Network defense and behavioral biases: an experimental study
通过实验研究人们在有向网络攻击图中如何分配防御资源,发现非线性概率加权、幼稚分散化等行为偏差导致次优决策,对网络安全专业人员有参考价值。
Abstract How do people distribute defenses over a directed network attack graph, where they must defend a critical node? This question is of interest to computer scientists, information technology and security professionals. Decision-makers are often subject to behavioral biases that cause them to make sub-optimal defense decisions, which can prove especially costly if the critical node is an essential infrastructure. We posit that non-linear probability weighting is one bias that may lead to sub-optimal decision-making in this environment, and provide an experimental test. We find support for this conjecture, and also identify other empirically important forms of biases such as naive diversification and preferences over the spatial timing of the revelation of an overall successful defense. The latter preference is related to the concept of anticipatory feelings induced by the timing of the resolution of uncertainty.