A Behavioral Investigation of the FlipIt Game

Security decisions are rarely made at a singular point in time. Though many models evaluate choice under uncertainty with regards to many options, fewer address the problem of when to act. The FlipIt game captures this temporal choice, only allowing players to choose when, and not how, to act. Decisions of this sort are encountered by managers choosing when to address fraud, computer users selecting when to update their software, and consumers deciding when to check their credit score. Recent investigations analyze the FlipIt game from a theoretical perspective, but the question remains how do people actually act when given temporal decisions? To answer this question, we conduct a behavioral investigation of the FlipIt game through a Mechanical Turk experiment with over 300 participants. In our study, each participant is matched with a computerized opponent in several fast-paced rounds of the FlipIt game. We find that participant performance improves over time (however, older participants improve less than younger ones). Further, there are significant performance differences with regards to gender and an individual difference variable reflecting the extent to which individuals are inclined towards effortful cognitive activities (i.e., the need for cognition). We further vary the amount of information that participants have available about the actions of the computerized opponent with six different experimental treatments and find significant statistical effects.

[1]  Samuel Karlin,et al.  Mathematical Methods and Theory in Games, Programming, and Economics , 1961 .

[2]  James P. Kahan,et al.  Decisions of timing in bipolarized conflict situations with complete information , 1974 .

[3]  James P. Kahan,et al.  Decisions of Timing in Conflict Situations of Unequal Power Between Opponents , 1975 .

[4]  Tadeusz Radzik,et al.  A mixed game of timing: investigation of strategies , 1982 .

[5]  A. Damasio,et al.  Insensitivity to future consequences following damage to human prefrontal cortex , 1994, Cognition.


[7]  X. Koufteros Testing a model of pull production: a paradigm for manufacturing research using structural equation modeling , 1999 .

[8]  Stacy L. Wood,et al.  Psychological Indicators of Innovation Adoption: Cross-Classification Based on Need for Cognition and Need for Change , 2002 .

[9]  Scott Shenker,et al.  An experiment on learning with limited information: nonconvergence, experimentation cascades, and the advantage of being slow , 2004, Games Econ. Behav..

[10]  Jens Grossklags,et al.  Software agents and market (in) efficiency: a human trader experiment , 2006, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[11]  Cindy D. Kam,et al.  Beyond the “Narrow Data Base”: Another Convenience Sample for Experimental Research , 2007 .

[12]  Jens Grossklags Experimental economics and experimental computer science: a survey , 2007, ExpCS '07.

[13]  R. Meertens,et al.  Measuring an individual's tendency to take risks: The risk propensity scale. , 2008 .

[14]  Nicolas Christin,et al.  Predicted and Observed User Behavior in the Weakest-link Security Game , 2008, UPSEC.

[15]  David G. Rand,et al.  The online laboratory: conducting experiments in a real labor market , 2010, ArXiv.

[16]  Bill Tomlinson,et al.  Who are the crowdworkers?: shifting demographics in mechanical turk , 2010, CHI Extended Abstracts.

[17]  John Morgan,et al.  Clock games: Theory and experiments , 2010, Games Econ. Behav..

[18]  Nicolas Christin,et al.  It's All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice , 2011, Financial Cryptography.

[19]  Carlos Cid,et al.  Are We Compromised? Modelling Security Assessment Games , 2012, GameSec.

[20]  David G Rand The promise of Mechanical Turk: how online labor markets can help theorists run behavioral experiments. , 2012, Journal of theoretical biology.

[21]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[22]  Ryan O. Murphy,et al.  Evolution and Breakdown of Trust in Continuous Time , 2012 .

[23]  Siddharth Suri,et al.  Conducting behavioral research on Amazon’s Mechanical Turk , 2012, Behavior research methods.

[24]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[25]  Jens Grossklags,et al.  Risk-Seeking in a Continuous Game of Timing , 2013 .

[26]  Gábor Horváth,et al.  FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources , 2014, GameSec.