@inproceedings{acc72fd1d5b14210b8192db0891565c1,
title = "Combating Informational Denial-of-Service (IDoS) Attacks: Modeling and Mitigation of Attentional Human Vulnerability",
abstract = "This work proposes a new class of proactive attacks called the Informational Denial-of-Service (IDoS) attacks that exploit the attentional human vulnerability. By generating a large volume of feints, IDoS attacks deplete the cognitive resources of human operators to prevent humans from identifying the real attacks hidden among feints. This work aims to formally define IDoS attacks, quantify their consequences, and develop human-assistive security technologies to mitigate the severity level and risks of IDoS attacks. To this end, we use the semi-Markov process to model the sequential arrivals of feints and real attacks with category labels attached in the associated alerts. The assistive technology strategically manages human attention by highlighting selective alerts periodically to prevent the distraction of other alerts. A data-driven approach is applied to evaluate human performance under different Attention Management (AM) strategies. Under a representative special case, we establish the computational equivalency between two dynamic programming representations to reduce the computation complexity and enable online learning with samples of reduced size and zero delays. A case study corroborates the effectiveness of the learning framework. The numerical results illustrate how AM strategies can alleviate the severity level and the risk of IDoS attacks. Furthermore, the results show that the minimum risk is achieved with a proper level of intentional inattention to alerts, which we refer to as the law of rational risk-reduction inattention.",
keywords = "Alert fatigue, Attention management, Cognitive load, Cyber feint attack, Human vulnerability, Risk analysis, Temporal-difference learning",
author = "Linan Huang and Quanyan Zhu",
note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 12th International Conference on Decision and Game Theory for Security, GameSec 2021 ; Conference date: 25-10-2021 Through 27-10-2021",
year = "2021",
doi = "10.1007/978-3-030-90370-1_17",
language = "English (US)",
isbn = "9783030903695",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "314--333",
editor = "Branislav Bo{\v s}ansk{\'y} and Cleotilde Gonzalez and Stefan Rass and Stefan Rass and Arunesh Sinha",
booktitle = "Decision and Game Theory for Security - 12th International Conference, GameSec 2021, Proceedings",
address = "Germany",
}