Resource Distribution in Multiple Attacks with Imperfect Detection of the Attack Outcome

Collaborative Autonomic Computing Laboratory, School of Computer Science, University of Electronic Science and Technology of China, Chengdu, China.
Risk Analysis (Impact Factor: 2.5). 07/2011; 32(2):304-18. DOI: 10.1111/j.1539-6924.2011.01657.x
Source: PubMed


This article extends the previous research of consecutive attacks strategy by assuming that an attacker observes the outcome of each attack imperfectly. With given probabilities it may wrongly identify a destroyed target as undestroyed, and wrongly identify an undestroyed target as destroyed. The outcome of each attack is determined by a contest success function that depends on the amount of resources allocated by the defender and the attacker to each attack. The article suggests a probabilistic model of the multiple attacks and analyzes how the target destruction probability and the attacker's relative resource expenditure are impacted by the two probabilities of incorrect observation, the attacker's and defender's resource ratio, the contest intensity, the number of attacks, and the resource distribution across attacks. We analyze how the attacker chooses the number of attacks, the attack stopping rule, and the optimal resource distribution across attacks to maximize its utility.

Download full-text


Available from: Gregory Levitin, Nov 06, 2014
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This review paper classifies 129 published papers according to the system structure, defense measures, and attack tactics and circumstances. System structure is further divided into single element, series systems, parallel systems, series-parallel systems, networks, multiple elements, interdependent systems, and other types of systems. Defense measures are divided into separation of system elements, redundancy, protection, multilevel defense, false targets deployment and preventive strike. Attack tactics and circumstances are divided into attack against single element, attack against multiple elements, consecutive attacks, random attack, combination of intentional and unintentional impacts, incomplete information, and variable resources. The classification is intended to give an overview of the field and implicitly suggest future areas of research.
    Full-text · Article · Jan 2012 · International Journal of Performability Engineering
  • [Show abstract] [Hide abstract]
    ABSTRACT: The modern computer and communication networks that firms rely on have become more complex due to their dynamic, distributed and heterogeneous features; it is therefore increasingly important to characterize the interaction between a firm and a user to ensure information security. Recently, a game-theory approach has been widely employed to investigate this issue, including the optimal configurations of the detection software. However, for both the firm and the user, inaccuracies may persist in the gap between strategic decisions and actual actions, due to the effects of irrationality and the error-prone nature of the devices that carry their commands. This paper analyzes the effects of decision errors on the optimal strategies of both the firm and the user and, in particular, on the optimal configurations of the detection software. We finally demonstrate that decision errors can promote several pure equilibrium strategies and that fine-tuning these configurations quickly becomes difficult. Furthermore, we find that decision errors can drastically influence the optimal configurations and expected costs for a firm.
    No preview · Article · Nov 2013 · Reliability Engineering [?] System Safety
  • [Show abstract] [Hide abstract]
    ABSTRACT: As an emerging and thriving research branch, information security economics has recently drawn significant attention from practitioners and academics. Traditionally, both decision and static game theoretical techniques are employed to characterize the strategies of firms and hackers. However, these techniques fail to capture the dynamic attribute of the risk environment, which is an increasingly important element, especially in modern distributed and complex computer and communication networks. Utilizing a differential game framework in which hackers disseminate security knowledge within a hacker population over time, this paper analyzes dynamic interactions between a firm endeavoring to protect its information assets and a hacker seeking to misappropriate them. In particular, we investigate three differential games in which the firm and the hacker move simultaneously and sequentially, respectively. We find that (a) the hacker invests the most in the simultaneous differential game, whereas the firm, as the leader, invests the most in the sequential differential game, and (b) both the firm and the hacker enjoy their highest payoffs in the sequential differential game with the hacker as the leader. Furthermore, it is numerically shown that in equilibrium, knowledge dissemination may not necessarily benefit the hacker and harm the firm. Some of our results are consistent with the findings of previous work, although the earlier results were obtained from a static game framework. Our main findings contrast with those of several previous studies that showed mixed results for comparisons between simultaneous and sequential games.
    No preview · Article · Dec 2013 · Decision Analysis
Show more

We use cookies to give you the best possible experience on ResearchGate. Read our cookies policy to learn more.