{"id":"https://openalex.org/W4417133045","doi":"https://doi.org/10.1007/s10207-025-01180-3","title":"Selfish or Malicious: Price of malice in human-centric security decision-making for attack graph-based interdependent systems","display_name":"Selfish or Malicious: Price of malice in human-centric security decision-making for attack graph-based interdependent systems","publication_year":2025,"publication_date":"2025-12-08","ids":{"openalex":"https://openalex.org/W4417133045","doi":"https://doi.org/10.1007/s10207-025-01180-3"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-025-01180-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01180-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01180-3.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01180-3.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007992878","display_name":"Mustafa Abdallah","orcid":"https://orcid.org/0000-0002-9554-9260"},"institutions":[{"id":"https://openalex.org/I135191193","display_name":"University of Indianapolis","ror":"https://ror.org/052133d12","country_code":"US","type":"education","lineage":["https://openalex.org/I135191193"]},{"id":"https://openalex.org/I55769427","display_name":"Indiana University \u2013 Purdue University Indianapolis","ror":"https://ror.org/05gxnyn08","country_code":"US","type":"education","lineage":["https://openalex.org/I55769427","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Mustafa Abdallah","raw_affiliation_strings":["Computer Information Technology Department, Purdue University, Indianapolis, IN, USA"],"affiliations":[{"raw_affiliation_string":"Computer Information Technology Department, Purdue University, Indianapolis, IN, USA","institution_ids":["https://openalex.org/I135191193","https://openalex.org/I55769427"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103210425","display_name":"Daniel C. Woods","orcid":"https://orcid.org/0000-0001-6278-2659"},"institutions":[{"id":"https://openalex.org/I99043593","display_name":"Macquarie University","ror":"https://ror.org/01sf06y89","country_code":"AU","type":"education","lineage":["https://openalex.org/I99043593"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Daniel Woods","raw_affiliation_strings":["Department of Economics, Macquarie University, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"Department of Economics, Macquarie University, Sydney, Australia","institution_ids":["https://openalex.org/I99043593"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058646409","display_name":"Timothy N. Cason","orcid":"https://orcid.org/0000-0001-9581-5015"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Timothy Cason","raw_affiliation_strings":["Department of Economics, Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"Department of Economics, Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5007992878"],"corresponding_institution_ids":["https://openalex.org/I135191193","https://openalex.org/I55769427"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":3.0778,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.94231407,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"25","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.5543000102043152,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.5543000102043152,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11807","display_name":"Infrastructure Resilience and Vulnerability Analysis","score":0.32899999618530273,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.017000000923871994,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/interdependence","display_name":"Interdependence","score":0.708899974822998},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5587999820709229},{"id":"https://openalex.org/keywords/inefficiency","display_name":"Inefficiency","score":0.5303000211715698},{"id":"https://openalex.org/keywords/asset","display_name":"Asset (computer security)","score":0.5115000009536743},{"id":"https://openalex.org/keywords/malice","display_name":"Malice","score":0.48989999294281006},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.4207000136375427},{"id":"https://openalex.org/keywords/weighting","display_name":"Weighting","score":0.41440001130104065},{"id":"https://openalex.org/keywords/expected-utility-hypothesis","display_name":"Expected utility hypothesis","score":0.36660000681877136},{"id":"https://openalex.org/keywords/enhanced-data-rates-for-gsm-evolution","display_name":"Enhanced Data Rates for GSM