nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

When the Winning Move is Not to Play: Games of Deterrence in Cyber Security

verfasst von : Chad Heitzenrater, Greg Taylor, Andrew Simpson

Erschienen in: Decision and Game Theory for Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We often hear of measures that promote traditional security concepts such as ‘defence in depth’ or ‘compartmentalisation’. One aspect that has been largely ignored in computer security is that of ‘deterrence’. This may be due to difficulties in applying common notions of strategic deterrence, such as attribution — resulting in previous work focusing on the role that deterrence plays in large-scale cyberwar or other esoteric possibilities. In this paper, we focus on the operational and tactical roles of deterrence in providing everyday security for individuals. As such, the challenge changes: from one of attribution to one of understanding the role of attacker beliefs and the constraints on attackers and defenders. To this end, we demonstrate the role deterrence can play as part of the security of individuals against the low-focus, low-skill attacks that pervade the Internet. Using commonly encountered problems of spam email and the security of wireless networks as examples, we demonstrate how different notions of deterrence can complement well-developed models of defence, as well as provide insights into how individuals can overcome conflicting security advice. We use dynamic games of incomplete information, in the form of screening and signalling games, as models of users employing deterrence. We find multiple equilibria that demonstrate aspects of deterrence within specific bounds of utility, and show that there are scenarios where the employment of deterrence changes the game such that the attacker is led to conclude that the best move is not to play.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Approximate Solutions for Attack Graph Games with Imperfect Information

Nächstes Kapitel Sequentially Composable Rational Proofs

The “Network Mapper”. See http://nmap.org/ for a discussion on using NMAP for operating system fingerprinting.

Alanezi, F., Brooks, L.: Combatting online fraud in Saudi Arabia using General Deterrence Theory (GDT). In: Proceedings of the 20th Americas Conference on Information Systems (AMCIS 2014) (2014)

Alberts, D.S.: Defensive Information Warfare. National Defense University Press, Washington, D.C. (1996)

Anderson, R.: The economics of information security. Science 314(5799), 610–613 (2006)CrossRef

Bunn, M.E.: Can deterrence be tailored? Technical report 225, Institute for National Strategic Studies National Defense University, January 2007. http://www.ndu.edu/inss/nduhp

Cremonini, M., Nizovtsev, D.: Understanding and influencing attackers’ decisions: Implications for security investment strategies. In: Proceedings of the 5th Annual Workshop on the Economics of Information Security (WEIS 2006) (2006)

Dictionary.com: Deter — define deter at dictionary.com, January 2014. http://dictionary.reference.com/browse/deter

Dictionary.com: Deterrence — define deterrence at dictionary.com, January 2014. http://dictionary.reference.com/browse/deterrence?s=t

Gibbons, R.: Game Theory for Applied Economists. Princeton University Press, Princeton (1992)

Gray, C.S.: Deterrence and the nature of strategy. Small Wars Insurgencies 11(2), 17–26 (2000)CrossRef

10.

Grossklags, J., Christin, N., Chuang, J.: Secure or insure?: A game-theoretic analysis of information security games. In: Proceedings of the 17th International Conference on World Wide Web (WWW 2008), pp. 209–218. ACM (2008). http://doi.acm.org/10.1145/1367497.1367526

11.

Herath, T., Rao, H.R.: Protection motivation and deterrence: A framework for security policy compliance in organisations. Eur. J. Inf. Syst. 18(2), 106–125 (2009)CrossRef

12.

Herley, C.: Why do Nigerian scammers say they are from Nigeria? In: Proceedings of the 11th Annual Workshop on the Economics of Information Security (WEIS 2012) (2012). http://research.microsoft.com/apps/pubs/default.aspx?id=167719

13.

Hottell, M., Carter, D., Deniszczuk, M.: Predictors of home-based wireless security. In: Proceedings of the 5th Annual Workshop on the Economics of Information Security (WEIS 2006) (2006)

14.

Jabbour, K.T., Ratazzi, E.P.: Deterrence in cyberspace. In: Lowther, A. (ed.) Thinking About Deterrence: Enduring Questions in a Time of Rising Powers, Rogue Regimes, and Terrorism, pp. 37–47. Air University Press (2013)

15.

Moore, T., Anderson, R.: Economics and internet security: A survey of recent analytical, empirical and behavioral research. Technical report TR-03-11, Computer Science Group, Harvard University (2011)

16.

Morral, A.R., Jackson, B.A.: Understanding the role of deterrence in counterterrorism security. Technical report OP-281-RC, RAND Corporation, Santa Monica, CA (2009)

17.

Robbins, E.H., Hustus, H., Blackwell, J.A.: Mathematical foundaitons of strategic deterrence. In: Lowther, A. (ed.) Thinking About Deterrence: Enduring Questions in a Time of Rising Powers, Rogue Regimes, and Terrorism, pp. 137–165. Air University Press (2013)

18.

Schneier, B.: Schneier on security: Lessons from the Sony hack, December 2014. www.schneier.com/blog/archives/2014/12/lessons_from_th_4.html

19.

Taquechel, E.F., Lewis, T.G.: How to quantify deterrence and reduce critical infrastructure risk. Homeland Security Affairs 8, Article 12 (2012)

20.

Tirenin, W., Faatz, D.: A concept for strategic cyber defense. In: IEEE Military Communications Conference 1999 (MILCOM 1999), vol. 1, pp. 458–463 (1999)

21.

Varian, H.R.: Intermediate Microeconomics: A Modern Approach, 7th edn. W.W. Norton and Company, New York (2005)

Titel: When the Winning Move is Not to Play: Games of Deterrence in Cyber Security
verfasst von: Chad Heitzenrater
Greg Taylor
Andrew Simpson
Verlag: Springer International Publishing
Buch: Decision and Game Theory for Security
Print ISBN: 978-3-319-25593-4

Electronic ISBN: 978-3-319-25594-1

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-25594-1_14

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner