Behavioral Cybersecurity: Investigating the influence of Patching Vulnerabilities in Markov Security Games via Cognitive Modeling

International Journal On Cyber Situational Awareness (IJCSA)

ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182

DOI: 10.22619/IJCSA

Published Semi-annually. Est. 2014

Editor-in-Chief:

Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary

Associate Editors:

Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK

Professor Karen Renaud, Professor of Cyber Security, University of Abertay, Dundee, Scotland, UK


Behavioral Cybersecurity: Investigating the influence of Patching Vulnerabilities in Markov Security Games via Cognitive Modeling

Zahid Maqbool, V. S. Chandrasekhar Pammi and Varun Dutt

Abstract:

Current research in cyber-security is not focused on human decision-making. The primary objective of this study is to address this gap and investigate how cognitive processes proposed by Instance-based Learning Theory (IBLT) like reliance on recency and frequency, attention to opponent’s actions, and cognitive noise are influenced by the effectiveness of vulnerability patching. Data involving participants performing as hackers and analysts was collected in a lab-based experiment in two patching conditions: effective (N = 50) and less-effective (N = 50). In effective (less-effective) patching, computer systems were in a non-vulnerable state (i.e., immune to cyber-attacks) 90% (50%) of the time after patching. An IBL model accounted for human decisions and revealed low (high) reliance on recency and frequency, attention to opponent’s actions, and cognitive noise for hacker (analyst) in effective patching. Whereas, it revealed opposite results for less-effective patching. We highlight the implications of our findings for cyber decision-making.

Keywords: Analyst, Attack, Defend, Patching, Cyber Security, Hacker, Markov security games, Nash equilibrium, Instance-Based Learning Theory (IBLT), Cognitive Model

ISSN: 2057-2182

Volume 4. No. 1

DOI: 10.22619/IJCSA.2019.100130

Date: Dec. 2019

Reference to this paper should be made as follows: Maqbool Z., Chandrasekhar Pammi V. S., and Dutt V. (2019). Behavioral Cybersecurity: Investigating the influence of Patching Vulnerabilities in Markov Security Games via Cognitive Modeling. International Journal on Cyber Situational Awareness, Vol. 4, No. 1, pp185-209.

PDF Download