Evolution","score":0.3537999987602234}],"concepts":[{"id":"https://openalex.org/C185874996","wikidata":"https://www.wikidata.org/wiki/Q269699","display_name":"Interdependence","level":2,"score":0.708899974822998},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6812000274658203},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5914000272750854},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5587999820709229},{"id":"https://openalex.org/C2778869765","wikidata":"https://www.wikidata.org/wiki/Q6028363","display_name":"Inefficiency","level":2,"score":0.5303000211715698},{"id":"https://openalex.org/C76178495","wikidata":"https://www.wikidata.org/wiki/Q4808784","display_name":"Asset (computer security)","level":2,"score":0.5115000009536743},{"id":"https://openalex.org/C2778068216","wikidata":"https://www.wikidata.org/wiki/Q55019500","display_name":"Malice","level":2,"score":0.48989999294281006},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.4207000136375427},{"id":"https://openalex.org/C183115368","wikidata":"https://www.wikidata.org/wiki/Q856577","display_name":"Weighting","level":2,"score":0.41440001130104065},{"id":"https://openalex.org/C205706631","wikidata":"https://www.wikidata.org/wiki/Q2319304","display_name":"Expected utility hypothesis","level":2,"score":0.36660000681877136},{"id":"https://openalex.org/C162307627","wikidata":"https://www.wikidata.org/wiki/Q204833","display_name":"Enhanced Data Rates for GSM Evolution","level":2,"score":0.3537999987602234},{"id":"https://openalex.org/C177142836","wikidata":"https://www.wikidata.org/wiki/Q44455","display_name":"Game theory","level":2,"score":0.32659998536109924},{"id":"https://openalex.org/C339426","wikidata":"https://www.wikidata.org/wiki/Q1151839","display_name":"Prospect theory","level":2,"score":0.32260000705718994},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.3190000057220459},{"id":"https://openalex.org/C2779922397","wikidata":"https://www.wikidata.org/wiki/Q5014755","display_name":"CVAR","level":4,"score":0.3188000023365021},{"id":"https://openalex.org/C46814582","wikidata":"https://www.wikidata.org/wiki/Q23389","display_name":"Nash equilibrium","level":2,"score":0.31529998779296875},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2973000109195709},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.29350000619888306},{"id":"https://openalex.org/C82149807","wikidata":"https://www.wikidata.org/wiki/Q7242623","display_name":"Price of anarchy","level":4,"score":0.2906999886035919},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2888000011444092},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2703000009059906},{"id":"https://openalex.org/C101142422","wikidata":"https://www.wikidata.org/wiki/Q17101727","display_name":"Interdependent networks","level":3,"score":0.266400009393692},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2606000006198883},{"id":"https://openalex.org/C149441793","wikidata":"https://www.wikidata.org/wiki/Q200726","display_name":"Probability distribution","level":2,"score":0.2605000138282776},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.2583000063896179},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.25040000677108765}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-025-01180-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01180-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01180-3.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10207-025-01180-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01180-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01180-3.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4417133045.pdf","grobid_xml":"https://content.openalex.org/works/W4417133045.grobid-xml"},"referenced_works_count":65,"referenced_works":["https://openalex.org/W33891176","https://openalex.org/W77047371","https://openalex.org/W1547152107","https://openalex.org/W1563397953","https://openalex.org/W1564102710","https://openalex.org/W1788247746","https://openalex.org/W1964439345","https://openalex.org/W1972221945","https://openalex.org/W1976060656","https://openalex.org/W1990414757","https://openalex.org/W1993938397","https://openalex.org/W2017809722","https://openalex.org/W2021937151","https://openalex.org/W2033301118","https://openalex.org/W2056075452","https://openalex.org/W2056606651","https://openalex.org/W2070653954","https://openalex.org/W2074495844","https://openalex.org/W2077461840","https://openalex.org/W2077937403","https://openalex.org/W2099161251","https://openalex.org/W2102118103","https://openalex.org/W2121805588","https://openalex.org/W2128858148","https://openalex.org/W2140356130","https://openalex.org/W2142141201","https://openalex.org/W2183224697","https://openalex.org/W2207375515","https://openalex.org/W2250171293","https://openalex.org/W2260320574","https://openalex.org/W2290944024","https://openalex.org/W2302571425","https://openalex.org/W2312254734","https://openalex.org/W2528125428","https://openalex.org/W2579603034","https://openalex.org/W2592577925","https://openalex.org/W2605381169","https://openalex.org/W2641889561","https://openalex.org/W2744809428","https://openalex.org/W2762076758","https://openalex.org/W2794988934","https://openalex.org/W2803786553","https://openalex.org/W2877214426","https://openalex.org/W2883847230","https://openalex.org/W2951270751","https://openalex.org/W2977577189","https://openalex.org/W2997353660","https://openalex.org/W3005790741","https://openalex.org/W3011865677","https://openalex.org/W3016437435","https://openalex.org/W3028353965","https://openalex.org/W3081278938","https://openalex.org/W3118782058","https://openalex.org/W3165362989","https://openalex.org/W3173514555","https://openalex.org/W4205839607","https://openalex.org/W4224932126","https://openalex.org/W4288057727","https://openalex.org/W4294362019","https://openalex.org/W4385073841","https://openalex.org/W4391807422","https://openalex.org/W4392151675","https://openalex.org/W4399268729","https://openalex.org/W4399920484","https://openalex.org/W4401387352"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Interdependent":[1],"systems":[2,95],"are":[3,22,46],"increasingly":[4],"vulnerable":[5],"to":[6,92,124,154,195],"rapidly":[7],"growing":[8],"cybersecurity":[9,257],"threats.":[10],"In":[11],"this":[12],"work,":[13],"we":[14,114,233],"investigate":[15],"security":[16,83,138,212,240],"decision-making":[17,110],"in":[18,108,210,259],"such":[19,148],"systems,":[20,223,261],"which":[21,77],"managed":[23],"by":[24,85,179],"multiple":[25],"defenders.":[26,87],"Each":[27,67],"defender":[28],"is":[29,69,123],"tasked":[30],"with":[31,71,208,228],"protecting":[32],"a":[33,72,105,144,250],"specific":[34],"subset":[35],"of":[36,74,100,130,270],"assets":[37,45,55],"against":[38,237],"potential":[39],"attackers.":[40],"The":[41],"interdependencies":[42],"among":[43],"these":[44,94,197],"modeled":[47],"using":[48,218],"an":[49,63,141],"attack":[50,64,245],"graph,":[51],"where":[52],"edges":[53],"between":[54,158],"indicate":[56],"that":[57,136,203],"compromising":[58],"one":[59],"asset":[60],"can":[61,78],"enable":[62],"on":[65,186,244],"another.":[66],"edge":[68],"associated":[70],"probability":[73,102,184],"successful":[75],"attack,":[76],"be":[79],"mitigated":[80],"through":[81],"strategic":[82],"investments":[84,227],"the":[86,98,119,126,131,156,159,164,176,187,204,211,268],"We":[88,134,150,173,191,214],"employ":[89],"game-theoretic":[90,225],"models":[91,217],"analyze":[93,175],"and":[96,163,170,182,201,255,267],"incorporate":[97],"effects":[99],"behavioral":[101,183,265],"weighting":[103,185],"bias,":[104],"well-documented":[106],"phenomenon":[107],"human":[109],"under":[111,167],"risk.":[112],"Additionally,":[113],"introduce":[115],"malicious":[116,137,171,180,272],"players":[117,181],"into":[118],"framework,":[120],"whose":[121],"objective":[122],"maximize":[125],"total":[127],"social":[128,189],"cost":[129],"interdependent":[132,222,260],"system.":[133],"demonstrate":[135],"games":[139],"possess":[140],"equilibrium,":[142],"providing":[143],"foundation":[145],"for":[146,253,263],"analyzing":[147],"systems.":[149],"then":[151,174],"present":[152],"examples":[153],"highlight":[155],"differences":[157],"socially":[160,229],"optimal":[161,226,230],"solution":[162],"equilibrium":[165],"solutions":[166],"both":[168,264],"selfish":[169],"players.":[172],"inefficiencies":[177],"introduced":[178],"system\u2019s":[188],"cost.":[190],"adapt":[192],"widely-used":[193],"metrics":[194],"quantify":[196],"inefficiencies,":[198],"derive":[199],"bounds,":[200],"show":[202],"inefficiency":[205],"grows":[206],"exponentially":[207],"increases":[209],"budget.":[213],"evaluate":[215],"our":[216,235],"four":[219,238],"representative":[220],"real-world":[221],"comparing":[224],"investments.":[231],"Furthermore,":[232],"benchmark":[234],"approach":[236],"popular":[239],"resource":[241],"allocation":[242],"methods":[243],"graphs.":[246],"This":[247],"work":[248],"provides":[249],"comprehensive":[251],"framework":[252],"understanding":[254],"mitigating":[256],"risks":[258],"accounting":[262],"biases":[266],"presence":[269],"internal":[271],"actors.":[273]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-12-08T00:00:00"}