Skip to main content

Deterrence of Cyber Attackers in a Three-Player Behavioral Game

Part of the Lecture Notes in Computer Science book series (LNSC,volume 10575)


This study describes a three-player cyber security game involving an attacker, a defender, and a user. An attacker must choose to attack the defender or the user or to forego an attack altogether. Conversely, defender (e.g., system administrator) and user (e.g., individual system user) must choose between either a “standard” or “enhanced” security level. Deterrence is operationalized as a decision by an attacker to forego an attack. We conducted two behavioral experiments in which players were assigned to the cyber attacker role over multiple rounds of a security game and were incentivized based on their performance. The defender and user’s decisions were based on a joint probability distribution over their two options known to the attacker. Coordination between the defender and user is manipulated via the joint probability distribution. Results indicate that attacker deterrence is influenced by coordination between defender and user.


  • Deterrence
  • Cyber security
  • Expected utility

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. Huth, P.K.: Deterrence and international conflict: empirical findings and theoretical debates. Annu. Rev. Polit. Sci. 2(1), 25–48 (1999)

    CrossRef  MathSciNet  Google Scholar 

  2. Jentleson, B.W., Whytock, C.A.: Who “won” Libya? The force-diplomacy debate and its implications for theory and policy. Int. Secur. 30(3), 47–86 (2006)

    CrossRef  Google Scholar 

  3. Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cyber security risk. Comput. Secur. 31(4), 597–611 (2012)

    CrossRef  Google Scholar 

  4. Summers, T.C., Lyytinen, K.J., Lingham, T., Pierce, E.A.: How hackers think: a study of cybersecurity experts and their mental models. In: Third Annual International Conference on Engaged Management Scholarship, Atlanta, Georgia (2013)

    Google Scholar 

  5. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90–101 (2013)

    CrossRef  Google Scholar 

  6. Hoath, P., Mulhall, T.: Hacking: motivation and deterrence, Part 1. Comput. Fraud Secur. 1998(4), 16–19 (1998)

    CrossRef  Google Scholar 

  7. Barber, R.: Hackers profiled-who are they and what are their motivations? Comput. Fraud Secur. 2001(2), 14–17 (2001)

    CrossRef  Google Scholar 

  8. Wible, B.: A site where hackers are welcome: using hack-in contests to shape preferences and deter computer crime. Yale Law J. 112(6), 1577–1623 (2003)

    CrossRef  Google Scholar 

  9. Hua, J., Bapna, S.: How can we deter cyber terrorism? Inf. Secur. J. Glob. Perspect. 21(2), 102–114 (2012)

    CrossRef  Google Scholar 

  10. Sharma, R.: Peeping into a hacker’s mind: can criminological theories explain hacking? (2007). or

  11. Chan, S.H., Yao, L.J.: An empirical investigation of hacking behavior. Rev. Bus. Inf. Syst. 9(4), 41–58 (2011)

    Google Scholar 

  12. Guitton, C.: Criminals and cyber attacks: the missing link between attribution and deterrence. Int. J. Cyber Criminol. 6(2), 1030–1043 (2012)

    Google Scholar 

  13. Maimon, D., Alper, M., Sobesto, B., Cukier, M.: Restrictive deterrent effects of a warning banner in an attacked computer system. Criminology 52(1), 33–59 (2014)

    CrossRef  Google Scholar 

  14. Jones, H.M.: The restrictive deterrent effect of warning messages on the behavior of computer system trespassers. Doctoral dissertation (2014)

    Google Scholar 

  15. Wilson, I.I., Henry, T.: Restrictive deterrence and the severity of hackers’ attacks on compromised computer systems. Doctoral dissertation (2014)

    Google Scholar 

  16. Gibbs, J.: Crime, punishment and deterrence. Southwest. Soc. Sci. Q. 48(4), 515–530 (1968)

    Google Scholar 

  17. Tittle, C.: Crime rates and legal sanctions. Soc. Forces 16(4), 409–423 (1969)

    Google Scholar 

  18. Durlauf, S.N., Nagin, D.S.: The deterrent effect of imprisonment. In: Cook, P.J., Ludwig, J., McCrary, J. (eds.) Controlling Crime: Strategies and Tradeoffs, pp. 43–94. University of Chicago Press, Chicago (2010)

    Google Scholar 

  19. Parker, D.B.: Fighting Computer Crime: A New Framework for Protecting Information. Wiley, New York (1998)

    Google Scholar 

  20. Wilke, A., Barrett, H.C.: The hot hand phenomenon as a cognitive adaptation to clumped resources. Evol. Hum. Behav. 30(3), 161–169 (2009)

    CrossRef  Google Scholar 

  21. Scheibehenne, B., Wilke, A., Todd, P.M.: Expectations of clumpy resources influence predictions of sequential events. Evol. Hum. Behav. 32(5), 326–333 (2011)

    CrossRef  Google Scholar 

  22. Tyszka, T., Zielonka, P., Dacey, R., Sawicki, P.: Perception of randomness and predicting uncertain events. Think. Reason. 14(1), 83–110 (2008)

    CrossRef  Google Scholar 

  23. Kahneman, D., Tversky, A.: Choices, values, and frames. Am. Psychol. 39(4), 341–350 (1984)

    CrossRef  Google Scholar 

  24. Tversky, A., Kahneman, D.: Belief in the law of small numbers. Psychol. Bull. 76(2), 105–110 (1971)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Jinshu Cui .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Cui, J., Rosoff, H., John, R.S. (2017). Deterrence of Cyber Attackers in a Three-Player Behavioral Game. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds) Decision and Game Theory for Security. GameSec 2017. Lecture Notes in Computer Science(), vol 10575. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68710-0

  • Online ISBN: 978-3-319-68711-7

  • eBook Packages: Computer ScienceComputer Science (R0)