Understanding the Impacts of Human Decision-Making on Security and Robustness of Large-Scale Systems

Research Areas: Human Centric Security

Principal Investigator: Shreyas Sundaram

The robustness and security of systems depend critically on the way they are utilized by human decision-makers.  While there are various classical mathematical frameworks that have been used to model decision-makers, studies in behavioral psychology and economics have shown that humans consistently deviate from such traditional models of behavior.  These deviations from expected behavior, particularly in the way that humans view and evaluate risks and losses, can significantly impact the way that they use shared systems.

In this project, we consider the game-theoretic implications of behavioral deviations (captured by Prospect Theory) on the utilizations of failure- and attack-prone systems.  For example, we consider a setting where a group of individuals utilize a shared resource; the resource fails with a probability that increases with the amount of utilization, and provides a certain return otherwise.  We show that utilization increases as the players deviate from risk neutrality, and also when they have heterogeneous attitudes towards loss.  We also consider the use of taxation policies to mitigate overutilization of the resource, and demonstrate that counter-intuitive outcomes can arise under behavioral decision-making. 

We also consider interdependent security games where each node in a network chooses how much to invest in security to protect itself.  The successful attack probability at each node in such settings depends on the investment at that node and on neighboring nodes.  We characterize the impact of prospect-theoretic perceptions of attack probabilities on the equilibrium security investments, and identify techniques to optimally design networks to mitigate security risks under behavioral decision-making.


Other PIs: Saurabh Bagchi, Timothy Cason

Students: Ashish Ranjan Hota, Mustafa Abdallah El-Hosiny

Representative Publications

Keywords: Cybersecurity, Game Theory, human behavior, human-system interaction, Network Security, prospect theory, security incentives, tragedy of the commons