Objective: The aim of this study was to determine how monetary motivations influence decision making of humans performing as security analysts and hackers in a cybersecurity game. Background: Cyberattacks are increasing at an alarming rate. As cyberattacks often cause damage to existing cyber infrastructures, it is important to understand how monetary rewards may influence decision making of hackers and analysts in the cyber world. Currently, only limited attention has been given to this area. Method: In an experiment, participants were randomly assigned to three between-subjects conditions (n = 26 for each condition): equal payoff, where the magnitude of monetary rewards for hackers and defenders was the same; rewarding hacker, where the magnitude of monetary reward for hacker’s successful attack was 10 times the reward for analyst’s successful defense; and rewarding analyst, where the magnitude of monetary reward for analyst’s successful defense was 10 times the reward for hacker’s successful attack. In all conditions, half of the participants were human hackers playing against Nash analysts and half were human analysts playing against Nash hackers. Results: Results revealed that monetary rewards for human hackers and analysts caused a decrease in attack and defend actions compared with the baseline. Furthermore, rewarding human hackers for undetected attacks made analysts deviate significantly from their optimal behavior. Conclusions: If hackers are rewarded for their undetected attack actions, then this causes analysts to deviate from optimal defend proportions. Thus, analysts need to be trained not become overenthusiastic in defending networks. Application: Applications of our results are to networks where the influence of monetary rewards may cause information theft and system damage.
[1]
Cleotilde Gonzalez,et al.
Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning
,
2011,
DBSec.
[2]
A. Tversky,et al.
Advances in prospect theory: Cumulative representation of uncertainty
,
1992
.
[3]
A. Tversky,et al.
Prospect theory: an analysis of decision under risk — Source link
,
2007
.
[4]
C. Lebiere,et al.
The Atomic Components of Thought
,
1998
.
[5]
Cleotilde Gonzalez,et al.
A Cognitive Model of Dynamic Cooperation With Varied Interdependency Information
,
2015,
Cogn. Sci..
[6]
Christian Lebiere,et al.
The dynamics of cognition: An ACT-R model of cognitive arithmetic
,
1999,
Kognitionswissenschaft.
[7]
Tansu Alpcan,et al.
Network Security
,
2010
.
[8]
Cleotilde Gonzalez,et al.
Making Instance-based Learning Theory usable and understandable: The Instance-based Learning Tool
,
2012,
Comput. Hum. Behav..
[9]
Colin Camerer.
Behavioral Game Theory: Experiments in Strategic Interaction
,
2003
.
[10]
Chase Qishi Wu,et al.
A Survey of Game Theory as Applied to Network Security
,
2010,
2010 43rd Hawaii International Conference on System Sciences.
[11]
A. Tversky,et al.
Prospect theory: analysis of decision under risk
,
1979
.
[12]
Cleotilde Gonzalez,et al.
Instance-based learning in dynamic decision making
,
2003,
Cogn. Sci..