Mustafa Abdallah - Purdue University in Indianapolis

Students: Spring 2025, unless noted otherwise, sessions will be virtual on Zoom.

Effects of Behavioral Decision-Making in Proactive Security Frameworks in Networked Systems

Feb 05, 2025

Download:

MP4 Video Size: 268.5MB

Watch on YouTube

Abstract

Facing increasingly sophisticated attacks from external adversaries, networked systems owners have to judiciously allocate their limited security budget to reduce their cyber risks. However, when modeling human decision-making, behavioral economics has shown that humans consistently deviate from classical models of decision-making. Most notably, prospect theory, for which Kahneman and Tversky won the 2002 Nobel memorial prize in economics, argues that humans perceive gains, losses and probabilities in a skewed manner. Furthermore, bounded rationality and imperfect best-response behavior has been frequently observed in human decision-making within the domains of behavioral economics and psychology. While there is a rich literature on these human decision-making factors in economics and psychology, most of the existing work studying security of networked systems does not take into account these biases and noises. In this talk, we show our proposed novel behavioral security game models for the study of human decision-making in networked systems modeled by attack graphs. We show that behavioral biases lead to suboptimal resource allocation patterns. We also analyze the outcomes of protecting multiple isolated assets with heterogeneous valuations via decision- and game-theoretic frameworks. We show that behavioral defenders over-invest in higher-valued assets compared to rational defenders. We then propose different learning-based techniques and adapt two different tax-based mechanisms for guiding behavioral decision-makers towards optimal security investment decisions. In particular, we show the outcomes of such learning and mechanisms on different realistic networked systems. In total, our research establishes rigorous frameworks to analyze the security of both large-scale networked systems and heterogeneous isolated assets managed by human decision makers and provides new and important insights into security vulnerabilities that arise in such settings.

About the Speaker

Dr. Mustafa Abdallah is a tenure-track Assistant Professor in the Computer and Information Technology (CIT) Department at Purdue University in Indianapolis, with a courtesy appointment at Purdue Polytechnic Institute. He earned his Ph.D. from the Elmore Family School of Electrical and Computer Engineering at Purdue University in 2022 and previously served as a tenure-track faculty member at IUPUI. His research focuses on game theory, behavioral decision-making, explainable AI, meta-learning, and deep learning, with applications in proactive security of networked systems, IoT anomaly detection, and intrusion detection. His work has been published in top security and AI venues, includingIEEE S&P, ACM AsiaCCS, IEEE TCNS, IEEE IoT-J, Computers & Security, and ACM TKDD. He has received the Bilsland Fellowship, multiple IEEE travel grants, and internal research funding from IUPUI. Dr. Abdallah has extensive industrial research experience, including internships at Adobe Research (meta-learning for time-series forecasting), Principal Financial Group (Kalman filter modeling for financial predictions), and RDI (deep learning for speech technology applications), which led to a U.S. patent and multiple publications. He holds B.Sc. and M.Sc. degrees from Cairo University, with a focus on electrical engineering and engineering mathematics, respectively.

Ways to Watch

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!