A game-theory approach to manage decision errors

With the fast development of modern computer and networks, information communication between firms and users becomes more complex. Recently, a game-theory approach has been widely used to investigate this issue. However, for firms and users, inaccuracies (defined as decision errors) persist in the gap between strategic decisions and actual actions. This paper, based on game theory, analyses the effects of decision errors on optimal equilibrium strategy of the firm and the user. Precisely speaking, we analysed how the firm and the user adjust their strategy accordingly to compensate for the mistakes caused by decision errors. Besides, we demonstrated that decision errors are not necessarily bad for the firm, and put forward the optimal methods of managing decision errors. Keyword: Intrusion detection system (IDS ; Game-theory; Decision Errors


Introduction
With the development of computers and networks, information security problems become increasing important in the key management area.Detection software (i.e., an intrusion detection system, IDS) provides effective supports for security management of information system, but fails to resolve the security problem of information system effectively by only relying on technology, since the environment of information system becomes more complex.Therefore, the economics of information security from the perspective of economics and management theory has developed rapidly in recent years.In the field of economics of information security, game theory has been used as a key research approach.For example, Cavusoglu & Raghunathan, Cavusoglu et al. and Levitin & Hausken give a game-theory analysis of the optimal configurations for security devices [1][2][3], Gao et al. and Hausken provide a game framework to discuss the investment of information security [4][5].
This paper attempts to discuss how to adjust the optimal strategy in the information system that has decision errors, and how to manage the decision errors.Decision errors are the inaccuracies between strategic decisions and actual actions, which is shown in Figure .1.Zhuang discusses the effect of decision errors by the agents on the social optimal investment in system security [6].The work (Alpcan & Basar, Nguyen et al.) analyzes the decision errors of firms and users in the field of information security [7][8].Our work is closely related to a seminal study [9], who analyzes the impact of the firms' and the users' decision errors on the equilibrium strategies and optimal configurations of the IDS.

Figure.1. Decision errors of the firms and the users
In this paper, we developed a game-theory framework for the interaction between firms and users that include decision errors, analyzed the impact of decision error on equilibrium strategies and how the firm and the user adjust their strategy accordingly to compensate for the mistakes caused by decision errors.This paper proceeds as follow: section 2 provides a game model of the interaction between the firm and the user.Section 3 derives the equilibrium strategies, the adjustment strategies and the optimal methods of managing decision errors.Section 4 concludes this paper.P F = (P D ) L (L>1) [10].
Because of the inaccuracy inherent in the IDS, manual investigations from a human security expert are necessary to verify the signal given by the IDS.It is assumed that manual investigations always succeed.We assume that a user's strategy is S U ∈{A,NA}, in which A is attacking transaction, NA is normal transaction; a firm's strategy is S F ∈{(I,I), (I,NI), (NI,I), (NI,NI)}, in which I is to investigate, NI is not to investigate, and the first element in each ordered pair is the firm's action when the IDS raises a signal, while the second element is the firm's action when the IDS does not raise a signal.The mixed strategy pair of the firm is given by (ρ 1 , ρ 2 )∈[0,1]×[0,1], it is reasonable to assume ρ 1 ≥ρ 2 , ρ 1 denotes the actual probability of a manual investigation in the presence of a signal, and ρ 2 denotes the actual probability of a manual investigation in the absence of a signal.Similarly, the mixed strategy of the user is given by the actual probability of attacking, ψ∈[0,1].Now, following [7][8], decision errors are introduced.Assume that parameter ε (parameter δ) denotes the probability that the user decides (not) to attack but ends up not attacking (attacking); and that parameter α (parameter γ) represents the probability that the firm intends (not) to implement manual investigation but ends up not implementing manual investigation (implementing manual investigation) regardless of whether the IDS generates a signal.ψ de is the user's actual probability of attacking.ρ 1de (ρ 2de ) denote the firm's actual probabilities of manual investigation when the IDS (dose not) generates a signal.
When the user attacks, it gains benefit of μ if not caught but receives a penalty of β if caught.The manual investigations incur a cost of c because the firm exerts some effort each time, and the necessary analysis software may be used.If an attack is undetected, the firm incurs a loss of d.If the firm successfully detects the attack, a fraction, 0≤φ≤1, of d will be recovered.It is reasonable to assume that c≤dφ, so that the firm's cost of investigation is not higher than its benefit if it detects an attack.

The model
The effect of decision errors can be described by the following equations: The following probability computations are used in deriving the equilibrium.The game tree of our model is shown in Figure .2.The firm's expected costs when the IDS generate a signal and does not take the form: , So, the firm's overall expected cost is , , , , Similarly, the user's expected benefits when the IDS generates a signal and does not take the form: , ns de Thus the overall expected benefits is , , , , 3 Model analysis

The optimal strategies
In this section, assume that a simultaneous game is played between the firm and the user.The Nash equilibrium strategies of this game can be solved, in which neither the firm nor the user can improve its utility by unilaterally deviate its strategy.Proposition 1: The following mixed strategy profiles constitute the Nash equilibrium in the presence of decision errors.Due to the limitation of space, the proof is omitted. If
Proposition 2: The following mixed strategy profiles constitute the Nash equilibrium without decision errors.
If .Low detection rates of IDS result in a high level of attacking, and therefore, the firm will not only inspect any users who raise a signal, but also a fraction of the users that do not raise a signal.On the other hand, sufficiently high detection rates of IDS reduce attacking.Therefore, the firm will not inspect any users who do not raise a signal, and, it can only inspect a fraction of the users that raise a signal.

