Challenges of Behavioral Economics," Journal of the New Economic Association, New Economic Association, vol. 34(2), pages 166-175.
    14. Müller, Stephan & Rau, Holger A., 2019. "Decisions under uncertainty in social contexts," Games and Economic Behavior, Elsevier, vol. 116(C), pages 73-95.
    15. Immanuel Lampe & Daniel Würtenberger, 2019. "Loss Aversion And The Demand For Index Insurance," Working Papers on Finance 1907, University of St. Gallen, School of Finance.
    16. Ali al-Nowaihi & Sanjit Dhami & Mengxing Wei, 2018. "Quantum Decision Theory and the Ellsberg Paradox," CESifo Working Paper Series 7158, CESifo.
    17. Aurélien Baillon & Han Bleichrodt & Vitalie Spinu, 2020. "Searching for the Reference Point," Management Science, INFORMS, vol. 66(1), pages 93-112, January.
    18. Harin, Alexander, 2018. "Forbidden zones and biases for the expectation of a random variable. Version 2," MPRA Paper 85607, University Library of Munich, Germany.
    19. Lucy F. Ackert & Richard Deaves & Jennifer Miele & Quang Nguyen, 2020. "Are Time Preference and Risk Preference Associated with Cognitive Intelligence and Emotional Intelligence?," Journal of Behavioral Finance, Taylor & Francis Journals, vol. 21(2), pages 136-156, April.
    20. Moshe Levy, 2022. "An evolutionary explanation of the Allais paradox," Journal of Evolutionary Economics, Springer, vol. 32(5), pages 1545-1574, November.

    More about this item

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:arx:papers:2001.03213. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: arXiv administrators (email available below). General contact details of provider: http://arxiv.org/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.