Understanding the Impacts of Human Decision-Making on Security and Robustness of Large-Scale Systems

Research Areas: Human Centric Security

Principal Investigator: Shreyas Sundaram

The robustness and security of systems depend critically on the way they are utilized by human decision-makers. While there are various classical mathematical frameworks that have been used to model decision-makers, studies in behavioral psychology and economics have shown that humans consistently deviate from such traditional models of behavior. These deviations from expected behavior, particularly in the way that humans view and evaluate risks and losses, can significantly impact the way that they use shared systems.

In this project, we consider the game-theoretic implications of behavioral deviations (captured by Prospect Theory) on the utilizations of failure- and attack-prone systems. For example, we consider a setting where a group of individuals utilize a shared resource; the resource fails with a probability that increases with the amount of utilization, and provides a certain return otherwise. We show that utilization increases as the players deviate from risk neutrality, and also when they have heterogeneous attitudes towards loss. We also consider the use of taxation policies to mitigate overutilization of the resource, and demonstrate that counter-intuitive outcomes can arise under behavioral decision-making.

We also consider interdependent security games where each node in a network chooses how much to invest in security to protect itself. The successful attack probability at each node in such settings depends on the investment at that node and on neighboring nodes. We characterize the impact of prospect-theoretic perceptions of attack probabilities on the equilibrium security investments, and identify techniques to optimally design networks to mitigate security risks under behavioral decision-making.

Personnel

Other PIs: Saurabh Bagchi, Timothy Cason

Students: Ashish Ranjan Hota, Mustafa Abdallah El-Hosiny

Representative Publications

A. R. Hota and S. Sundaram, “Game-Theoretic Protection Against Networked SIS Epidemics by Human Decision-Makers.” Proceedings of the 2nd IFAC Workshop on Cyber-Physical and Human Systems, Miami, FL, December 2018 (to appear).
A. R. Hota, A. A Clements, S. Sundaram and S. Bagchi, "Optimal and Game-Theoretic Deployment of Security Investments in Interdependent Assets." Proceedings of GameSec 2016, the Conference on Decision and Game Theory for Security, New York City, NY, 2016.
A. R. Hota and S. Sundaram, "Interdependent Security Games under Behavioral Probability Weighting." Proceedings of GameSec 2015, the Conference on Decision and Game Theory for Security, London, England, 2015.
A. R. Hota and S. Sundaram, "Controlling Human Utilization of Shared Resources via Taxes." Proceedings of the 55th IEEE Conference on Decision and Control, Las Vegas, NV, 2016.
A. R. Hota and S. Sundaram, "Optimal Network Topologies for Mitigating Security and Epidemic Risks." Proceedings of the 54th Annual Allerton Conference on Communication, Control, and Computing, Allerton, IL, 2016 (invited).
A. R. Hota, S. Garg and S. Sundaram, "Fragility of the Commons under Prospect-Theoretic Risk Attitudes." Games and Economic Behavior, vol. 98, pp. 135 - 164, July 2016.

Keywords: Cybersecurity, Game Theory, human behavior, human-system interaction, Network Security, prospect theory, security incentives, tragedy of the commons