Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game

Presented at Black Hat USA 2017, July 26, 2017, 2:40 p.m. (50 minutes).

We all groan when we hear it's "time for some game theory," but traditional game theory – modelling conflict and cooperation between rational decision-makers – still pervades how we think of defensive strategy as an industry. This primitive analysis is a disservice to defenders, who are facing humans (and who are, in fact, humans themselves), but are modelling their own actions and opponent's actions based on the assumption of machine-like behavior.

In this session, I will examine traditional game theory and propose why behavioral game theory should take its place in the philosophy of defense. Next, I'll review the first principles of game theory, through the lens of behavioral game theory, which empirically measures how humans actually behave in games, rather than assumes they will behave coldly rational.

I'll explain the "rules" of the information security game and how traditional game theory is poorly suited to those conditions, along with the various behavioral models and why they are a superior fit. I'll then explore the two primarily methods that play into how humans make decisions in games – "thinking" and "learning" and what empirical data from behavioral game theory studies suggests on how to improve thinking and learning, extrapolating to applications for infosec defenders.

Finally, I'll present new insights from my own research, examining how defenders and attackers play the infosec game specifically, and bridging from theory to practice, to see how the lessons from behavioral game theory can be tangibly incorporated into defenders' strategic decision making processes. I'll conclude the session by outlining the practical steps for improving threat modelling, countering offensive moves, and deciding which products to use, so that defenders can start gaining the high ground in the infosec game.


Presenters:

  • Kelly Shortridge - Analytics Product Manager, BAE Systems Applied Intelligence
    Kelly Shortridge is currently the Product Manager for cross-platform Detection capabilities at BAE Systems, within the Applied Intelligence division. Previously, Kelly co-founded a mobile monitoring and access control startup called IperLane, where she served as COO for almost two years. Prior to IperLane, Kelly was an investment banking analyst at Teneo Capital, responsible for coverage of the data security, intelligence and analytics sectors, advising clients on M&A and capital raising assignments. Kelly graduated from Vassar College with a B.A. in Economics and was awarded the Leo M. Prince Prize for Academic Achievement. In her spare time, she enjoys practicing Krav Maga, world-building, weight lifting, reading sci-fi novels and playing open-world RPGs.

Links:

Similar Presentations: