Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems

Mustafa Abdallah; Daniel Woods; Parinaz Naghizadeh; Issa Khalil; Timothy Cason; Shreyas Sundaram; Saurabh Bagchi

doi:10.1145/3433210.3437534

Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems

Mustafa Abdallah, Daniel Woods, Parinaz Naghizadeh, Issa Khalil, Timothy Cason, Shreyas Sundaram, Saurabh Bagchi

Qatar Computing Research Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Citations (Scopus)

Abstract

We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making. We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters (e.g., the defenders' security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies) on the degree of suboptimality of security outcomes due to behavioral decision-making.

Original language	English
Title of host publication	ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	378-392
Number of pages	15
ISBN (Electronic)	9781450382878
DOIs	https://doi.org/10.1145/3433210.3437534
Publication status	Published - 24 May 2021
Event	16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021 - Virtual, Online, Hong Kong Duration: 7 Jun 2021 → 11 Jun 2021

Publication series

Name	ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

Conference

Conference	16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021
Country/Territory	Hong Kong
City	Virtual, Online
Period	7/06/21 → 11/06/21

Keywords

attack graphs
behavioral decision-making
guiding security decision-makers
learning attacks
reinforcement learning
security games

Access to Document

10.1145/3433210.3437534

Cite this

Abdallah, M., Woods, D., Naghizadeh, P., Khalil, I., Cason, T., Sundaram, S., & Bagchi, S. (2021). Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems. In ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (pp. 378-392). (ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3433210.3437534

Abdallah, Mustafa ; Woods, Daniel ; Naghizadeh, Parinaz et al. / Morshed : Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems. ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2021. pp. 378-392 (ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security).

@inproceedings{e769f5f9fd14400b99a7c5e13bef63d6,

title = "Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems",

abstract = "We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making. We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters (e.g., the defenders' security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies) on the degree of suboptimality of security outcomes due to behavioral decision-making.",

keywords = "attack graphs, behavioral decision-making, guiding security decision-makers, learning attacks, reinforcement learning, security games",

author = "Mustafa Abdallah and Daniel Woods and Parinaz Naghizadeh and Issa Khalil and Timothy Cason and Shreyas Sundaram and Saurabh Bagchi",

note = "Publisher Copyright: {\textcopyright} 2021 ACM.; 16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021 ; Conference date: 07-06-2021 Through 11-06-2021",

year = "2021",

month = may,

day = "24",

doi = "10.1145/3433210.3437534",

language = "English",

series = "ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "378--392",

booktitle = "ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security",

}

Abdallah, M, Woods, D, Naghizadeh, P, Khalil, I, Cason, T, Sundaram, S & Bagchi, S 2021, Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems. in ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 378-392, 16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021, Virtual, Online, Hong Kong, 7/06/21. https://doi.org/10.1145/3433210.3437534

Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems. / Abdallah, Mustafa; Woods, Daniel; Naghizadeh, Parinaz et al.
ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2021. p. 378-392 (ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Morshed

T2 - 16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021

AU - Abdallah, Mustafa

AU - Woods, Daniel

AU - Naghizadeh, Parinaz

AU - Khalil, Issa

AU - Cason, Timothy

AU - Sundaram, Shreyas

AU - Bagchi, Saurabh

PY - 2021/5/24

Y1 - 2021/5/24

N2 - We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making. We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters (e.g., the defenders' security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies) on the degree of suboptimality of security outcomes due to behavioral decision-making.

AB - We model the behavioral biases of human decision-making in securing interdependent systems and show that such behavioral decision-making leads to a suboptimal pattern of resource allocation compared to non-behavioral (rational) decision-making. We provide empirical evidence for the existence of such behavioral bias model through a controlled subject study with 145 participants. We then propose three learning techniques for enhancing decision-making in multi-round setups. We illustrate the benefits of our decision-making model through multiple interdependent real-world systems and quantify the level of gain compared to the case in which the defenders are behavioral. We also show the benefit of our learning techniques against different attack models. We identify the effects of different system parameters (e.g., the defenders' security budget availability and distribution, the degree of interdependency among defenders, and collaborative defense strategies) on the degree of suboptimality of security outcomes due to behavioral decision-making.

KW - attack graphs

KW - behavioral decision-making

KW - guiding security decision-makers

KW - learning attacks

KW - reinforcement learning

KW - security games

UR - https://www.scopus.com/pages/publications/85108071419

U2 - 10.1145/3433210.3437534

DO - 10.1145/3433210.3437534

M3 - Conference contribution

AN - SCOPUS:85108071419

T3 - ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

SP - 378

EP - 392

BT - ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 7 June 2021 through 11 June 2021

ER -

Abdallah M, Woods D, Naghizadeh P, Khalil I, Cason T, Sundaram S et al. Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems. In ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2021. p. 378-392. (ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security). doi: 10.1145/3433210.3437534

Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this