TY - JOUR
T1 - Compliance signaling games
T2 - toward modeling the deterrence of insider threats
AU - Casey, William
AU - Morales, Jose Andre
AU - Wright, Evan
AU - Zhu, Quanyan
AU - Mishra, Bud
N1 - Funding Information:
This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. This material has been approved for public release and unlimited distribution DM-0002961.
Publisher Copyright:
© 2016, Springer Science+Business Media New York.
PY - 2016/9/1
Y1 - 2016/9/1
N2 - In a typical workplace, organizational policies and their compliance requirements set the stage upon which the behavioral patterns of individual agents evolve. The agents’ personal utilities, access to information, and strategic deceptions shape the signaling systems of an intricate information-asymmetric game, thus mystifying assessment and management of organizational risks, which are primarily due to unintentional insider threats. Compliance games, as discussed here, model a rudimentary version of this signaling game between a sender (employee) and a receiver (organization). The analysis of these games’ equilibria as well as their dynamics in repeated game settings illuminate the effectiveness or risks of an organizational policy. These questions are explored via a repeated and agent-based simulation of compliance signaling games, leading to the following: (1) a simple but broadly applicable model for interactions between sender agents (employees) and receiver agents (principals in the organization), (2) an investigation of how the game theoretic approach yields the plausible dynamics of compliance, and (3) design of experiments to estimate parameters of the systems: evolutionary learning rates of agents, the efficacy of auditing using a trembling hand strategy, effects of non-stationary and multiple principal agents, and ultimately, the robustness of the system under perturbation of various related parameters (costs, penalties, benefits, etc.). The paper concludes with a number of empirical studies, illustrating a battery of compliance games under varying environments designed to investigate agent based learning, system control, and optimization. The studies indicate how agents through limited interactions described by behavior traces may learn and optimize responses to a stationary defense, expose sensitive parameters and emergent properties and indicate the possibility of controlling interventions which actuate game parameters. We believe that the work is of practical importance—for example, in constraining the vulnerability surfaces arising from compliance games.
AB - In a typical workplace, organizational policies and their compliance requirements set the stage upon which the behavioral patterns of individual agents evolve. The agents’ personal utilities, access to information, and strategic deceptions shape the signaling systems of an intricate information-asymmetric game, thus mystifying assessment and management of organizational risks, which are primarily due to unintentional insider threats. Compliance games, as discussed here, model a rudimentary version of this signaling game between a sender (employee) and a receiver (organization). The analysis of these games’ equilibria as well as their dynamics in repeated game settings illuminate the effectiveness or risks of an organizational policy. These questions are explored via a repeated and agent-based simulation of compliance signaling games, leading to the following: (1) a simple but broadly applicable model for interactions between sender agents (employees) and receiver agents (principals in the organization), (2) an investigation of how the game theoretic approach yields the plausible dynamics of compliance, and (3) design of experiments to estimate parameters of the systems: evolutionary learning rates of agents, the efficacy of auditing using a trembling hand strategy, effects of non-stationary and multiple principal agents, and ultimately, the robustness of the system under perturbation of various related parameters (costs, penalties, benefits, etc.). The paper concludes with a number of empirical studies, illustrating a battery of compliance games under varying environments designed to investigate agent based learning, system control, and optimization. The studies indicate how agents through limited interactions described by behavior traces may learn and optimize responses to a stationary defense, expose sensitive parameters and emergent properties and indicate the possibility of controlling interventions which actuate game parameters. We believe that the work is of practical importance—for example, in constraining the vulnerability surfaces arising from compliance games.
KW - Agent based models
KW - Compliance
KW - Evolutionary games
KW - Signaling game
UR - http://www.scopus.com/inward/record.url?scp=84964411748&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964411748&partnerID=8YFLogxK
U2 - 10.1007/s10588-016-9221-5
DO - 10.1007/s10588-016-9221-5
M3 - Article
AN - SCOPUS:84964411748
SN - 1381-298X
VL - 22
SP - 318
EP - 349
JO - Computational and Mathematical Organization Theory
JF - Computational and Mathematical Organization Theory
IS - 3
ER -