The optimal configurations
Proposition 3: Decision errors have a great influence on the optimal strategies, and it is not necessary bad for the firm.With the change of decision errors, the firm and the user need to adjust their strategy accordingly to compensate for the mistake, which are illustrated by Table 1.
The proof is as follow: Compare proposition 1 with proposition 2, we get: Case1: If 1 the user needs to increase his decision probability of attacking (ψ), because decision errors cause the user's actual probability of attacking (ψ de ) to be decreased.This is shown in section A1, B1, A2 and B2.When δ is high ), the user needs to decrease his decision probability of attacking (ψ), because decision errors cause user's actual probability of attacking (ψ de ) to be increased.This is shown in section C1, D1, C2 and D2.When γ is low or α is high, that is, / / P E J D J ! , the firm needs to increase his decision probability of manual investigation (ρ 1 or ρ 2 ), because decision errors cause the firm's actual probability of manual investigation (ρ 1de or ρ 2de ) to be decreased.This is shown in section A1, C1, A2 and C2.When γ is high or α is low that is, / / P E J D J , the firm needs to decrease his decision investigation rate (ρ 1 or ρ 2 ), because decision errors cause the firm's actual investigation rate (ρ 1de or ρ 2de ) to be increased.This is shown in section B1, D1, B2 and D2.
To further understand the effect of decision errors on firm's strategies, we compare the firm's expected cost with decision errors and without decision errors.According to Proposition 1 and (10), we have: .The firm's loss is composed of two components (investigation cost and expected damage).The investigation cost is increasing in the investigation rate, and the damage cost is increasing in the attacking probability.The value of IDS not only comes from improved detection of attackers, but also from increased deterrence of attackers [2].With the increase of parameter α, decision errors cause the actual investigation rate to be decreased.It decreases the deterrence of 01016-p.3 attackers, so the attacking probability increases.Therefore, with the increase of parameter α, decision errors decrease investigation cost, but increase damage cost.Compared to parameter α, parameter γ has opposite effect.With the increase of parameter γ, decision errors decrease damage cost, but increase investigation cost.
When P D is low, the firm not only inspect any users who raise a signal, but also a fraction of the users that do not raise a signal.Actual probability of manual investigation is changing with parameter α and γ.If P D is low, when the firm inspect the users who do not raise a signal, with the change of actual investigation rate, the change of damage cost offset the change of investigation cost, causing the firm's total cost no change; when the firm inspect the users who raise a signal, with the decrease of actual investigation rate (with the increase of α), the increase of damage cost more than offset the saving realized in investigation cost, causing the firm's total cost to be increased.
When P D is high enough, the firm will not inspect any users who do not raise a signal, and, it can only inspect a fraction of the users that raise a signal.If P D is high, when the firm inspect the users who raise a signal, with the change of actual investigation rate, the change of damage cost offset the change of investigation cost, causing the firm's total cost no change; when the firm inspects the users who do not raise a signal, with the increase of actual investigation rate (with the increase of γ), the increase of investigation cost more than offset the damage cost, causing the firm's total cost to be increased.
Based on the above analysis, it is obvious that decision errors are not necessary bad for the firm except two cases.First is when P D is low, decision errors cause the actual investigation rate to be decreased.Second is when P D is high, decision errors cause the actual investigation rate to be increased.Decision errors are not neglected in practice, it will take firm a lot of money to decrease the decision errors.Therefore, the firm needs to decrease the decision errors only in the two cases above.

Conclusions
Decision errors should not be neglected in practice.In this paper, we investigate the effects of decision errors on the optimal strategies by developing a game theory framework between the firm and the users.We discuss the effect of decision errors on the optimal configurations and the firm's expected cost, and the adjustment strategy of both the firm and the user.That is how the firm and the user adjust their strategy accordingly to compensate for the mistakes caused by decision errors.Besides, we demonstrate that decision errors are not necessarily bad for the firm, and put forward the optimal methods of managing decision errors.
This paper assumes that both the firm and the user have complete knowledge about decision errors.But both firms and users have imperfect information about decision errors in practice.The optimal methods of managing decision errors is the problem that needs further research in this case.

Figure 2 .
Figure 2. Game tree of our model

2 Model description 2.1 Strategies and notations Probability
of detection is P D, probability of false negative is 1−P D ; Probability of false positive is P F. P D = P (classified as attacker | attacking transaction); P F = P (classified as attacker | normal transaction);

Table 1 .
The firm's and the user's adjustment to the strategy because of the decision errors