Attacks exploiting human attentional vulnerability have posed severe threats to cybersecurity. In this work, we identify and formally define a new type of proactive attentional attacks called Informational Denial-of-Service (IDoS) attacks that generate a large volume of feint attacks to overload human operators and hide real attacks among feints. We incorporate human factors (e.g., levels of expertise, stress, and efficiency) and empirical results (e.g., the Yerkes-Dodson law and the sunk cost fallacy) to model the operators' attention dynamics and their decision-making processes along with the real-time alert monitoring and inspection. To assist human operators in timely and accurately dismissing the feints and escalating the real attacks, we develop a Resilient and Adaptive Data-driven alert and Attention Management Strategy (RADAMS) that de-emphasizes alerts selectively based on the alerts' observable features. RADAMS uses reinforcement learning to achieve a customized and transferable design for various human operators and evolving IDoS attacks. The integrated modeling and theoretical analysis lead to the Product Principle of Attention (PPoA), fundamental limits, and the tradeoff among crucial human and economic factors. Experimental results corroborate that the proposed strategy outperforms the default strategy and can reduce the IDoS risk by as much as 20%. Besides, the strategy is resilient to large variations of costs, attack frequencies, and human attention capacities. We have recognized interesting phenomena such as attentional risk equivalency, attacker's dilemma, and the half-truth optimal attack strategy.
翻译:在这项工作中,我们确定并正式界定了一种新型的主动式注意力攻击,称为信息拒绝服务(IDoS)攻击,这种攻击导致大量人手超负荷和隐藏真实攻击,从而造成大量性攻击,使人体操作者超负荷负荷,隐藏真正的攻击;我们根据警报的可观察特征,将人的因素(例如专门知识水平、压力和效率)和经验结果(例如Yerkeres-Dodson法和成本下降的谬误)纳入到模拟操作者的注意力动态及其决策过程以及实时警报监测和检查中。为了帮助人类操作者及时准确地消除攻击的行进,并加快实际攻击,我们制定了一个适应性和适应性攻击警报和注意力管理战略(RADAMS),根据警报的可观察特征,有选择地强调警报。RADMS利用强化学习,为各种人类操作者实现定制和可转移的设计,以及IDoS攻击不断演变。 最佳模型和理论分析导致产品注意原则(POPA),基本限度,以及基本风险,以及核心贸易风险战略,作为提议的20种成本,可以降低人类风险。