Combating Informational Denial-of-Service (IDoS) Attacks: Modeling and Mitigation of Attentional Human Vulnerability

Linan Huang, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This work proposes a new class of proactive attacks called the Informational Denial-of-Service (IDoS) attacks that exploit the attentional human vulnerability. By generating a large volume of feints, IDoS attacks deplete the cognitive resources of human operators to prevent humans from identifying the real attacks hidden among feints. This work aims to formally define IDoS attacks, quantify their consequences, and develop human-assistive security technologies to mitigate the severity level and risks of IDoS attacks. To this end, we use the semi-Markov process to model the sequential arrivals of feints and real attacks with category labels attached in the associated alerts. The assistive technology strategically manages human attention by highlighting selective alerts periodically to prevent the distraction of other alerts. A data-driven approach is applied to evaluate human performance under different Attention Management (AM) strategies. Under a representative special case, we establish the computational equivalency between two dynamic programming representations to reduce the computation complexity and enable online learning with samples of reduced size and zero delays. A case study corroborates the effectiveness of the learning framework. The numerical results illustrate how AM strategies can alleviate the severity level and the risk of IDoS attacks. Furthermore, the results show that the minimum risk is achieved with a proper level of intentional inattention to alerts, which we refer to as the law of rational risk-reduction inattention.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 12th International Conference, GameSec 2021, Proceedings
EditorsBranislav Bošanský, Cleotilde Gonzalez, Stefan Rass, Stefan Rass, Arunesh Sinha
PublisherSpringer Science and Business Media Deutschland GmbH
Pages314-333
Number of pages20
ISBN (Print)9783030903695
DOIs
StatePublished - 2021
Event12th International Conference on Decision and Game Theory for Security, GameSec 2021 - Virtual, Online
Duration: Oct 25 2021Oct 27 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13061 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference12th International Conference on Decision and Game Theory for Security, GameSec 2021
CityVirtual, Online
Period10/25/2110/27/21

Keywords

  • Alert fatigue
  • Attention management
  • Cognitive load
  • Cyber feint attack
  • Human vulnerability
  • Risk analysis
  • Temporal-difference learning

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Combating Informational Denial-of-Service (IDoS) Attacks: Modeling and Mitigation of Attentional Human Vulnerability'. Together they form a unique fingerprint.

Cite this