A game-theory approach to configuration of detection software with decision errors

The modern computer and communication networks that firms rely on have become more complex due to their dynamic, distributed and heterogeneous features; it is therefore increasingly important to characterize the interaction between a firm and a user to ensure information security. Recently, a game-theory approach has been widely employed to investigate this issue, including the optimal configurations of the detection software. However, for both the firm and the user, inaccuracies may persist in the gap between strategic decisions and actual actions, due to the effects of irrationality and the error-prone nature of the devices that carry their commands. This paper analyzes the effects of decision errors on the optimal strategies of both the firm and the user and, in particular, on the optimal configurations of the detection software. We finally demonstrate that decision errors can promote several pure equilibrium strategies and that fine-tuning these configurations quickly becomes difficult. Furthermore, we find that decision errors can drastically influence the optimal configurations and expected costs for a firm.

[1]  Xing Gao,et al.  Security investment and information sharing under an alternative security breach probability function , 2015, Inf. Syst. Frontiers.

[2]  Xing Gao,et al.  Stochastic Evolutionary Game Dynamics and Their Selection Mechanisms , 2013 .

[3]  Gregory Levitin,et al.  Defending majority voting systems against a strategic attacker , 2013, Reliab. Eng. Syst. Saf..

[4]  Tansu Alpcan,et al.  Security games with decision and observation errors , 2010, Proceedings of the 2010 American Control Conference.

[5]  Huseyin Cavusoglu,et al.  The Value of Intrusion Detection Systems in Information Technology Security Architecture , 2005, Inf. Syst. Res..

[6]  Vicki M. Bier,et al.  Subsidies in Interdependent Security With Heterogeneous Discount Rates , 2007 .

[7]  Jun Zhuang,et al.  Impacts of Subsidized Security on Stability and Total Social Costs of Equilibrium Solutions in an N-Player Game with Errors , 2010 .

[8]  Sanjay Misra,et al.  Neural Network and Classification Approach in Identifying Customer Behavior in the Banking Sector: A Case Study of an International Bank , 2015 .

[9]  M. Naceur Azaiez,et al.  Game Theoretic Risk Analysis of Security Threats , 2009 .

[10]  Vicki M. Bier,et al.  Protection of simple series and parallel systems with components of different values , 2005, Reliab. Eng. Syst. Saf..

[11]  Tae Woong Yoon,et al.  Proceedings of the 43rd IEEE Conference on Decision and Control , 2004 .

[12]  Gregory Levitin,et al.  Is it wise to leave some false targets unprotected? , 2013, Reliab. Eng. Syst. Saf..

[13]  Kjell Hausken and Gregory Levitin Review of Systems Defense and Attack Models , 2012, International Journal of Performability Engineering.

[14]  K. Hausken Income, interdependence, and substitution effects affecting incentives for security investment , 2006 .

[15]  Gregory Levitin,et al.  Resource distribution in multiple attacks with imperfect detection of the attack outcome. , 2012, Risk analysis : an official publication of the Society for Risk Analysis.

[16]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[17]  Larry Samuelson,et al.  Choosing What to Protect: Strategic Defensive Allocation Against an Unknown Attacker , 2005 .

[18]  Karel Soudan,et al.  A game-theoretical approach for reciprocal security-related prevention investment decisions , 2010, Reliab. Eng. Syst. Saf..

[19]  Kjell Hausken,et al.  The economics of terrorism against two targets , 2012 .

[20]  Huseyin Cavusoglu,et al.  Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems , 2009, Inf. Syst. Res..

[21]  Mohammad Abdollahi Azgomi,et al.  A game theoretic framework for evaluation of the impacts of hackers diversity on security measures , 2012, Reliab. Eng. Syst. Saf..

[22]  Kjell Hausken Strategic defense and attack for reliability systems , 2008, Reliab. Eng. Syst. Saf..

[23]  K. Hausken Information sharing among firms and cyber attacks , 2007 .

[24]  Tansu Alpcan,et al.  Network Security , 2010 .

[25]  Francisca Nonyelum Ogwueleka DATA MINING APPLICATION IN CREDIT CARD FRAUD DETECTION SYSTEM , 2011 .

[26]  Gregory Levitin,et al.  Defence and attack of systems with variable attacker system structure detection probability , 2010, J. Oper. Res. Soc..

[27]  Keh-Hsun Chen A study of decision error in selective game tree search , 2001, Inf. Sci..

[28]  Vicki M. Bier,et al.  Balancing Terrorism and Natural Disasters - Defensive Strategy with Endogenous Attacker Effort , 2007, Oper. Res..

[29]  Huseyin Cavusoglu,et al.  Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches , 2004, Decis. Anal..

[30]  Jacob K. Goeree,et al.  A theoretical analysis of altruism and decision error in public goods games , 1998 .

[31]  Kjell Hausken,et al.  Defending and attacking a network of two arcs subject to traffic congestion , 2013, Reliab. Eng. Syst. Saf..

[32]  Kjell Hausken,et al.  Strategic Defense and Attack of Complex Networks , 2007, WEIS.