Pau, Louis-François (2010): Botnet economics and devising defence schemes from attackers’ own reward processes.
Preview |
PDF
MPRA_paper_31014.pdf Download (186kB) | Preview |
Abstract
This paper focuses on botnet economics and design of defensive strategies. It takes the view that by combining scarce information on the attackers’ business models, with rational economic analysis of these business processes, one can identify design rules for economic defense mechanisms which the target can implement, often in a cheap way in addition to technical means. A short survey of game theory in the security area, is followed by a real case of an Internet casino. This leads to develop a model, applicable to this case and others, which is presented first qualitatively then quantitatively. This allows carrying out different analyses based on different equilibrium or termination principles; the ones studied are reward break-even analysis, and Max-Min analysis from game theory, for the target and the attackers. On that basis, a number of specific economic and information led defense strategies are identified which can be further studied using the model and specific adaptations to other data or cases.
| Item Type: | MPRA Paper |
|---|---|
| Original Title: | Botnet economics and devising defence schemes from attackers’ own reward processes |
| Language: | English |
| Keywords: | Botnets, Economics, Game theory, Internet casinos, Cyber defense |
| Subjects: | C - Mathematical and Quantitative Methods > C7 - Game Theory and Bargaining Theory L - Industrial Organization > L8 - Industry Studies: Services > L86 - Information and Internet Services ; Computer Software N - Economic History > N4 - Government, War, Law, International Relations, and Regulation |
| Item ID: | 31014 |
| Depositing User: | L-F Pau |
| Date Deposited: | 20 May 2011 19:21 |
| Last Modified: | 10 Oct 2019 22:22 |
| References: | [1] C. A. Schiller, J. Binkley et al., Botnets: The Killer Web App, Syngress Publishing Co, 2008, ISBN: 1-59749-135-7 [2] P.O. Jonsson, The economics of spam and the context of the aftermath of the CAN SPAM Act of 2003, Int. J. of liability and scientific enquiry 2009, Vol 7, no 1, 40-52 [3] How To Spam Facebook Like A Pro: An Insider’s Confession http://www.techcrunch.com/2009/11/01/how-to-spam-facebook-like-a-pro-an-insiders-confession/ [4] The Economics of spam, http://cc.uoregon.edu/cnews/summer2003/spameconomics.html [5] Y.Namestnikov, Kaspersky Labs, Botnet economics, www.kaspersky.com/news?id=207575866 , 22 Jul 2009, and http://www.viruslist.com/analysis?pubid=204792068 [6] Taking down spammers: Successful spam fighting via legalization, regulation and economics, (http://blogs.zdnet.com/security/?p=720) [7] Z. Li, Q. Liao, A. Striegel, Botnet economics: uncertainty matters, in the Proc. of the 7th Workshop on Economics of Information Security (WEIS 2008), June 2008, http://weis2008.econinfosec.org/papers/Liao.pdf [8] J.H. Case, Economics and the competitive process, New York University Press, NY, 1979, ISBN: 0-8147-1373-4 [9] T. Basar, G.J. Olsder, Dynamic noncooperative game theory, Academic Press, London, 1982, ISBN: 0-12-080220-1 [10] M. Cremonini, D. Nizovtsev, Understanding and influencing attackers’ decisions: implications for security investment strategies, in: Proc. of 5th Workshop on the Economics of Information Security (WEIS 2006), Cambridge (UK), 2006 [11] M. Kodialam, T.V. Lakshman, Detecting network intrusions via sampling: a game theoretic approach, in: Proc. of IEEE INFOCOM. San Francisco, CA, USA (2003) [12] N. Bohacek, J.P. Hespanha, J. Lee, C. Lim, K. Obraczka, Game theoretic stochastic routing for fault tolerance and security in computer networks. IEEE Transactions on Parallel and Distributed Systems 18(9), 1227-1240, (2007) [13] CORE Common open research emulator in Free BSD, from University of Zagreb and Boeing, 2008, http://cs.itd.nrl.navy.mil/work/core/index.php , https://launchpad.net/core , http://code.google.com/p/coreemu/ [14] Yun Wang, Statistical techniques for network security: modern statistically based intrusion detection and protection, IGI Press, 2009 ISBN: 978-1-59904-708-9 |
| URI: | https://mpra.ub.uni-muenchen.de/id/eprint/31014 |
All papers reproduced by permission. Reproduction and distribution subject to the approval of the copyright owners.
 |
View Item |
