From Individual Decisions from Experience to Behavioral Game Theory: Lessons for Cybersecurity

  • Cleotilde Gonzalez
Conference paper
Part of the Advances in Information Security book series (ADIS, volume 100)


This chapter discusses a central challenge arising from the success of modeling human behavior in making decisions from experience: our ability to scale these models up to explain non-cooperative team behavior in a dynamic cyber space. Computational models of human behavior based on the Instance-Based Learning Theory (IBLT) have been highly successful in representing and predicting individual’s behavior of decisions from experience. Recently, these IBL models have been also applied to represent a security analyst’s experience and cognitive characteristics that would result in accurate predictions of threat identification and cyber-attack detection. The IBL models derive predictions on the accuracy and timing of threat detection in a computer network (i.e., cyber situation awareness or cyberSA). This chapter summarizes the current state of models at the individual level, and it describes the challenges and potentials for extending them to address predictions in 2-player (i.e., defender and attacker) non-cooperative dynamic cybersecurity situations. The advancements that would potentially contribute to a more secure cyberspace are discussed.


Network Event Dynamic Task Attack Strategy Task Situation Threat Detection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This research was a part of a Multidisciplinary University Research Initiative Award on Cyber Situation Awareness (MURI; #W911NF-09-1-0525) from Army Research Office to Cleotilde Gonzalez. We thank Hau-yu Wong for editing this manuscript.


  1. 1.
    Anderson, J. R., Bothell, D., Byrne, M. D., Douglass, S., Lebiere, C., & Qin, Y. (2004). An integrated theory of the mind. Psychological Review, 111(4), 1036–1060.Google Scholar
  2. 2.
    Anderson, J. R., & Lebiere, C. (1998). The atomic components of thought. Hillsdale, NJ: Lawrence Erlbaum Associates.Google Scholar
  3. 3.
    Anderson, J. R., Reder, L. M., & Lebiere, C. (1996). Working memory: Activation limitations on retrieval. Cognitive Psychology, 30(3), 221–256.Google Scholar
  4. 4.
    Axelrod, R. (1980). Effective choice in the Prisoners Dilemma. Journal of Conflict Resolution, 24(1), 3–25.Google Scholar
  5. 5.
    Bush, R. R., & Mosteller, F. (1955). Stochastic models for learning. Oxford, UK: John Wiley & Sons, Inc.Google Scholar
  6. 6.
    Colman, A. M. (2003). Cooperation, psychological game theory, and limitations of rationality in social interaction. Behavioral and Brain Sciences, 26, 139–198.Google Scholar
  7. 7.
    Dutt, V., Ahn, Y.-S., & Gonzalez, C. (2011). Cyber situation awareness: Modeling the security analyst in a cyber-attack scenario through instance-based learning. In Y. Li (Ed.), Lecture Notes in Computer Science (Vol. 6818, pp. 281–293). Heidelberg: Springer Berlin.Google Scholar
  8. 8.
    Dutt, V., Ahn, Y. S., & Gonzalez, C. (2012). Cyber situation awareness: Modeling detection of cyber attacks with Instance-Based Learning Theory. Unpublished manuscript under review.Google Scholar
  9. 9.
    Dutt, V., Cassenti, D. N., & Gonzalez, C. (2011). Modeling a robotic operator manager in a tactical battlefield. In Proceedings of the CogSIMA 2011: 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (pp. 82–87). Miami Beach, FL: IEEE.Google Scholar
  10. 10.
    Dutt, V., & Gonzalez, C. (2011). Cyber situation awareness through Instance-Based Learning: Modeling the security analyst in a cyber-attack scenario. In C. Onwubiko & T. Owens (Eds.), Situation awareness in computer network defense: Principles, methods and applications. Hershey, PA: IGI Global.Google Scholar
  11. 11.
    Dutt, V., Yamaguchi, M., Gonzalez, C., & Proctor, R. W. (2009). An instance-based learning model of stimulus-response compatibility effects in mixed location-relevant and location-irrelevant tasks. In A. Howes, D. Peebles & R. Cooper (Eds.), Proceedings of the 9th International Conference on Cognitive Modeling - ICCM2009. Manchester, UK.Google Scholar
  12. 12.
    Edwards, W. (1962). Dynamic decision theory and probabilistic information processing. Human Factors, 4, 59–73.Google Scholar
  13. 13.
