Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Learning About the Effects of Alert Uncertainty in Attack and Defend Decisions via Cognitive Modeling.
Human Factors: The Journal of the Human Factors and Ergonomics Society ( IF 3.3 ) Pub Date : 2020-09-20 , DOI: 10.1177/0018720820945425 Palvi Aggarwal 1 , Frederic Moisan 2 , Cleotilde Gonzalez 1 , Varun Dutt 3
Human Factors: The Journal of the Human Factors and Ergonomics Society ( IF 3.3 ) Pub Date : 2020-09-20 , DOI: 10.1177/0018720820945425 Palvi Aggarwal 1 , Frederic Moisan 2 , Cleotilde Gonzalez 1 , Varun Dutt 3
Affiliation
OBJECTIVE
We aim to learn about the cognitive mechanisms governing the decisions of attackers and defenders in cybersecurity involving intrusion detection systems (IDSs). BACKGROUND
Prior research has experimentally studied the role of the presence and accuracy of IDS alerts on attacker's and defender's decisions using a game-theoretic approach. However, little is known about the cognitive mechanisms that govern these decisions. METHOD
To investigate the cognitive mechanisms governing the attacker's and defender's decisions in the presence of IDSs of different accuracies, instance-based learning (IBL) models were developed. One model (NIDS) disregarded the IDS alerts and one model (IDS) considered them in the instance structure. Both the IDS and NIDS models were trained in an existing dataset where IDSs were either absent or present and they possessed different accuracies. The calibrated IDS model was tested in a newly collected test dataset where IDSs were present 50% of the time and they possessed different accuracies. RESULTS
Both the IDS and NIDS models were able to account for human decisions in the training dataset, where IDS was absent or present and it possessed different accuracies. However, the IDS model could accurately predict the decision-making in only one of the several IDS accuracy conditions in the test dataset. CONCLUSIONS
Cognitive models like IBL may provide some insights regarding the cognitive mechanisms governing the decisions of attackers and defenders in conditions not involving IDSs or IDSs of different accuracies. APPLICATION
IBL models may be helpful for penetration testing exercises in scenarios involving IDSs of different accuracies.
中文翻译:
通过认知建模了解警报不确定性对攻击和防御决策的影响。
目标 我们的目标是了解在涉及入侵检测系统 (IDS) 的网络安全中控制攻击者和防御者决策的认知机制。背景技术先前的研究已经使用博弈论方法通过实验研究了IDS警报的存在和准确性对攻击者和防御者的决策的作用。然而,关于支配这些决定的认知机制知之甚少。方法 为了研究在存在不同精度的 IDS 的情况下控制攻击者和防御者决策的认知机制,开发了基于实例的学习 (IBL) 模型。一个模型 (NIDS) 忽略了 IDS 警报,一个模型 (IDS) 在实例结构中考虑了它们。IDS 和 NIDS 模型都在现有数据集中进行训练,其中 IDS 不存在或不存在,并且它们具有不同的准确性。校准后的 IDS 模型在新收集的测试数据集中进行了测试,其中 IDS 存在 50% 的时间并且它们具有不同的准确度。结果 IDS 和 NIDS 模型都能够解释训练数据集中的人类决策,其中 IDS 不存在或存在,并且具有不同的准确性。然而,IDS 模型只能在测试数据集中的几个 IDS 准确度条件之一下准确预测决策。结论 像 IBL 这样的认知模型可以提供一些关于在不涉及 IDS 或不同精度的 IDS 的情况下控制攻击者和防御者决策的认知机制的见解。
更新日期:2020-09-20
中文翻译:
通过认知建模了解警报不确定性对攻击和防御决策的影响。
目标 我们的目标是了解在涉及入侵检测系统 (IDS) 的网络安全中控制攻击者和防御者决策的认知机制。背景技术先前的研究已经使用博弈论方法通过实验研究了IDS警报的存在和准确性对攻击者和防御者的决策的作用。然而,关于支配这些决定的认知机制知之甚少。方法 为了研究在存在不同精度的 IDS 的情况下控制攻击者和防御者决策的认知机制,开发了基于实例的学习 (IBL) 模型。一个模型 (NIDS) 忽略了 IDS 警报,一个模型 (IDS) 在实例结构中考虑了它们。IDS 和 NIDS 模型都在现有数据集中进行训练,其中 IDS 不存在或不存在,并且它们具有不同的准确性。校准后的 IDS 模型在新收集的测试数据集中进行了测试,其中 IDS 存在 50% 的时间并且它们具有不同的准确度。结果 IDS 和 NIDS 模型都能够解释训练数据集中的人类决策,其中 IDS 不存在或存在,并且具有不同的准确性。然而,IDS 模型只能在测试数据集中的几个 IDS 准确度条件之一下准确预测决策。结论 像 IBL 这样的认知模型可以提供一些关于在不涉及 IDS 或不同精度的 IDS 的情况下控制攻击者和防御者决策的认知机制的见解。
京公网安备 11010802027423号