Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers
成果类型:
Article
署名作者:
Cremonini, Marco; Nizovtsev, Dmitri
署名单位:
University of Milan; Washburn University; Dartmouth College
刊物名称:
JOURNAL OF MANAGEMENT INFORMATION SYSTEMS
ISSN/ISSBN:
0742-1222
DOI:
10.2753/MIS0742-1222260308
发表日期:
2009
页码:
241-274
关键词:
security
MODEL
game
摘要:
The paper uses a game-theoretic setting to examine the interaction between strategic attackers who try to gain unauthorized access to information systems, or targets, and defenders of those targets. Our analysis of the attacker-defender interaction shows that well-protected targets can use signals of their superior level of protection as a deterrence tool. This is due to the fact that, all other things being equal, rational attackers motivated by potential financial gains tend to direct their effort toward less-protected targets. We analyze several scenarios differing in the scope of publicly available information about target parameters and discuss conditions under which greater defenders' ability to signal their security characteristics may improve their welfare. Our results may assist security researchers in devising better defense strategies through the use of deterrence and provide new insight about the efficacy of specific security practices in complex information security environments.