    Erev, I., Glozman, I., & Hertwig, R. (2008). What impacts the impact of rare events. Journal of Risk and Uncertainty, 36(2), 153–177.Google Scholar
  14. 14.
    Erev, I., & Haruvy, E. (in press). Learning and the economics of small decisions. In J. H. Kagel & A. E. Roth (Eds.), The Handbook of Experimental Economics. Princeton, NJ: Princeton University Press.Google Scholar
  15. 15.
    Erev, I., & Roth, A. E. (1998). Predicting how people play games: Reinforcement learning in experimental games with unique, mixed strategy equilibria. The American Economic Review, 88(4), 848–881.Google Scholar
  16. 16.
    Erev, I., & Roth, A. E. (2001). Simple reinforcement learning models and reciprocation in the Prisoner’s Dilemma game. In G. Gigerenzer & R. Selten (Eds.), Bounded rationality: The adaptive toolbox (pp. 215–231). Cambridge, MA: MIT Press.Google Scholar
  17. 17.
    Gonzalez, C., & Dutt, V. (2011). Instance-based learning: Integrating decisions from experience in sampling and repeated choice paradigms. Psychological Review, 118(4), 523–551.Google Scholar
  18. 18.
    Gonzalez, C., Dutt, V., & Lejarraga, T. (2011). A loser can be a winner: Comparison of two instance-based learning models in a market entry competition. Games, 2(1), 136–162.Google Scholar
  19. 19.
    Gonzalez, C., Dutt, V. & Martin, J. (2011). Scaling up Instance-Based Learning Models of Individual Decision Making to Models of Behavior in Conflict Situations. In Proceedings of the 2011 International Conference on Behavioral Decision Making. The Interdisciplinary Center IDC Herzliya, Israel, May 30- June 1, 2011. pp. 4.Google Scholar
  20. 20.
    Gonzalez, C., & Lebiere, C. (2005). Instance-based cognitive models of decision making. In D. Zizzo & A. Courakis (Eds.), Transfer of knowledge in economic decision-making (pp. 148–165). New York: Macmillan (Palgrave Macmillan).Google Scholar
  21. 21.
    Gonzalez, C., Lerch, J. F., & Lebiere, C. (2003). Instance-based learning in dynamic decision making. Cognitive Science, 27(4), 591–635.Google Scholar
  22. 22.
    Gonzalez, C., & Martin, J. M. (2011). Scaling up Instance-Based Learning Theory to account for social interactions. Negotiation and Conflict Management Research, 4(2), 110–128.Google Scholar
  23. 23.
    Hertwig, R., Barron, G., Weber, E. U., & Erev, I. (2006). The role of information sampling in risky choice. In K. Fiedler & P. Juslin (Eds.), Information sampling and adaptive cognition (pp. 72–91). New York: Cambridge University Press.Google Scholar
  24. 24.
    Jajodia, S., Liu, P., Swarup, V., & Wang, C. (2011). Cyber situational awareness: Issues and research. New York: Springer.Google Scholar
  25. 25.
    Johnson, N. B. (2011). Cyber attacks up 40%, report says. Online article. Federal Times. Accessed March 10, 2012.
  26. 26.
    Juvina, I., Lebiere, C., Martin, J. M., & Gonzalez, C. (2011). Intergroup prisoner’s dilemma with intragroup power dynamics. Games, 2, 21–51.Google Scholar
  27. 27.
    Lebiere, C. (1999). Blending: An ACT-R mechanism for aggregate retrievals. Paper presented at the Sixth Annual ACT-R Workshop at George Mason University.Google Scholar
  28. 28.
    Lebiere, C., Gonzalez, C., & Martin, M. (2007). Instance-based decision making model of repeated binary choice. In R. L. Lewis, T. A. Polk & J. E. Laird (Eds.), Proceedings of the 8th International Conference on Cognitive Modeling (pp. 67–72). Ann Arbor, MI.Google Scholar
  29. 29.
    Lebiere, C., Wallach, D., & West, R. L. (2000). A memory-based account of the prisoner’s dilemma and other 2x2 games. In Proceedings of the International Conference on Cognitive Modeling (pp. 185–193). NL: Universal Press.Google Scholar
  30. 30.
    Lejarraga, T., Dutt, V., & Gonzalez, C. (2012). Instance-based learning: A general model of repeated binary choice. Journal of Behavioral Decision Making, 25(2), 143–153.Google Scholar
  31. 31.
