当前位置:
X-MOL 学术
›
arXiv.cs.GT
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Behavioral and Game-Theoretic Security Investments in Interdependent Systems Modeled by Attack Graphs
arXiv - CS - Computer Science and Game Theory Pub Date : 2020-01-09 , DOI: arxiv-2001.03213 Mustafa Abdallah, Parinaz Naghizadeh, Ashish R. Hota, Timothy Cason, Saurabh Bagchi, and Shreyas Sundaram
arXiv - CS - Computer Science and Game Theory Pub Date : 2020-01-09 , DOI: arxiv-2001.03213 Mustafa Abdallah, Parinaz Naghizadeh, Ashish R. Hota, Timothy Cason, Saurabh Bagchi, and Shreyas Sundaram
We consider a system consisting of multiple interdependent assets, and a set
of defenders, each responsible for securing a subset of the assets against an
attacker. The interdependencies between the assets are captured by an attack
graph, where an edge from one asset to another indicates that if the former
asset is compromised, an attack can be launched on the latter asset. Each edge
has an associated probability of successful attack, which can be reduced via
security investments by the defenders. In such scenarios, we investigate the
security investments that arise under certain features of human decision-making
that have been identified in behavioral economics. In particular, humans have
been shown to perceive probabilities in a nonlinear manner, typically
overweighting low probabilities and underweighting high probabilities. We show
that suboptimal investments can arise under such weighting in certain network
topologies. We also show that pure strategy Nash equilibria exist in settings
with multiple (behavioral) defenders, and study the inefficiency of the
equilibrium investments by behavioral defenders compared to a centralized
socially optimal solution.
中文翻译:
通过攻击图建模的相互依赖系统中的行为和博弈论安全投资
我们考虑一个由多个相互依赖的资产和一组防御者组成的系统,每个防御者负责保护资产的子集免受攻击者的侵害。资产之间的相互依赖关系由攻击图捕获,其中从一项资产到另一项资产的边表明如果前一项资产受到威胁,则可以对后一项资产发起攻击。每个边缘都有一个相关的成功攻击概率,这可以通过防御者的安全投资来降低。在这种情况下,我们调查了在行为经济学中确定的人类决策的某些特征下产生的安全投资。特别是,人类已被证明以非线性方式感知概率,通常高估低概率而低估高概率。我们表明,在某些网络拓扑中,在这种加权下可能会出现次优投资。我们还表明纯策略纳什均衡存在于具有多个(行为)防御者的环境中,并研究了与集中的社会最优解决方案相比,行为防御者的均衡投资的低效率。
更新日期:2020-05-12
中文翻译:
通过攻击图建模的相互依赖系统中的行为和博弈论安全投资
我们考虑一个由多个相互依赖的资产和一组防御者组成的系统,每个防御者负责保护资产的子集免受攻击者的侵害。资产之间的相互依赖关系由攻击图捕获,其中从一项资产到另一项资产的边表明如果前一项资产受到威胁,则可以对后一项资产发起攻击。每个边缘都有一个相关的成功攻击概率,这可以通过防御者的安全投资来降低。在这种情况下,我们调查了在行为经济学中确定的人类决策的某些特征下产生的安全投资。特别是,人类已被证明以非线性方式感知概率,通常高估低概率而低估高概率。我们表明,在某些网络拓扑中,在这种加权下可能会出现次优投资。我们还表明纯策略纳什均衡存在于具有多个(行为)防御者的环境中,并研究了与集中的社会最优解决方案相比,行为防御者的均衡投资的低效率。