Paper Info
Title
Alerting about possible risks vs. blocking risky choices: A quantitative model and its empirical evaluation
Abstract
Alerting users about possible threats or blocking users’ ability to perform potentially dangerous actions are two common ways to protect systems from the adverse effects of threats, such as malicious email attachments, fraudulent requests, or system malfunctions. We present a normative model of the effects of alerting and blocking on the value of the outcomes, on measures of risk-taking, and on the number of successful attacks. We compared warning and blocking systems and binary- and likelihood-alarm systems as a function of properties of the threats and the security system. We also compared model predictions to actual user behavior, as measured in a controlled experiment. The experimental results were generally in line with the normative model. However, the model predicted that the outcomes from blocking would always be worse or equal to those from warnings. The experiment, however, showed that blocking may have an advantage over warnings, because it leads to fewer undetected events (as predicted by the model), without significantly lowering the mean value of outcomes (the model predicts a lower value). We discuss practical implications regarding the use of blocking and alerting and the more general value of combining optimal decision models and empirical experiments for determining system designs.
Year
DOI
Venue
2020
10.1016/j.cose.2020.101944
Computers & Security
Keywords
DocType
Volume
Cyber security,Alerts,Alarms,Warnings,Blocking,Signal detection theory,Decision making,Optimal behavior modeling,Behavioral validation
Journal
97
ISSN
Citations 
PageRank 
0167-4048
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Joachim Meyer137641.28
Omer Dembinsky200.34
Tal Raviv31159.51