Abstract
Game theory typically assumes rational behavior for solution concepts such as Nash equilibrium. However, this assumption is often violated when human agents are interacting in real-world scenarios, such as cybersecurity. There are different human factors that drive human decision making, and these also vary significantly across individuals leading to substantial individual differences in behavior. Predicting these differences in behavior can help a defender to predict actions of different attacker types to provide better defender strategy tailored towards different attacker types. We conducted an initial study of this idea using a behavioral version of the FlipIt game. We show that there are identifiable differences in behavior among different groups (e.g., individuals with different Dark Triad personality scores), but our initial attempts at capturing these differences using simple known behavioral models does not lead to significantly improved defender strategies. This suggests that richer behavioral models are needed to effectively predict and target strategies in these more complex cybersecurity game.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abbasi, Y.D., Short, M., Sinha, A., Sintov, N., Zhang, C., Tambe, M.: Human adversaries in opportunistic crime security games: evaluating competing bounded rationality models. In: Proceedings of the Third Annual Conference on Advances in Cognitive Systems ACS, p. 2 (2015)
Anderson, J.R.: ACT: a simple theory of complex cognition. Am. Psychol. 51(4), 355 (1996)
Basak, A., Shelby, C., Gutierrez, M., Černý, J.: StrataFlip Game. http://iasrl1.cs.utep.edu/ (2017)
Bosansky, B., Kiekintveld, C., Lisy, V., Pechoucek, M.: An exact double-oracle algorithm for zero-sum extensive-form games with imperfect information. J. Artif. Intell. Res. 51, 829–866 (2014)
Durkota, K., Lisý, V., Kiekintveld, C., Horák, K., Bošanský, B., Pevný, T.: Optimal strategies for detecting data exfiltration by internal and external attackers. In: Rass, S., Kiekintveld, C., Fang, F., Schauer, S. (eds.) GameSec 2017. LNCS, vol. 10575, pp. 171–192. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68711-7_10
Friedman, J., Hastie, T., Tibshirani, R.: The Elements of Statistical Learning. Springer series in statistics, vol. 1. Springer, New York (2001). https://doi.org/10.1007/978-0-387-84858-7
Harsanyi, J.C.: Games with incomplete information played by “bayesian” players, i-iii part i. The basic model. Manag. Sci. 14(3), 159–182 (1967)
Johanson, M., Bard, N., Burch, N., Bowling, M.: Finding optimal abstract strategies in extensive-form games. In: AAAI (2012)
Jones, D.N., Paulhus, D.L.: Introducing the short dark triad (SD3) a brief measure of dark personality traits. Assessment 21(1), 28–41 (2014)
Kahneman, D., Tversky, A.: Prospect theory: an analysis of decision under risk. In: Handbook of the Fundamentals of Financial Decision Making: Part I, pp. 99–127. World Scientific (2013)
Kar, D., Fang, F., Delle Fave, F., Sintov, N., Tambe, M.: A game of thrones: when human behavior models compete in repeated stackelberg security games. In: Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pp. 1381–1390. IFAAMAS (2015)
Kiekintveld, C., Lisý, V., Píbil, R.: Game-theoretic foundations for the strategic use of honeypots in network security. In: Jajodia, S., Shakarian, P., Subrahmanian, V.S., Swarup, V., Wang, C. (eds.) Cyber Warfare. AIS, vol. 56, pp. 81–101. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14039-1_5
Koller, D., Megiddo, N., von Stengel, B.: Efficient computation of equilibria for extensive two-person games. Games Econ. Behav. 14, 247–259 (1996)
Maples, J.L., Lamkin, J., Miller, J.D.: A test of two brief measures of the dark triad: the dirty dozen and short dark triad. Psychol. Assess. 26(1), 326 (2014)
McKelvey, R.D., Palfrey, T.R.: Quantal response equilibria for extensive form games. Exp. Econ. 1(1), 9–41 (1998)
Nash, J.: Non-cooperative games. Ann. Math., 286–295 (1951)
Nguyen, T.H., Yang, R., Azaria, A., Kraus, S., Tambe, M.: Analyzing the effectiveness of adversary modeling in security games. In: AAAI (2013)
Nochenson, A., Grossklags, J., et al.: A behavioral investigation of the Flipit game. In: Proceedings of the 12th Workshop on the Economics of Information Security (WEIS) (2013)
Paulhus, D.L., Williams, K.M.: The dark triad of personality: narcissism, machiavellianism, and psychopathy. J. Res. Pers. 36(6), 556–563 (2002)
Píbil, R., Lisý, V., Kiekintveld, C., Bošanský, B., Pěchouček, M.: Game theoretic model of strategic honeypot selection in computer networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 201–220. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_12
Reitter, D., Grossklags, J., Nochenson, A.: Risk-seeking in a continuous game of timing. In: Proceedings of the 13th International Conference on Cognitive Modeling (ICCM), pp. 397–403 (2013)
Shiva, S., Roy, S., Dasgupta, D.: Game theory for cyber security. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, p. 34. ACM (2010)
Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: Flipit: the game of “stealthy takeover”. J. Cryptol. 26(4), 655–713 (2013)
Yang, R., Ford, B., Tambe, M., Lemieux, A.: Adaptive resource allocation for wildlife protection against illegal poachers. In: Proceedings of the 2014 International Conference on Autonomous Agents and Multi-agent Systems, pp. 453–460. IFAAMAS (2014)
Yang, R., Kiekintveld, C., Ordonez, F., Tambe, M., John, R.: Improving resource allocation strategy against human adversaries in security games. In: IJCAI Proceedings-International Joint Conference on Artificial Intelligence, vol. 22, p. 458 (2011)
Zinkevich, M., Johanson, M., Bowling, M., Piccione, C.: Regret minimization in games with incomplete information. In: Platt, J., Koller, D., Singer, Y., Roweis, S. (eds.) Advances in Neural Information Processing Systems 20 (NIPS), pp. 1729–1736. MIT Press, Cambridge (2008)
Acknowledgment
This research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes not with standing any copyright notation here on. The authors also acknowledge the support of the OP VVV MEYS funded project CZ.02.1.01/0.0/0.0/16_019/000 0765 “Research Center for Informatics”. Access to computing and storage facilities owned by parties and projects contributing to the National Grid Infrastructure MetaCentrum provided under the programme “Projects of Large Research, Development, and Innovations Infrastructures” (CESNET LM2015042), is greatly appreciated.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Basak, A. et al. (2018). An Initial Study of Targeted Personality Models in the FlipIt Game. In: Bushnell, L., Poovendran, R., Başar, T. (eds) Decision and Game Theory for Security. GameSec 2018. Lecture Notes in Computer Science(), vol 11199. Springer, Cham. https://doi.org/10.1007/978-3-030-01554-1_36
Download citation
DOI: https://doi.org/10.1007/978-3-030-01554-1_36
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01553-4
Online ISBN: 978-3-030-01554-1
eBook Packages: Computer ScienceComputer Science (R0)