User detection of threats with different security measures

Author

Yoav Ben YAAKOV
Joachim MEYER
Xinrun WANG, Singapore Management UniversityFollow
Bo AN

Publication Type

Conference Proceeding Article

Publication Date

9-2020

Abstract

Cyber attacks and the associated costs made cybersecurity a vital part of any system. User behavior and decisions are still a major part in the coping with these risks. We developed a model of optimal investment and human decisions with security measures, given that the effectiveness of each measure depends partly on the performance of the others. In an online experiment, participants classified events as malicious or non-malicious, based on the value of an observed variable. Prior to making the decisions, they had invested in three security measures - a firewall, an IDS or insurance. In three experimental conditions, maximal investment in only one of the measures was optimal, while in a fourth condition, participants should not have invested in any of the measures. A previous paper presents the analysis of the investment decisions. This paper reports users' classifications of events when interacting with these systems. The use of security mechanisms helped participants gain higher scores. Participants benefited in particular from purchasing IDS and/or Cyber Insurance. Participants also showed higher sensitivity and compliance with the alerting system when they could benefit from investing in the IDS. Participants, however, did not adjust their behavior optimally to the security settings they had chosen. The results demonstrate the complex nature of risk-related behaviors and the need to consider human abilities and biases when designing cyber security systems.

Keywords

Alerting systems, Cybersecurity, Decision making

Discipline

Information Security

Research Areas

Cybersecurity

Areas of Excellence

Digital transformation

Publication

2020 IEEE International Conference on Human-Machine Systems, ICHMS: Rome, September 7-9: Proceedings

ISBN

9781728158716

Identifier

10.1109/ICHMS49158.2020.9209426

Publisher

IEEE

City or Country

Piscataway, NJ

Citation

YAAKOV, Yoav Ben; MEYER, Joachim; WANG, Xinrun; and AN, Bo. User detection of threats with different security measures. (2020). 2020 IEEE International Conference on Human-Machine Systems, ICHMS: Rome, September 7-9: Proceedings.
Available at: https://ink.library.smu.edu.sg/sis_research/9171

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/ICHMS49158.2020.9209426