289 research outputs found
Optimal IS Security Investment: Cyber Terrorism vs. Common Hacking
Proper investment in information systems security can protect national critical information systems. This research compares the optimal investment decision for organizations to protect themselves from common hackers and from cyber terrorists. A two-stage stochastic game model is proposed to model cyber terrorism activities as well as common hacking activities. The results of our specific simulation indicate that an optimal investment exists for games such as cyber crimes, and that the potential maximum loss to organizations from cyber terrorism is about fifty times more than from common hackers. This research can also be generalized to other practical fields such as financial fraud prevention. To the best of our knowledge, our approach is a novel approach that combines economic theory, deterrence theory, and IS security to explore the cyber terrorism problem
The Attack and Defense of Weakest-Link Networks
This paper experimentally examines behavior in a two-player game of attack and defense of a weakest-link network of targets, in which the attacker’s objective is to successfully attack at least one target and the defender’s objective is diametrically opposed .We apply two benchmark contest success functions (CSFs): the auction CSF and the lottery CSF. Consistent with the theoretical prediction, under the auction CSF, attackers utilize a stochastic “guerilla warfare” strategy - in which a single random target is attacked - more than 80% of the time. Under the lottery CSF, attackers utilize the stochastic guerilla warfare strategy almost 45% of the time, contrary to the theoretical prediction of an equal allocation of forces across the targets.Colonel Blotto, conflict resolution, weakest-link, best-shot, multi-dimensional resource allocation, experiments
The Attack and Defense of Weakest-Link Networks
This paper experimentally examines behavior in a two-player game of attack and defense of a weakest-link network of targets, in which the attacker's objective is to successfully attack at least one target and the defender's objective is diametrically opposed. We apply two benchmark contest success functions (CSFs): the auction CSF and the lottery CSF. Consistent with the theoretical prediction, under the auction CSF, attackers utilize a stochastic “guerilla warfare” strategy — in which a single random target is attacked — more than 80% of the time. Under the lottery CSF, attackers utilize the stochastic guerilla warfare strategy almost 45% of the time, contrary to the theoretical prediction of an equal allocation of forces across the targets.Colonel Blotto, conflict resolution, weakest-link, best-shot, multi-dimensional resource allocation, experiments.
Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment
We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1479 simulation runs, we compared the performances of a group of experienced professionals with those of an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects; however, experienced subjects were better able to learn the need for proactive decision-making through an iterative process. Both groups exhibited similar errors when dealing with the uncertainty of cyber incidents. Our findings highlight the importance of training for decision-makers with a focus on systems thinking skills, and lay the groundwork for future research on uncovering mental biases about the complexities of cybersecurity. Keywords: Cybersecurity; Decision-making; Simulation; Capability developmen
Design of Dynamic and Personalized Deception: A Research Framework and New Insights
Deceptive defense techniques (e.g., intrusion detection, firewalls, honeypots, honeynets) are commonly used to prevent cyberattacks. However, most current defense techniques are generic and static, and are often learned and exploited by attackers. It is important to advance from static to dynamic forms of defense that can actively adapt a defense strategy according to the actions taken by individual attackers during an active attack. Our novel research approach relies on cognitive models and experimental games: Cognitive models aim at replicating an attacker’s behavior allowing the creation of personalized, dynamic deceptive defense strategies; experimental games help study human actions, calibrate cognitive models, and validate deceptive strategies. In this paper we offer the following contributions: (i) a general research framework for the design of dynamic, adaptive and personalized deception strategies for cyberdefense; (ii) a summary of major insights from experiments and cognitive models developed for security games of increased complexity; and (iii) a taxonomy of potential deception strategies derived from our research program so far
TESTING DECEPTION WITH A COMMERCIAL TOOL SIMULATING CYBERSPACE
Deception methods have been applied to the traditional domains of war (air, land, sea, and space). In the newest domain of cyber, deception can be studied to see how it can be best used. Cyberspace operations are an essential warfighting domain within the Department of Defense (DOD). Many training exercises and courses have been developed to aid leadership with planning and to execute cyberspace effects that support operations. However, only a few simulations train cyber operators about how to respond to cyberspace threats. This work tested a commercial product from Soar Technologies (Soar Tech) that simulates conflict in cyberspace. The Cyberspace Course of Action Tool (CCAT) is a decision-support tool that evaluates defensive deception in a wargame simulating a local-area network being attacked. Results showed that defensive deception methods of decoys and bait could be effective in cyberspace. This could help military cyber defenses since their digital infrastructure is threatened daily with cyberattacks.Marine Forces Cyberspace CommandChief Petty Officer, United States NavyChief Petty Officer, United States NavyApproved for public release. Distribution is unlimited
The Attack and Defense of Weakest-Link Networks
This paper experimentally examines behavior in a two-player game of attack and defense of a weakest-link network of targets, in which the attacker’s objective is to successfully attack at least one target and the defender’s objective is diametrically opposed. We apply two benchmark contest success functions (CSFs): the auction CSF and the lottery CSF. Consistent with the theoretical prediction, under the auction CSF, attackers utilize a stochastic “guerilla warfare” strategy — in which a single random target is attacked — more than 80% of the time. Under the lottery CSF, attackers utilize the stochastic guerilla warfare strategy almost 45% of the time, contrary to the theoretical prediction of an equal allocation of forces across the targets.Colonel Blotto, conflict resolution, weakest-link, best-shot, multi-dimensional resource allocation, experiments
- …