TY - GEN
T1 - Choosing Protection
T2 - 10th International Conference on Decision and Game Theory for Security, GameSec 2019
AU - Yaakov, Yoav Ben
AU - Wang, Xinrun
AU - Meyer, Joachim
AU - An, Bo
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019/1/1
Y1 - 2019/1/1
N2 - Firewalls, Intrusion Detection Systems (IDS), and cyber-insurance are widely used to protect against cyber-attacks and their consequences. The optimal investment in each of these security measures depends on the likelihood of threats and the severity of the damage they cause, on the user’s ability to distinguish between malicious and non-malicious content, and on the properties of the different security measures and their costs. We present a model of the optimal investment in the security measures, given that the effectiveness of each measure depends partly on the performance of the others. We also conducted an online experiment in which participants classified events as malicious or non-malicious, based on the value of an observed variable. They could protect themselves by investing in a firewall, an IDS or insurance. Four experimental conditions differed in the optimal investment in the different measures. Participants tended to invest preferably in the IDS, irrespective of the benefits from this investment. They were able to identify the firewall and insurance conditions in which investments were beneficial, but they did not invest optimally in these measures. The results imply that users’ intuitive decisions to invest resources in risk management measures are likely to be non-optimal. It is important to develop methods to help users in their decisions.
AB - Firewalls, Intrusion Detection Systems (IDS), and cyber-insurance are widely used to protect against cyber-attacks and their consequences. The optimal investment in each of these security measures depends on the likelihood of threats and the severity of the damage they cause, on the user’s ability to distinguish between malicious and non-malicious content, and on the properties of the different security measures and their costs. We present a model of the optimal investment in the security measures, given that the effectiveness of each measure depends partly on the performance of the others. We also conducted an online experiment in which participants classified events as malicious or non-malicious, based on the value of an observed variable. They could protect themselves by investing in a firewall, an IDS or insurance. Four experimental conditions differed in the optimal investment in the different measures. Participants tended to invest preferably in the IDS, irrespective of the benefits from this investment. They were able to identify the firewall and insurance conditions in which investments were beneficial, but they did not invest optimally in these measures. The results imply that users’ intuitive decisions to invest resources in risk management measures are likely to be non-optimal. It is important to develop methods to help users in their decisions.
KW - Cyber insurance
KW - Cybersecurity
KW - Decision making
UR - http://www.scopus.com/inward/record.url?scp=85076390907&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-32430-8_3
DO - 10.1007/978-3-030-32430-8_3
M3 - Conference contribution
AN - SCOPUS:85076390907
SN - 9783030324292
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 33
EP - 44
BT - Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings
A2 - Alpcan, Tansu
A2 - Vorobeychik, Yevgeniy
A2 - Baras, John S.
A2 - Dán, György
PB - Springer
Y2 - 30 October 2019 through 1 November 2019
ER -