The paper uses a game-theoretic setting to examine the interaction between strategic attackers who try to gain unauthorized access to information systems, or “targets,” and defenders of those targets. Our analysis of the attacker–defender interaction shows that well-protected targets can use signals of their superior level of protection as a deterrence tool. This is due to the fact that, all other things being equal, rational attackers motivated by potential financial gains tend to direct their effort toward less-protected targets. We analyze several scenarios differing in the scope of publicly available information about target parameters and discuss conditions under which greater defenders’ ability to signal their security characteristics may improve their welfare. Our results may assist security researchers in devising better defense strategies through the use of deterrence and provide new insight about the efficacy of specific security practices in complex information security environments.

Risks and benefits of signaling information system characteristics to strategic attackers / M. Cremonini, D. Nizovtsev. - In: JOURNAL OF MANAGEMENT INFORMATION SYSTEMS. - ISSN 0742-1222. - 26:3(2009), pp. 241-274. [10.2753/MIS0742-1222260308]

Risks and benefits of signaling information system characteristics to strategic attackers

M. Cremonini
;
2009

Abstract

The paper uses a game-theoretic setting to examine the interaction between strategic attackers who try to gain unauthorized access to information systems, or “targets,” and defenders of those targets. Our analysis of the attacker–defender interaction shows that well-protected targets can use signals of their superior level of protection as a deterrence tool. This is due to the fact that, all other things being equal, rational attackers motivated by potential financial gains tend to direct their effort toward less-protected targets. We analyze several scenarios differing in the scope of publicly available information about target parameters and discuss conditions under which greater defenders’ ability to signal their security characteristics may improve their welfare. Our results may assist security researchers in devising better defense strategies through the use of deterrence and provide new insight about the efficacy of specific security practices in complex information security environments.
Cost–benefit analysis ; Crime deterrence ; Games of complete and incomplete information ; Information security ; Information warfare ; Interdependent strategies ; Signaling
Settore INF/01 - Informatica
Settore SECS-P/06 - Economia Applicata
Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni
2009
Article (author)
File in questo prodotto:
File Dimensione Formato  
001_sb27report.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 424.35 kB
Formato Adobe PDF
424.35 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/161402
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 55
  • ???jsp.display-item.citation.isi??? 46
social impact