A two-period game theoretic model of zero-day attacks with stockpiling. (English) Zbl 1457.91071
Summary: In a two-period game, Player 1 produces zero-day exploits for immediate deployment or stockpiles for future deployment. In Period 2, Player 1 produces zero-day exploits for immediate deployment, supplemented by stockpiled zero-day exploits from Period 1. Player 2 defends in both periods. The article illuminates how players strike balances between how to exert efforts in the two periods, depending on asset valuations, asset growth, time discounting, and contest intensities, and when it is worthwhile for Player 1 to stockpile. Eighteen parameter values are altered to illustrate sensitivity. Player 1 stockpiles when its unit effort cost of developing zero-day capabilities is lower in Period 1 than in Period 2, in which case it may accept negative expected utility in Period 1 and when its zero-day appreciation factor of stockpiled zero-day exploits from Period 1 to Period 2 increases above one. When the contest intensity in Period 2 increases, the players compete more fiercely with each other in both periods, but the players only compete more fiercely in Period 1 if the contest intensity in Period 1 increases.
MSC:
| 91A20 | Multistage and repeated games |
| 91A05 | 2-person games |
| 91A80 | Applications of game theory |
| 68M25 | Computer security |
References:
| [1] | Nakashima, E.; Warrick, J.; Stuxnet Was Work of U.S. and Israeli Experts, Officials Say; 2012; . |
| [2] | Cherepanov, A.; Windows Zero-Day CVE-2019-1132 Exploited in Targeted Attacks; 2019; . |
| [3] | Recent Zero-Day Attacks: Top Examples and How to Prevent It; 2020; . |
| [4] | Hausken, K.; Welburn, J.W.; Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits; Inf. Syst. Front.: 2020; ,1-12. |
| [5] | Chen, H.; Han, Q.; Jajodia, S.; Lindelauf, R.; Subrahmanian, V.S.; Xiong, Y.; Disclose or Exploit? A Game-Theoretic Approach to Strategic Decision Making in Cyber-Warfare; IEEE Syst. J.: 2020; Volume 14 ,3779-3790. |
| [6] | Ablon, L.; Bogart, A.; ; Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits: Santa Monica, CA, USA 2017; . |
| [7] | Singh, U.K.; Joshi, C.; Kanellopoulos, D.; A Framework for Zero-Day Vulnerabilities Detection and Prioritization; J. Inf. Secur. Appl.: 2019; Volume 46 ,164-172. |
| [8] | Al-Rimy, B.A.S.; Maarof, M.A.; Prasetyo, Y.A.; Shaid, S.Z.M.; Ariffin, A.F.M.; Malaysia, S.K.C.; Zero-Day Aware Decision Fusion-Based Model for Crypto-Ransomware Early Detection; Int. J. Integr. Eng.: 2018; Volume 10 ,82-88. |
| [9] | Venkatraman, S.; Alazab, M.; Use of Data Visualisation for Zero-Day Malware Detection; Secur. Commun. Netw.: 2018; Volume 2018 ,1-13. |
| [10] | Sun, X.y.; Dai, J.; Liu, P.; Singhal, A.; Yen, J.; Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack Paths; IEEE Trans. Inf. Forensics Secur.: 2018; Volume 13 ,2506-2521. |
| [11] | Parrend, P.; Navarro, J.; Guigou, F.; Deruyver, A.; Collet, P.; Foundations and Applications of Artificial Intelligence for Zero-Day and Multi-Step Attack Detection; EURASIP J. Inf. Secur.: 2018; Volume 2018 ,4. |
| [12] | Singh, S.; Sharma, P.K.; Moon, S.Y.; Park, J.H.; A Hybrid Layered Architecture for Detection and Analysis of Network Based Zero-Day Attack; Comput. Commun.: 2017; Volume 106 ,100-106. |
| [13] | Kim, J.Y.; Bu, S.J.; Cho, S.B.; Zero-Day Malware Detection Using Transferred Generative Adversarial Networks Based on Deep Autoencoders; Inf. Sci.: 2018; Volume 460 ,83-102. |
| [14] | Gupta, D.; Rani, R.; Big Data Framework for Zero-Day Malware Detection; Cybern. Syst.: 2018; Volume 49 ,103-121. |
| [15] | Sharma, V.; Lee, K.; Kwon, S.; Kim, J.; Park, H.; Yim, K.; Lee, S.Y.; A Consensus Framework for Reliability and Mitigation of Zero-Day Attacks in IoT; Secur. Commun. Networks: 2017; Volume 2017 ,1-24. |
| [16] | Haider, W.; Creech, G.; Xie, Y.; Hu, J.K.; Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS) to Zero-Day and Stealth Attacks; Future Internet: 2016; Volume 8 . |
| [17] | Tran, H.; Campos-Nanez, E.; Fomin, P.; Wasek, J.; Cyber Resilience Recovery Model to Combat Zero-Day Malware Attacks; Comput. Secur.: 2016; Volume 61 ,19-31. |
| [18] | Tidy, L.; Woodhead, S.; Wetherall, J.; Simulation of Zero-Day Worm Epidemiology in the Dynamic, Heterogeneous Internet; J. Def. Model. Simul. Appl. Methodol. Technol.: 2015; Volume 12 ,123-138. |
