Threats from Inside:
Dynamic Utility (Mis)Alignments
in an Agent based Model
William Casey1, Jose Andre Morales1+, and
Bud Mishra2
1Software Engineering Institute, Carnegie Mellon
University, USA
wcasey@cmu.edu,
jamorales@cert.org
2NYU Courant Institute, New York University, USA
mishra@nyu.edu
Abstract
We envision a game theoretic model of an organization so as to devise new mechanisms to improve compliance and reduce various insider threats – be it intentional or unintentional, while paying proportional attention to various intertwined issues: namely in the form of deception, privacy, trust, global utilities and stability. For this purpose, we primarily rely on a realistic formulation of classical information-asymmetric signaling games, in a repeated form, while allowing the agents to dynamically vary their strategic choices as their utilities get (mis)aligned. To better understand the multifaceted security concerns in existing and emerging multi-agent interactions within an organization, we map, model and analyze various challenging scenarios of threats: namely, those by design or those by negligence. We also describe a bridge to the future by investigating the extendability of the proposed mechanisms in a specific embodiment, where available meta-data is mined to model behavioral propensities of the agents. Simulation and empirical analysis indicate promising results for this approach to deliver new mechanisms and control regimes.
Keywords: Insider threat,
game theory, signaling games, identity deception deterrence,
utility alignment
+: Corresponding
author: Jose Andre Morales
Software Engineering Institute 4500 Fifth ave, Pittsburgh, PA 15213, Tel: +1-(412) 268-5800
Journal of Wireless Mobile Networks, Ubiquitous
Computing, and Dependable Applications (JoWUA)
Vol. 7, No.
1, pp. 97-117, March 2016 [pdf]