IDEAS home Printed from https://ideas.repec.org/p/hal/journl/hal-03188211.html
   My bibliography  Save this paper

Learning About the Effects of Alert Uncertainty in Attack and Defend Decisions via Cognitive Modeling

Author

Listed:
  • Palvi Aggarwal

    (CMU - Carnegie Mellon University [Pittsburgh])

  • Frederic Moisan

    (EM - EMLyon Business School, GATE Lyon Saint-Étienne - Groupe d'Analyse et de Théorie Economique Lyon - Saint-Etienne - UL2 - Université Lumière - Lyon 2 - UJM - Université Jean Monnet - Saint-Étienne - CNRS - Centre National de la Recherche Scientifique)

  • Cleotilde Gonzalez

    (CMU - Carnegie Mellon University [Pittsburgh])

  • Varun Dutt

    (IIT Mandi - Indian Institute of Technology Mandi)

Abstract

Objective We aim to learn about the cognitive mechanisms governing the decisions of attackers and defenders in cybersecurity involving intrusion detection systems (IDSs). Background Prior research has experimentally studied the role of the presence and accuracy of IDS alerts on attacker's and defender's decisions using a game-theoretic approach. However, little is known about the cognitive mechanisms that govern these decisions. Method To investigate the cognitive mechanisms governing the attacker's and defender's decisions in the presence of IDSs of different accuracies, instance-based learning (IBL) models were developed. One model (NIDS) disregarded the IDS alerts and one model (IDS) considered them in the instance structure. Both the IDS and NIDS models were trained in an existing dataset where IDSs were either absent or present and they possessed different accuracies. The calibrated IDS model was tested in a newly collected test dataset where IDSs were present 50% of the time and they possessed different accuracies. Results Both the IDS and NIDS models were able to account for human decisions in the training dataset, where IDS was absent or present and it possessed different accuracies. However, the IDS model could accurately predict the decision-making in only one of the several IDS accuracy conditions in the test dataset. Conclusions Cognitive models like IBL may provide some insights regarding the cognitive mechanisms governing the decisions of attackers and defenders in conditions not involving IDSs or IDSs of different accuracies. Application IBL models may be helpful for penetration testing exercises in scenarios involving IDSs of different accuracies.

Suggested Citation

  • Palvi Aggarwal & Frederic Moisan & Cleotilde Gonzalez & Varun Dutt, 2022. "Learning About the Effects of Alert Uncertainty in Attack and Defend Decisions via Cognitive Modeling," Post-Print hal-03188211, HAL.
    • Handle: RePEc:hal:journl:hal-03188211
    DOI: 10.1177/0018720820945425
    as

    Download full text from publisher

    To our knowledge, this item is not available for download. To find whether it is available, there are three options:
    1. Check below whether another version of this item is available online.
    2. Check on the provider's web page whether it is in fact available.
    3. Perform a search for a similarly titled item that would be available.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:hal:journl:hal-03188211. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: CCSD (email available below). General contact details of provider: https://hal.archives-ouvertes.fr/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.