Cyber Security: Evaluating the Effects of Attack Strategy and Base Rate through Instance-Based Learning

Abstract

Cyber attacks, the disruption of normal operations in a computer network due to malicious events called cyber threats, are becoming widespread. In order to check the prevalence of cyber attacks the role of security analysts, human decision makers whose job is to prevent cyber attacks, is becoming extremely important. However, currently very little is known on how security analysts might respond to different attack strategies of an attacker in cyber attacks. Also, little is known on how the proportion of threats (i.e., base rate) in an attack scenario influences the analyst’s timely and accurate detection of such attacks. In this paper, we use an existing cognitive model of the security analyst, based upon Instance-Based Learning Theory, and we evaluate the effects of attack strategy and base rate on the model’s accurate and timely detection of cyber-attacks in a simulated scenario. The attack strategy was manipulated as: impatient (attacker injects all threats in the beginning of the scenario) and patient (attacker waits till the end of the scenario to inject threats); and, base rate was manipulated as: common (13 out of 25 scenario events (52%) were threats) and rare (3 out of 25 scenario events (12%) were threats). Results reveal that the attack strategy influences only the analyst’s accuracy and not her timeliness; however, the base rate influences her timeliness and not the accuracy. We discuss the implications of our results for training analyst in their job.


Back to Table of Contents