论文信息 - Predicted and Observed User Behavior in the Weakest-link Security Game

Predicted and Observed User Behavior in the Weakest-link Security Game

We aim to advance the understanding of individual security decision-making, by combining formal and behavioral analysis. We sketch a game-theoretic model of security decision-making that generalizes the "weakest link" game, and describe a controlled laboratory experiment to reveal differences between predicted and observed user behavior. Results of a pilot study yield possible explanations for behaviors observed in the wild: users show some willingness to experiment with parameters, rarely converge to a fixed behavior, and face difficulties isolating the impact of individual parameters.

[1] Nicolas Christin,et al. Near rationality and competitive equilibria in networked systems , 2004, PINS '04.

[2] Bettina Berendt,et al. E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior , 2001, EC '01.

[3] Nicolas Christin,et al. Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[4] Scott Shenker,et al. An experiment on learning with limited information: nonconvergence, experimentation cascades, and the advantage of being slow , 2004, Games Econ. Behav..

[5] J. Hirshleifer. From weakest-link to best-shot: The voluntary provision of public goods , 1983 .

[6] Hal R. Varian,et al. System Reliability and Free Riding , 2004, Economics of Information Security.

[7] J. Huyck,et al. Tacit Coordination Games, Strategic Uncertainty, and Coordination Failure , 1990 .

[8] Alessandro Acquisti,et al. Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[9] Ross J. Anderson. Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.