    Lejarraga, T., Dutt, V., & Gonzalez, C. (2010). Instance-based learning in repeated binary choice. Paper presented at the Society for Judgement and Decision Making, St. Louis, MO,Google Scholar
  32. 32.
    Lovett, M. C., Reder, L. M., & Lebiere, C. (1999). Modeling working memory in a unified architecture: An ACT-R perspective. In A. Miyake & P. Shah (Eds.), Models of working memory: Mechanisms of active maintenance and executive control (pp. 135–182). New York: Cambridge University Press.Google Scholar
  33. 33.
    Lye, K.-W., & Wing, J. M. (2005). Game strategies in network security. International Journal of Information Security, 4, 71–86.Google Scholar
  34. 34.
    March, J. G. (1996). Learning to be risk averse. Psychological Review, 103(2), 309–319.Google Scholar
  35. 35.
    Martin, J. M., Gonzalez, C., Juvina, I., & Lebiere, C. (2012). Awareness of interdependence, and its effects on cooperation. Unpublished manuscript under review.Google Scholar
  36. 36.
    Martin, M. K., Gonzalez, C., & Lebiere, C. (2004). Learning to make decisions in dynamic environments: ACT-R plays the beer game. In M. C. Lovett, C. D. Schunn, C. Lebiere & P. Munro (Eds.), Proceedings of the Sixth International Conference on Cognitive Modeling (Vol. 420, pp. 178–183). Pittsburgh, PA: Lawrence Erlbaum Associates Publishers.Google Scholar
  37. 37.
    McCumber, J. (2004). Assessing and managing security risk in IT systems: A structured methodology. Boca Raton: Auerbach Publication.Google Scholar
  38. 38.
    Rabin, M. (1993). Incorporating fairness into game theory and economics. The American Economic Review, 83(5), 1281–1302.Google Scholar
  39. 39.
    Rapoport, A. (1975). Research paradigms for studying dynamic decision behavior. In D. Wendt & C. Vlek (Eds.), Utility, probability, and human decision making (Vol. 11, pp. 349–375). Dordrecht, The Netherlands: Reidel.Google Scholar
  40. 40.
    Rapoport, A., & Chammah, A. M. (1965). Prisoner’s dilemma: A study in conflict and cooperation. Ann Arbor: University of Michigan Press.Google Scholar
  41. 41.
    Rapoport, A., & Mowshowitz, A. (1966). Experimental studies of stochastic models for the Prisoner’s dilemma. System Research and Behavioral Science, 11(6), 444–458.Google Scholar
  42. 42.
    Roberts, G. (1997). Testing mutualism: A commentary on Clements and Stephens. Animal Behaviour, 53(6), 1361–1362.Google Scholar
  43. 43.
    Roth, A. E., & Erev, I. (1995). Learning in extensive-form games: Experimental data and simple dynamic models in the intermediate term. Games and Economic Behavior, 8, 164–212.Google Scholar
  44. 44.
    Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., & Wu, Q. (2010). A survey of game theory as applied to network security. In J. Ralph H. Sprague (Ed.), Proceedings of the 43rd Hawaii International Conference on System Sciences. Los Alamitos, CA: IEEE. doi: 10.1109/HICSS.2010.35Google Scholar
  45. 45.
    Salter, C., Saydjari, O. S., Schneier, B., & Wallner, J. (1998). Toward a secure system engineering metholody. In B. Blakeley, D. Kienzle, M. E. Zurko, & S. J. Greenwald (Eds.), Proceedings of the 1998 Workshop on New Security Paradigms (pp. 2–10). New York: ACMGoogle Scholar
  46. 46.
    Shiva, S., Roy, S., & Dasgupta, D. (2010). Game theory for cyber security. In F. T. Sheldon, S. Prowell, R. K. Abercrombie & A. Krings (Eds.), Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research. New York: ACM. doi: 10.1145/1852666.1852704Google Scholar
  47. 47.
    Schuster, R. (2000). How useful is an individual perspective for explaining the control of social behavior? Behavioral and Brain Sciences, 23(2), 263–264.Google Scholar
  48. 48.
    Schuster, R., & Perelberg, A. (2004). Why cooperate? An economic perspective is not enough. Behavioural Processes, 66, 261–277.Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Dynamic Decision Making Laboratory, Department of Social and Decision SciencesCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations