Abstract
Humans are the weakest link in cyber defense. According to a recent report by the World Economic Forum, a staggering 95% of cyber security breaches are attributed to human error. It is imperative that we take measures to safeguard individuals against exploitation of their cognitive vulnerabilities. To address this pressing issue, this talk presents a mechanism design theory aimed at proactively fortifying corporate networks against cognitive vulnerabilities and potential insider threats. Drawing upon the framework of Bayesian persuasion, we shall delve into the cooperative design of defensive deception, incentive mechanisms, and information structures, with the goal of guiding users towards behaviors that align with established security protocols and elevating their overall cyber hygiene. We will also touch upon the fundamental limitations of security compliance and the dynamic systems that result from the implementation of compliance control measures.
Biography
Quanyan Zhu received B. Eng. in Honors Electrical Engineering from McGill University in 2006, M. A. Sc. from the University of Toronto in 2008, and Ph.D. from the University of Illinois at Urbana-Champaign (UIUC) in 2013. After stints at Princeton University, he is currently an associate professor at the Department of Electrical and Computer Engineering, New York University (NYU). He is an affiliated faculty member of the Center for Urban Science and Progress (CUSP) and Center for Cyber Security (CCS) at NYU. He is a recipient of many awards, including NSF CAREER Award and INFORMS Koopman Prize. He spearheaded and chaired INFOCOM Workshop on Communications and Control on Smart Energy Systems (CCSES), Midwest Workshop on Control and Game Theory (WCGT), and ICRA workshop on Security and Privacy of Robotics. His current research interests include game theory, machine learning, cyber deception, network optimization and control, cyber and physical system resilience. He is a co-author of three recent books published by Springer: Cyber-Security in Critical Infrastructures: A Game-Theoretic Approach (with S. Rass, S. Schauer, and S. König), Game Theory for Cyber Deception (with J. Pawlick), and Cybersecurity in Robotics (with S. Rass, B. Dieber, V. M. Vilches).