| [19] | Chowdhury, M.U.; Abawajy, J.H.; Kelarev, A.V.; Hochin, T.; Multilayer Hybrid Strategy for Phishing Email Zero-Day Filtering; Concurr. Comput. Pract. Exp.: 2017; Volume 29 ,e3929. |
| [20] | Duessel, P.; Gehl, C.; Flegel, U.; Dietrich, S.; Meier, M.; Detecting Zero-Day Attacks Using Context-Aware Anomaly Detection at the Application-Layer; Int. J. Inf. Secur.: 2017; Volume 16 ,475-490. |
| [21] | Chamotra, S.; Sehgal, R.K.; Misra, R.S.; Honeypot Baselining for Zero Day Attack Detection; Int. J. Inf. Secur. Priv.: 2017; Volume 11 ,63-74. |
| [22] | Afek, Y.; Bremler-Barr, A.; Feibish, S.L.; Zero-Day Signature Extraction for High-Volume Attacks; IEEE/ACM Trans. Netw.: 2019; Volume 27 ,691-706. |
| [23] | Baliga, S.; De Mesquita, E.B.; Wolitzky, A.; Deterrence with Imperfect Attribution; Am. Political Sci. Rev.: 2020; Volume 114 ,1155-1178. |
| [24] | Edwards, B.; Furnas, A.; Forrest, S.; Axelrod, R.; Strategic aspects of cyberattack, attribution, and blame; Proc. Natl. Acad. Sci. USA: 2017; Volume 114 ,2825-2830. |
| [25] | Welburn, J.W.; Grana, J.; Schwindt, K.; ; Cyber Deterrence or: How We Learned to Stop Worrying and Love the Signal: Santa Monica, CA, USA 2019; . |
| [26] | Nagurney, A.; Shukla, S.; Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability; Eur. J. Oper. Res.: 2017; Volume 260 ,588-600. · Zbl 1403.91217 |
| [27] | Levitin, G.; Hausken, K.; Taboada, H.A.; Coit, D.W.; Data Survivability vs. Security in Information Systems; Reliab. Eng. Syst. Saf.: 2012; Volume 100 ,19-27. |
| [28] | Enders, W.; Sandler, T.; What Do We Know About the Substitution Effect in Transnational Terrorism?; Researching Terrorism: Trends, Achievements, Failures: Ilfords, UK 2003; . |
| [29] | Hausken, K.; Income, Interdependence, and Substitution Effects Affecting Incentives for Security Investment; J. Account. Public Policy: 2006; Volume 25 ,629-665. |
| [30] | Lakdawalla, D.N.; Zanjani, G.; Insurance, Self-Protection, and the Economics of Terrorism; J. Public Econ.: 2005; Volume 89 ,1891-1905. |
| [31] | Hausken, K.; Returns to Information Security Investment: The Effect of Alternative Information Security Breach Functions on Optimal Investment and Sensitivity to Vulnerability; Inf. Syst. Front.: 2006; Volume 8 ,338-349. |
| [32] | Hausken, K.; Returns to Information Security Investment: Endogenizing the Expected Loss; Inf. Syst. Front.: 2014; Volume 16 ,329-336. |
| [33] | Hausken, K.; Information Sharing Among Firms and Cyber Attacks; J. Account. Public Policy: 2007; Volume 26 ,639-688. |
| [34] | Hausken, K.; A Strategic Analysis of Information Sharing Among Cyber Attackers; J. Inf. Syst. Technol. Manag.: 2015; Volume 12 ,245-270. |
| [35] | Hausken, K.; Information Sharing Among Cyber Hackers in Successive Attacks; Int. Game Theory Rev.: 2017; Volume 19 ,33. · Zbl 1391.91067 |
| [36] | Hausken, K.; Security Investment, Hacking, and Information Sharing between Firms and between Hackers; Games: 2017; Volume 8 . · Zbl 1410.91064 |
| [37] | Hausken, K.; Proactivity and Retroactivity of Firms and Information Sharing of Hackers; Int. Game Theory Rev.: 2018; Volume 20 ,1750030. · Zbl 1398.91065 |
| [38] | Do, C.T.; Tran, N.H.; Hong, C.; Kamhoua, C.A.; Kwiat, K.A.; Blasch, E.; Ren, S.; Pissinou, N.; Iyengar, S.S.; Game theory for cyber security and privacy; ACM Comput. Surv.: 2017; Volume 50 ,1-37. |
| [39] | Hausken, K.; Levitin, G.; Review of Systems Defense and Attack Models; Int. J. Perform. Eng.: 2012; Volume 8 ,355-366. |
| [40] | Roy, S.; Ellis, C.; Shiva, S.; Dasgupta, D.; Shandilya, V.; Wu, Q.; A survey of game theory as applied to network security; Proceedings of the 2010 43rd Hawaii International Conference on System Sciences: ; ,1-10. |
| [41] | Tullock, G.; Efficient Rent-Seeking; Toward a Theory of the Rent-Seeking Society: College Station, TX, USA 1980; ,97-112. |
| [42] | Hausken, K.; Levitin, G.; Efficiency of Even Separation of Parallel Elements with Variable Contest Intensity; Risk Anal.: 2008; Volume 28 ,1477-1486. |
| [43] | Hausken, K.; Additive Multi-Effort Contests; Theory Decis.: 2020; Volume 89 ,203-248. · Zbl 1453.91005 |
| [44] | Congleton, R.D.; Hillman, A.L.; Konrad, K.A.; ; 40 Years of Research on Rent Seeking—Applications: Rent Seeking in Practice: Berlin/Heidelberg, Germany 2008; Volume Volume 2 . |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
