Skip to main content
SpringerLink
Log in

Blue versus Red: Towards a Model of Distributed Security Attacks

  • Conference paper
Financial Cryptography and Data Security (FC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5628))

Included in the following conference series:

Abstract

We develop a two-sided multiplayer model of security in which attackers aim to deny service and defenders strategize to secure their assets. Attackers benefit from the successful compromise of target systems, however, may suffer penalties for increased attack activities. Defenders weigh the force of an attack against the cost of security. We consider security decision-making in tightly and loosely coupled networks and allow defense expenditures in protection and self-insurance technologies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abad, C.: The economics of phishing: A survey of the operations of the phishing market. First Monday 10(9) (2005)

    Google Scholar 

  2. Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security & Privacy 3(1), 26–33 (2005)

    Article  Google Scholar 

  3. Anderson, R.: Why information security is hard - an economic perspective. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, LA (December 2001)

    Google Scholar 

  4. Aspnes, J., Chang, K., Yampolskiy, A.: Inoculation strategies for victims of viruses and the sum-of-squares partition problem. Journal of Computer and System Sciences 72(6), 1077–1093 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  5. Becker, G.: Crime and punishment: An economic approach. Journal of Political Economy 76(2), 169–217 (1968)

    Article  Google Scholar 

  6. Böhme, R., Kataria, G.: Models and measures for correlation in cyber-insurance. In: Proceedings of the Fifth Annual Workshop on Economics and Information Security (WEIS 2006), Cambridge, UK (June 2006)

    Google Scholar 

  7. Bolot, J., Lelarge, M.: A new perspective on internet security using insurance. In: Proceedings of the 27th Conference on Computer Communications (INFOCOM 2008), Phoenix, AZ, April 2008, pp. 1948–1956 (2008)

    Google Scholar 

  8. Cameron, S.: The economics of crime deterrence: A survey of theory and evidence. Kyklos 41(2), 301–323 (1988)

    Article  Google Scholar 

  9. Cavusoglu, H., Raghunathan, S., Yue, W.: Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems 25(2), 281–304 (Fall 2008)

    Article  Google Scholar 

  10. Chantler, N.: Profile of a Computer Hacker. Interpact Press, Seminole (1997)

    Google Scholar 

  11. Christin, N., Grossklags, J., Chuang, J.: Near rationality and competitive equilibria in networked systems. In: Proceedings of ACM SIGCOMM 2004 Workshop on Practice and Theory of Incentives in Networked Systems (PINS), Portland, OR, August 2004, pp. 213–219 (2004)

    Google Scholar 

  12. Chung, W., Chen, H., Chang, W., Chou, S.: Fighting cybercrime: a review and the taiwan experience. Decision Support Systems 41(3), 669–682 (2006)

    Article  Google Scholar 

  13. Clark, D., Konrad, K.: Asymmetric conflict: Weakest link against best shot. Journal of Conflict Resolution 51(3), 457–469 (2007)

    Article  Google Scholar 

  14. Cornes, R., Sandler, T.: The theory of externalities, public goods, and club goods, 2nd edn. Cambridge University Press, Cambridge (1996)

    Book  MATH  Google Scholar 

  15. Cremonini, M., Nizovtsev, D.: Understanding and influencing attackers decisions: Implications for security investment strategies. In: Proceedings of the Fifth Annual Workshop on Economics and Information Security (WEIS 2006), Cambridge, UK (June 2006)

    Google Scholar 

  16. Cymru, T.: The underground economy: Priceless. ;login: The USENIX Magazine 31(6) (2006)

    Google Scholar 

  17. Danezis, G., Anderson, R.: The economics of resisting censorship. IEEE Security & Privacy 3(1), 45–50 (2005)

    Article  Google Scholar 

  18. Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, VA, October/November 2007, pp. 375–388 (2007)

    Google Scholar 

  19. Gordon, S.: The generic virus writer. In: Proceedings of the International Virus Bulletin Conference, Jersey, Channel Islands, September 1994, pp. 121–138 (1994)

    Google Scholar 

  20. Granick, J.: Faking it: Calculating loss in computer crime sentencing. I/S: A Journal of Law and Policy for the Information Society 2(2), 207–228 (Spring/Summer 2006)

    Google Scholar 

  21. Grossklags, J., Christin, N., Chuang, J.: Predicted and observed behavior in the weakest-link security game. In: Proceedings of the USENIX Workshop on Usability, Privacy and Security (UPSEC 2008), San Francisco, CA (April 2008)

