Abstract
We develop a two-sided multiplayer model of security in which attackers aim to deny service and defenders strategize to secure their assets. Attackers benefit from the successful compromise of target systems, however, may suffer penalties for increased attack activities. Defenders weigh the force of an attack against the cost of security. We consider security decision-making in tightly and loosely coupled networks and allow defense expenditures in protection and self-insurance technologies.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Abad, C.: The economics of phishing: A survey of the operations of the phishing market. First Monday 10(9) (2005)
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security & Privacy 3(1), 26–33 (2005)
Anderson, R.: Why information security is hard - an economic perspective. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, LA (December 2001)
Aspnes, J., Chang, K., Yampolskiy, A.: Inoculation strategies for victims of viruses and the sum-of-squares partition problem. Journal of Computer and System Sciences 72(6), 1077–1093 (2006)
Becker, G.: Crime and punishment: An economic approach. Journal of Political Economy 76(2), 169–217 (1968)
Böhme, R., Kataria, G.: Models and measures for correlation in cyber-insurance. In: Proceedings of the Fifth Annual Workshop on Economics and Information Security (WEIS 2006), Cambridge, UK (June 2006)
Bolot, J., Lelarge, M.: A new perspective on internet security using insurance. In: Proceedings of the 27th Conference on Computer Communications (INFOCOM 2008), Phoenix, AZ, April 2008, pp. 1948–1956 (2008)
Cameron, S.: The economics of crime deterrence: A survey of theory and evidence. Kyklos 41(2), 301–323 (1988)
Cavusoglu, H., Raghunathan, S., Yue, W.: Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems 25(2), 281–304 (Fall 2008)
Chantler, N.: Profile of a Computer Hacker. Interpact Press, Seminole (1997)
Christin, N., Grossklags, J., Chuang, J.: Near rationality and competitive equilibria in networked systems. In: Proceedings of ACM SIGCOMM 2004 Workshop on Practice and Theory of Incentives in Networked Systems (PINS), Portland, OR, August 2004, pp. 213–219 (2004)
Chung, W., Chen, H., Chang, W., Chou, S.: Fighting cybercrime: a review and the taiwan experience. Decision Support Systems 41(3), 669–682 (2006)
Clark, D., Konrad, K.: Asymmetric conflict: Weakest link against best shot. Journal of Conflict Resolution 51(3), 457–469 (2007)
Cornes, R., Sandler, T.: The theory of externalities, public goods, and club goods, 2nd edn. Cambridge University Press, Cambridge (1996)
Cremonini, M., Nizovtsev, D.: Understanding and influencing attackers decisions: Implications for security investment strategies. In: Proceedings of the Fifth Annual Workshop on Economics and Information Security (WEIS 2006), Cambridge, UK (June 2006)
Cymru, T.: The underground economy: Priceless. ;login: The USENIX Magazine 31(6) (2006)
Danezis, G., Anderson, R.: The economics of resisting censorship. IEEE Security & Privacy 3(1), 45–50 (2005)
Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, VA, October/November 2007, pp. 375–388 (2007)
Gordon, S.: The generic virus writer. In: Proceedings of the International Virus Bulletin Conference, Jersey, Channel Islands, September 1994, pp. 121–138 (1994)
Granick, J.: Faking it: Calculating loss in computer crime sentencing. I/S: A Journal of Law and Policy for the Information Society 2(2), 207–228 (Spring/Summer 2006)
Grossklags, J., Christin, N., Chuang, J.: Predicted and observed behavior in the weakest-link security game. In: Proceedings of the USENIX Workshop on Usability, Privacy and Security (UPSEC 2008), San Francisco, CA (April 2008)
Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 2008 World Wide Web Conference (WWW 2008), Beijing, China, April 2008, pp. 209–218 (2008)
Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the Ninth ACM Conference on Electronic Commerce (EC 2008), Chicago, IL, July 2008, pp. 160–169 (2008)
Higgens, K.J.: Dark Reading (April 2007)
Hirshleifer, J.: From weakest-link to best-shot: the voluntary provision of public goods. Public Choice 41(3), 371–386 (1983)
Jiang, L., Anantharam, V., Walrand, J.: Efficiency of selfish investments in network security. In: Proceedings of the 2008 Workshop on the Economics of Networks, Systems, and Computation (NetEcon 2008), Seattle, WA, August 2008, pp. 31–36 (2008)
Kesan, J., Majuca, R., Yurcik, W.: Three economic arguments for cyberinsurance. In: Chander, A., Gelman, L., Radin, M. (eds.) Securing Privacy in the Internet Age, pp. 345–366. Stanford University Press, Stanford (2008)
Kessler, G.: Defenses against distributed denial of service attacks (2000)
Kshetri, N.: The simple economics of cybercrimes. IEEE Security & Privacy 4(1), 33–39 (2006)
Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2–3), 231–249 (2003)
Moscibroda, T., Schmid, S., Wattenhofer, R.: When selfish meets evil: Byzantine players in a virus inoculation game. In: Proceedings of the 25th Annual ACM Symposium on Principles of Distributed Computing (PODC 2006), Denver, CO, July 2006, pp. 35–44 (2006)
Naraine, R.: Kraken botnet infiltration triggers ethics debate. eWeek.com (May 2008)
Pautasso, C., Wilde, E.: Why is the web loosely coupled? A multi-faceted metric for service design. In: Proceedings of the 2009 World Wide Web Conference (WWW 2009), Madrid, Spain, April 2009, pp. 911–920 (2009)
Potter, B.: Dirty secrets of the security industry. Defcon XV, Las Vegas (2007)
Radosavac, S., Kempf, J., Kozat, U.: Using insurance to increase internet security. In: Proceedings of the 2008 Workshop on the Economics of Networks, Systems, and Computation (NetEcon 2008), Seattle, WA, August 2008, pp. 43–48 (2008)
Schechter, S., Smith, M.: How much security is enough to stop a thief? In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 122–137. Springer, Heidelberg (2003)
Schneier, B.: Tactics, targets, and objectives. Wired.com (May 2007)
Swire, P.: No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime. Journal on Telecommunications and High Technology Law, forthcoming (2008)
The Honeynet Project. Know your enemy: the tools and methodologies of the script-kiddie (July 2000), http://project.honeynet.org/papers/enemy/
Van Huyck, J., Battallio, R., Beil, R.: Tacit coordination games, strategic uncertainty, and coordination failure. American Economic Review 80(1), 234–248 (1990)
Varian, H.: System reliability and free riding. In: Camp, L., Lewis, S. (eds.) Economics of Information Security. Advances in Information Security, vol. 12, pp. 1–15. Kluwer Academic Publishers, Dordrecht (2004)
Weinberg, N.: Botnet economy runs wild. Network World (April 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fultz, N., Grossklags, J. (2009). Blue versus Red: Towards a Model of Distributed Security Attacks. In: Dingledine, R., Golle, P. (eds) Financial Cryptography and Data Security. FC 2009. Lecture Notes in Computer Science, vol 5628. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03549-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-03549-4_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03548-7
Online ISBN: 978-3-642-03549-4
eBook Packages: Computer ScienceComputer Science (R0)