Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits-Reference-Cited by-同舟云学术

Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits

Published:2020-09-05 Issue:6 Volume:23 Page:1609-1620
ISSN:1387-3326
Container-title:Information Systems Frontiers
language:en
Short-container-title:Inf Syst Front

Author:

Hausken Kjell^ORCID,Welburn Jonathan W.

Abstract

AbstractTwo players strike balances between allocating resources for defense and production of zero-day exploits. Production is further allocated into cyberattack or stockpiling. Applying the Cobb Douglas expected utility function for equivalent players, an analytical solution is determined where each player’s expected utility is inverse U shaped in each player’s unit defense cost. More generally, simulations illustrate the impact of varying nine parameter values relative to a benchmark. Increasing a player’s unit costs of defense or development of zero-days benefits the opposing player. Increasing the contest intensities over the two players’ assets causes the players to increase their efforts until their resources are fully exploited and they receive zero expected utility. Decreasing the Cobb Douglas output elasticity for a player’s stockpiling of zero-days causes its attack to increase and its expected utility to eventually reach a maximum, while the opposing player’s expected utility reaches a minimum. Altering the Cobb Douglas output elasticities for a player’s attack or defense contests towards their maxima or minima causes maximum expected utility for both players.

Funder

University Of Stavanger

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Information Systems,Theoretical Computer Science,Software

Link

https://link.springer.com/content/pdf/10.1007/s10796-020-10054-z.pdf

Reference28 articles.

1. Arbatskaya, M., & Mialon, H. M. (2010). Multi-activity contests. Economic Theory, 43(1), 23–43. https://doi.org/10.1007/s00199-008-0424-y.

2. Baliga, S., de Mesquita, E. B., & Wolitzky, A. (2020). Deterrence with imperfect attribution. American Political Science Review. https://www.cambridge.org/core/journals/american-political-science-review/article/deterrence-with-imperfect-attribution/FAA1B972880D47696942E89628E81383.

3. Crossler, R., Bélanger, F., & Ormond, D. (2019). The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats. Information Systems Frontiers, 21(2), 343–357. https://doi.org/10.1007/s10796-017-9755-1.

4. Do, C. T., Tran, N. H., Hong, C., Kamhoua, C. A., Kwiat, K. A., Blasch, E., et al. (2017). Game theory for cyber security and privacy. ACM Computing Surveys (CSUR), 50(2), 30.

5. Edwards, B., Furnas, A., Forrest, S., & Axelrod, R. (2017). Strategic aspects of cyberattack, attribution, and blame. Proceedings of the National Academy of Sciences, 201700442.

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Fifty Years of Operations Research in Defense;European Journal of Operational Research;2024-10

2. A Review of Attacker–Defender Games and Cyber Security;Games;2024-08-14

3. Research on Intrusion Detection Technology for Naval Ship Networks;Lecture Notes in Electrical Engineering;2023

4. Cybersecurity in the Age of Uncertainty: Resilient and Antifragile Systems;2023

5. Performance evaluation of Convolutional Neural Network for web security;Computer Communications;2021-07