Abstract
When attackers attempt to exfiltrate information from a computer network, they are faced with a selection problem: They must identify valuable units of information among many irrelevant ones. We model such attacks as repeated urn draws under different distributional patterns, depending on how attackers pursue their operation. Further, we use prospect theory to model risk aversion and overconfidence among attackers. We illustrate the applicability of this model, and we discuss how defenders can use our insights to raise the transaction cost of exfiltration.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Formal proof is available on request from the corresponding author.
References
Akerlof, G. (1970). The market for lemons: Quality uncertainty and the market mechanism. Quarterly Journal of Economics, 84, 488–500.
Barnes, J. E. (2020). US accuses hackers of trying to steal coronavirus vaccine data for China. The New York Times, July 21, 2020.
Cunliffe, K. S. (2021). Hard target espionage in the information era: New challenges for the second oldest profession. Intelligence and National Security, 36(7), 1018–1034.
Davies, D. W. (1995). The Lorenz cipher machine SZ42. Cryptologia, 19(1), 39–61.
Denning, P. J., & Lewis, T. G. (2016). Exponential laws of computing growth. Communications of the ACM, 60(1), 54–65.
Eastwood, J. (2019). Enabling militarism? The inclusion of soldiers with disabilities in the Israeli military. International Political Sociology, 13(4), 430–446.
Hurley-Hanson, A. E., Giannantonio, C. M., & Griffiths, A. J. (2020). Organizations with autism initiatives. In A. Hurley-Hanson, C. Giannantonio, & A. J. Griffiths (Eds.), Autism in the Workplace (pp. 179–214). Cham: Palgrave Macmillan.
Iasiello, E. J. (2017). Russia’s improved information operations: From Georgia to Crimea. The US Army War College Quarterly: Parameters, 47(2), 51–63.
Kahneman, D., & Tversky, A. (1992). Advances in prospect theory: Cumulative representation of uncertainty. Journal of Risk and Uncertainty, 5, 297–323.
Kahneman, D., & Tversky, A. (1979). Prospect Theory: An analysis of decision under risk. Econometrica, 47(2), 263–291.
Koomey, J., Berard, S., Sanchez, M., & Wong, H. (2010). Implications of historical trends in the electrical efficiency of computing. IEEE Annals of the History of Computing, 33(3), 46–54.
Lin, H. S. (2010). Offensive cyber operations and the use of force. Journal of National Security Law & Policy, 4(1), 63–86.
Lindsay, J. R. (2017). Cyber espionage. In P. Cornish (Ed.), Handbook of cyber security (pp. 223–238). Oxford: Oxford University Press.
Mickolus, E. (2015). The Counterintelligence chronology: Spying by and against the United States from the 1700s through 2014. McFarland.
Moore, D. (2018). Targeting technology: Mapping military offensive network operations. In IEEE 2018 10th international conference on cyber conflict (CyCon) (pp. 89–108).
Nowrasteh, A. (2021). Espionage, espionage-related crimes, and immigration: A risk analysis, 1990–2019. Cato Institute Policy Analysis No. 909.
Rieger, M. O., & Wang, M. (2008). Prospect theory for continuous distributions. Journal of Risk and Uncertainty, 36(1), 83–102.
Short, M. (2021). On binomial quantile and proportion bounds: With applications in engineering and informatics. Communication in Statistics - Theory and Methods, forthcoming.
Smeets, M. (2018). The strategic promise of offensive cyber operations. Strategic Studies Quarterly, 12(3), 90–113.
Takemura, K., & Murakami, H. (2016). Probability weighting functions derived from hyperbolic time discounting: Psychophysical models and their individual level testing. Frontiers in Psychology, 7, 778.
Weissbrodt, D. (2013). Cyber-conflict, cyber-crime, and cyber-espionage. Minnesota Journal of International Law, 22, 347.
Wettering, F. L. (2001). The internet and the spy business. International Journal of Intelligence and Counterintelligence, 14(3), 342–365.
Wilson, R., & Campbell-Kelly, M. (2020). Computing: The 1940s and 1950s. Math Intelligencer, 42, 92.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
1 Electronic supplementary material
Below is the link to the electronic supplementary material.
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Fischer, P., Muhly, F., Keupp, M.M. (2023). Drawing with Limited Resources: Statistical Modeling of Computer Network Exploitation and Prevention. In: Keupp, M.M. (eds) Cyberdefense. International Series in Operations Research & Management Science, vol 342. Springer, Cham. https://doi.org/10.1007/978-3-031-30191-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-30191-9_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30190-2
Online ISBN: 978-3-031-30191-9
eBook Packages: Business and ManagementBusiness and Management (R0)