Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies
Loading...
Files
Authors
Nizovtsev, Dmitri
Cremonini, Marco
Issue Date
2006-04-1
Type
Working paper
Language
en_US
Keywords
Computer security , Computer hackers , Security , Security investment
Alternative Title
Abstract
We consider a model of economic behavior of attackers for the case when they are able to obtain complete information about the security characteristics of each target and the case when such information is unavailable. We find that if attackers are able to distinguish targets by their security characteristics and switch between multiple alternative targets, then the direct effect of security measures, represented by the strengthened technical protection of networked assets, is complemented by a behavioral effect resulting from more effort being put into attacks on systems with low security level than on systems with high security level. ignoring that effect would result in underinvestment in security or misallocation of security resources. We also find that systems with better levels of protection have stronger incentives to reveal their security characteristics to attackers whereas poorly protected systems prefer to hide their characteristics. Those results have important implications for security practices and policy issues.
Description
Citation
Publisher
Washburn University. School of Business