We consider a system consisting of multiple interdependent assets, and a set of defenders, each responsible for securing a subset of the assets against an attacker. The interdependencies between the assets are captured by an attack graph, where an edge from one asset to another indicates that if the former asset is compromised, an attack can be launched on the latter asset. Each edge has an associated probability of successful attack, which can be reduced via security investments by the defenders. In such scenarios, we investigate the security investments that arise under certain features of human decision-making that have been identified in behavioral economics. In particular, humans have been shown to perceive probabilities in a nonlinear manner, typically overweighting low probabilities and underweighting high probabilities. We show that suboptimal investments can arise under such weighting in certain network topologies. We also show that pure strategy Nash equilibria exist in settings with multiple (behavioral) defenders, and study the inefficiency of the equilibrium investments by behavioral defenders compared to a centralized socially optimal solution.

中文翻译：

---

通过攻击图建模的相互依赖系统中的行为和博弈论安全投资

我们考虑一个由多个相互依赖的资产和一组防御者组成的系统，每个防御者负责保护资产的子集免受攻击者的侵害。资产之间的相互依赖关系由攻击图捕获，其中从一项资产到另一项资产的边表明如果前一项资产受到威胁，则可以对后一项资产发起攻击。每个边缘都有一个相关的成功攻击概率，这可以通过防御者的安全投资来降低。在这种情况下，我们调查了在行为经济学中确定的人类决策的某些特征下产生的安全投资。特别是，人类已被证明以非线性方式感知概率，通常高估低概率而低估高概率。我们表明，在某些网络拓扑中，在这种加权下可能会出现次优投资。我们还表明纯策略纳什均衡存在于具有多个（行为）防御者的环境中，并研究了与集中的社会最优解决方案相比，行为防御者的均衡投资的低效率。