A Quantal Response Analysis of Defender-Attacker Sequential Security Games

TL;DR

This paper models a sequential security game between a defender and attacker, incorporating behavioral biases in the defender's decision-making, and analyzes how these biases influence security investments and overall system efficiency.

Contribution

It introduces a quantal response equilibrium model for security games considering bounded rationality, extending traditional analyses to include behavioral economic effects.

Findings

Quantal response equilibrium exists in the security game.

Behavioral biases lead to suboptimal security investments.

Equilibrium investments are less efficient than optimal solutions.

Abstract

We explore a scenario involving two sites and a sequential game between a defender and an attacker, where the defender is responsible for securing the sites while the attacker aims to attack them. Each site holds a loss value for the defender when compromised, along with a probability of successful attack. The defender can reduce these probabilities through security investments at each site. The attacker's objective is to target the site that maximizes the expected loss for the defender, taking into account the defender's security investments. While previous studies have examined security investments in such scenarios, our work investigates the impact of bounded rationality exhibited by the defender, as identified in behavioral economics. Specifically, we consider quantal behavioral bias, where humans make errors in selecting efficient (pure) strategies. We demonstrate the existence of a quantal response equilibrium in our sequential game and analyze how this bias affects the defender's choice of optimal security investments. Additionally, we quantify the inefficiency of equilibrium investments under quantal decision-making compared to an optimal solution devoid of behavioral biases. We provide numerical simulations to validate our main findings.