International Journal On Cyber Situational Awareness (IJCSA)
ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182
DOI: 10.22619/IJCSA
Published Semi-annually. Est. 2014
Editor-in-Chief:
Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary
Associate Editors:
Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK
Professor Karen Renaud, Professor of Cyber Security, University of Abertay, Dundee, Scotland, UK
Behavioral Cybersecurity: Investigating the influence of Patching Vulnerabilities in Markov Security Games via Cognitive Modeling
Zahid Maqbool, V. S. Chandrasekhar Pammi and Varun Dutt
Abstract:
Current research in cyber-security is not focused on human decision-making. The primary objective of this study is to address this gap and investigate how cognitive processes proposed by Instance-based Learning Theory (IBLT) like reliance on recency and frequency, attention to opponent’s actions, and cognitive noise are influenced by the effectiveness of vulnerability patching. Data involving participants performing as hackers and analysts was collected in a lab-based experiment in two patching conditions: effective (N = 50) and less-effective (N = 50). In effective (less-effective) patching, computer systems were in a non-vulnerable state (i.e., immune to cyber-attacks) 90% (50%) of the time after patching. An IBL model accounted for human decisions and revealed low (high) reliance on recency and frequency, attention to opponent’s actions, and cognitive noise for hacker (analyst) in effective patching. Whereas, it revealed opposite results for less-effective patching. We highlight the implications of our findings for cyber decision-making.
Keywords: Analyst, Attack, Defend, Patching, Cyber Security, Hacker, Markov security games, Nash equilibrium, Instance-Based Learning Theory (IBLT), Cognitive Model
ISSN: 2057-2182
Volume 4. No. 1
DOI: 10.22619/IJCSA.2019.100130
Date: Dec. 2019
Reference to this paper should be made as follows: Maqbool Z., Chandrasekhar Pammi V. S., and Dutt V. (2019). Behavioral Cybersecurity: Investigating the influence of Patching Vulnerabilities in Markov Security Games via Cognitive Modeling. International Journal on Cyber Situational Awareness, Vol. 4, No. 1, pp185-209.