Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies

Loading...
Thumbnail Image

Authors

Nizovtsev, Dmitri
Cremonini, Marco

Issue Date

2006-04-1

Type

Working paper

Language

en_US

Keywords

Computer security , Computer hackers , Security , Security investment

Research Projects

Organizational Units

Journal Issue

Alternative Title

Abstract

We consider a model of economic behavior of attackers for the case when they are able to obtain complete information about the security characteristics of each target and the case when such information is unavailable. We find that if attackers are able to distinguish targets by their security characteristics and switch between multiple alternative targets, then the direct effect of security measures, represented by the strengthened technical protection of networked assets, is complemented by a behavioral effect resulting from more effort being put into attacks on systems with low security level than on systems with high security level. ignoring that effect would result in underinvestment in security or misallocation of security resources. We also find that systems with better levels of protection have stronger incentives to reveal their security characteristics to attackers whereas poorly protected systems prefer to hide their characteristics. Those results have important implications for security practices and policy issues.

Description

Citation

Publisher

Washburn University. School of Business

Rights

Journal

Volume

Issue

PubMed ID

DOI

ISSN

EISSN