Cybersecurity: Effect of information availability in security games

Cyber-attacks, i.e., disruption of normal functioning of computers and loss of information, are becoming widespread. Cyber security may be studied as a non-cooperative game as described by behavioral game theory. However, current game-theoretic approaches have based their conclusions on Nash equilibriums, while disregarding the role of information availability among hackers and analysts. In this study, we investigated how information availability affected behavior of analysts and hackers in 2×2 security games. In an experiment involving security games, interdependence information available to hackers and analysts was analyzed in two between-subjects conditions: “Info” and “No-Info”. In “Info” condition, both players had complete information about each other's actions and payoffs, while this information was missing in “No-Info” condition. Results showed that presence of information caused analysts and hackers to increase their proportion of defend and attack actions, respectively. We highlight the relevance of our results to cyber-attacks in the real world.

[1]  Christian Lebiere,et al.  The dynamics of cognition: An ACT-R model of cognitive arithmetic , 1999, Kognitionswissenschaft.

[2]  Cleotilde Gonzalez,et al.  Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning , 2011, DBSec.

[3]  Cleotilde González,et al.  Refuting Data Aggregation Arguments and How the Instance-Based Learning Model Stands Criticism: A Reply to Hills and Hertwig (2012). , 2012 .

[4]  James Andrew Lewis,et al.  The economic impact of cybercrime and cyber espionage , 2013 .

[5]  Cleotilde Gonzalez,et al.  Refuting data aggregation arguments and how the IBL model stands criticism: A reply to Hills and Hertwig (2012) , 2012 .

[6]  Varun Dutt,et al.  Instance-based learning: integrating sampling and repeated decisions from experience. , 2011, Psychological review.

[7]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[8]  Cleotilde Gonzalez,et al.  A Cognitive Model of Dynamic Cooperation With Varied Interdependency Information , 2015, Cogn. Sci..

[9]  C. Lebiere,et al.  The Atomic Components of Thought , 1998 .

[10]  Colin Camerer Behavioral Game Theory: Experiments in Strategic Interaction , 2003 .

[11]  C. Lebiere,et al.  A description-experience gap in social interactions: : information about interdependence and its effects on cooperation , 2013 .

[12]  Tansu Alpcan,et al.  Network Security , 2010 .

[13]  Cleotilde Gonzalez,et al.  Cyber Situation Awareness , 2013, Hum. Factors.

[14]  Cleotilde Gonzalez,et al.  Instance-based learning in dynamic decision making , 2003, Cogn. Sci..