    Google Scholar 

  22. Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 2008 World Wide Web Conference (WWW 2008), Beijing, China, April 2008, pp. 209–218 (2008)

    Google Scholar 

  23. Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the Ninth ACM Conference on Electronic Commerce (EC 2008), Chicago, IL, July 2008, pp. 160–169 (2008)

    Google Scholar 

  24. Higgens, K.J.: Dark Reading (April 2007)

    Google Scholar 

  25. Hirshleifer, J.: From weakest-link to best-shot: the voluntary provision of public goods. Public Choice 41(3), 371–386 (1983)

    Article  Google Scholar 

  26. Jiang, L., Anantharam, V., Walrand, J.: Efficiency of selfish investments in network security. In: Proceedings of the 2008 Workshop on the Economics of Networks, Systems, and Computation (NetEcon 2008), Seattle, WA, August 2008, pp. 31–36 (2008)

    Google Scholar 

  27. Kesan, J., Majuca, R., Yurcik, W.: Three economic arguments for cyberinsurance. In: Chander, A., Gelman, L., Radin, M. (eds.) Securing Privacy in the Internet Age, pp. 345–366. Stanford University Press, Stanford (2008)

    Google Scholar 

  28. Kessler, G.: Defenses against distributed denial of service attacks (2000)

    Google Scholar 

  29. Kshetri, N.: The simple economics of cybercrimes. IEEE Security & Privacy 4(1), 33–39 (2006)

    Article  Google Scholar 

  30. Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2–3), 231–249 (2003)

    Article  MATH  Google Scholar 

  31. Moscibroda, T., Schmid, S., Wattenhofer, R.: When selfish meets evil: Byzantine players in a virus inoculation game. In: Proceedings of the 25th Annual ACM Symposium on Principles of Distributed Computing (PODC 2006), Denver, CO, July 2006, pp. 35–44 (2006)

    Google Scholar 

  32. Naraine, R.: Kraken botnet infiltration triggers ethics debate. eWeek.com (May 2008)

    Google Scholar 

  33. Pautasso, C., Wilde, E.: Why is the web loosely coupled? A multi-faceted metric for service design. In: Proceedings of the 2009 World Wide Web Conference (WWW 2009), Madrid, Spain, April 2009, pp. 911–920 (2009)

    Google Scholar 

  34. Potter, B.: Dirty secrets of the security industry. Defcon XV, Las Vegas (2007)

    Google Scholar 

  35. Radosavac, S., Kempf, J., Kozat, U.: Using insurance to increase internet security. In: Proceedings of the 2008 Workshop on the Economics of Networks, Systems, and Computation (NetEcon 2008), Seattle, WA, August 2008, pp. 43–48 (2008)

    Google Scholar 

  36. Schechter, S., Smith, M.: How much security is enough to stop a thief? In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 122–137. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  37. Schneier, B.: Tactics, targets, and objectives. Wired.com (May 2007)

    Google Scholar 

  38. Swire, P.: No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime. Journal on Telecommunications and High Technology Law, forthcoming (2008)

    Google Scholar 

  39. The Honeynet Project. Know your enemy: the tools and methodologies of the script-kiddie (July 2000), http://project.honeynet.org/papers/enemy/

  40. Van Huyck, J., Battallio, R., Beil, R.: Tacit coordination games, strategic uncertainty, and coordination failure. American Economic Review 80(1), 234–248 (1990)

    Google Scholar 

  41. Varian, H.: System reliability and free riding. In: Camp, L., Lewis, S. (eds.) Economics of Information Security. Advances in Information Security, vol. 12, pp. 1–15. Kluwer Academic Publishers, Dordrecht (2004)

    Chapter  Google Scholar 

  42. Weinberg, N.: Botnet economy runs wild. Network World (April 2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information, University of California, Berkeley, 102 South Hall, 94720, Berkeley, CA, USA

    Neal Fultz & Jens Grossklags

Authors
  1. Neal Fultz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jens Grossklags
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Tor Project, Dedham, MA, USA

    Roger Dingledine

  2. Palo Alto Research Center, 3333 Coyote Hill Rd, 94304, Palo Alto, CA, USA

    Philippe Golle

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fultz, N., Grossklags, J. (2009). Blue versus Red: Towards a Model of Distributed Security Attacks. In: Dingledine, R., Golle, P. (eds) Financial Cryptography and Data Security. FC 2009. Lecture Notes in Computer Science, vol 5628. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03549-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03549-4_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03548-7

  • Online ISBN: 978-3-642-03549-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation