Security protection design for deception and real system regimes: A model and analysis

In this paper, we model a possible deception system with the explicit purpose of enticing unauthorized users and restricting their access to the real system. The proposed model represents a system designer's defensive actions against intruders in a way that maximizes the difference between the intruders' cost and the system designer's cost of system protection. Under the assumption of a dual entity system, the proposed model shows that intruders differ in behavior depending on the system's vulnerability at the time of intrusion as well as depending on their own economic incentives. The optimal results of the proposed model provide the system designer with insights on how to configure the level of protection for the two systems.

[1]  Rahul Telang,et al.  Economics of software vulnerability disclosure , 2005, IEEE Security & Privacy.

[2]  Sushil K. Sharma,et al.  Securing information infrastructure from information warfare , 2002 .

[3]  Kathy Crilley Information warfare: new battle fields Terrorists, propaganda and the Internet , 2001 .

[4]  Michael Sink The Use of Honeypots and Packet Sniffers for Intrusion Detection , .

[5]  Fabien Pouget White paper: honeypot, honeynet, honeytoken: terminological issues , 2003 .

[6]  I. Png,et al.  Market segmentation, cannibalization, and the timing of product introductions , 1992 .

[7]  Fred Cohen A Mathematical Structure of Simple Defensive Network Deception , 2000, Comput. Secur..

[8]  Mohamed Hamdi,et al.  A decisional framework system for computer network intrusion detection , 2007, Eur. J. Oper. Res..

[9]  T. S. Raghu,et al.  Autonomic-computing approach to secure knowledge management: a game-theoretic analysis , 2006, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[10]  Gerald L. Kovacich Information warfare and the information systems security professional , 1997, Comput. Secur..

[11]  Michael D. Smith,et al.  How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks , 2003, Financial Cryptography.

[12]  R. Adkins An Insurance Style Model for Determining the Appropriate Investment Level against Maximum Loss arising from an Information Security Breach , 2004 .

[13]  Gurpreet Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[14]  Lawrence A. Gordon,et al.  Sharing Information on Computer Systems Security: An Economic Analysis , 2003 .

[15]  Andrew M. Odlyzko Economics, Psychology, and Sociology of Security , 2003, Financial Cryptography.

[16]  Ann Tunner Under attack. , 2002, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[17]  Moshe Dror,et al.  Efficient scheduling of periodic information monitoring requests , 2006, Eur. J. Oper. Res..

[18]  Oded Berman,et al.  Location of terror response facilities: A game between state and terrorist , 2007, Eur. J. Oper. Res..

[19]  A. Tynan,et al.  Market Segmentation , 2018, Entrepreneurial Management Theory and Practice.

[20]  B. McCarl,et al.  Economics , 1870, The Indian medical gazette.

[21]  Honeypots,et al.  Honeypots Definitions and Value of Honeypots , .

[22]  Andrew B. Whinston,et al.  A Computer Charging Mechanism for Revealing User Preferences within a Large Organization , 1989, J. Manag. Inf. Syst..

[23]  Antonella Basso,et al.  Optimal resource allocation with minimum activation levels and fixed costs , 2001, Eur. J. Oper. Res..

[24]  Carla Marceau,et al.  Intrusion detection for distributed applications , 1999, CACM.

[25]  C Libicki Martin INFORMATION WAR, INFORMATION PEACE , 1998 .

[26]  Hakim Bey,et al.  The Information War , 1995 .

[27]  Alan Boulanger Catapults and Grappling Hooks: The Tools and Techniques of Information Warfare , 1998, IBM Syst. J..

[28]  Rajendra P. Srivastava,et al.  An Information Systems Security Risk Assessment Model Under the Dempster-Shafer Theory of Belief Functions , 2006, J. Manag. Inf. Syst..

[29]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[30]  H. Raghav Rao,et al.  Management of Information Systems Outsourcing: A Bidding Perspective , 1995, J. Manag. Inf. Syst..