Role of intrusion-detection systems in cyber-attack detection

Abstract

Currently, little is known about how defenders’ reliance on decision-support technology influences their decisions. Here, we designed a cyber-security game, where “hackers” decide whether to attack a computer network and “analysts” decide whether to defend the network based upon recommendations from IDS. We present results from an experiment with 200 participants randomly paired and assigned to one of four between-subjects conditions that varied in the IDS’s availability (absent/present) and its accuracy (when present, it is 10, 50, or 90% accurate). Results revealed that proportion of attack and defend actions were similar and close to their Nash proportions when IDS was absent and when it was 50% accurate; but, these proportions were smaller and different from their Nash proportions when the IDS was inaccurate (10% accurate) or very accurate (90% accurate). Our results suggest that the presence of decision-support technology is likely to make defenders over rely on this technology.