Visible to the public User detection of threats with different security measures

TitleUser detection of threats with different security measures
Publication TypeConference Paper
Year of Publication2020
AuthorsBen-Yaakov, Y., Meyer, J., Wang, X., An, B.
Conference Name2020 IEEE International Conference on Human-Machine Systems (ICHMS)
Date PublishedSept. 2020
ISBN Number 978-1-7281-5871-6
Keywordsalerting system, Alerting systems, associated costs, Atmospheric measurements, computer security, Cyber Attacks, cyber insurance, cyber security system design, cybersecurity, decision making, fourth condition, Human Behavior, human decisions, human factors, IDS, Insurance, Investment, investment decisions, maximal investment, online experiment, optimal investment, Particle measurements, pubcrawl, risk-related behaviors, security, security measures, security mechanisms, security of data, security settings, signal detection, user behavior

Cyber attacks and the associated costs made cybersecurity a vital part of any system. User behavior and decisions are still a major part in the coping with these risks. We developed a model of optimal investment and human decisions with security measures, given that the effectiveness of each measure depends partly on the performance of the others. In an online experiment, participants classified events as malicious or non-malicious, based on the value of an observed variable. Prior to making the decisions, they had invested in three security measures - a firewall, an IDS or insurance. In three experimental conditions, maximal investment in only one of the measures was optimal, while in a fourth condition, participants should not have invested in any of the measures. A previous paper presents the analysis of the investment decisions. This paper reports users' classifications of events when interacting with these systems. The use of security mechanisms helped participants gain higher scores. Participants benefited in particular from purchasing IDS and/or Cyber Insurance. Participants also showed higher sensitivity and compliance with the alerting system when they could benefit from investing in the IDS. Participants, however, did not adjust their behavior optimally to the security settings they had chosen. The results demonstrate the complex nature of risk-related behaviors and the need to consider human abilities and biases when designing cyber security systems.

Citation Keyben-yaakov_user_2020