Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies
暂无分享,去创建一个
[1] George A. Akerlof. The Market for “Lemons”: Quality Uncertainty and the Market Mechanism , 1970 .
[2] John M. Cozzolino,et al. Sequential Search for an Unknown Number of Objects of Nonuniform Size , 1972, Oper. Res..
[3] Eric K. Clemons,et al. Evaluation of strategic investments in information technology , 1991, CACM.
[4] David Wright,et al. Towards Operational Measures of Computer Security , 1993, J. Comput. Secur..
[5] R. Zayan. Editor's preface , 1994, Behavioural Processes.
[6] Tomas Olovsson,et al. A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..
[7] Rodolphe Ortalo,et al. Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..
[8] Brian Randell,et al. Fundamental Concepts of Dependability , 2000 .
[9] Marc Dacier,et al. Fixed- vs. Variable-Length Patterns for Detecting Suspicious Process Behavior , 1998, J. Comput. Secur..
[10] Michael M. May,et al. How much is enough? A risk management approach to computer security , 2000 .
[11] Ross J. Anderson. Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.
[12] Dong Xiang,et al. Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.
[13] R. Power. CSI/FBI computer crime and security survey , 2001 .
[14] Lawrence A. Gordon,et al. The economics of information security investment , 2002, TSEC.
[15] Gary Stoneburner,et al. SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .
[16] G. Stoneburner,et al. Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .
[17] Luis E. Ortiz,et al. Algorithms for Interdependent Security Games , 2003, NIPS.
[18] Lawrence A. Gordon,et al. Information Security Expenditures and Real Options: A Wait-and-See Approach , 2003 .
[19] H. Kunreuther,et al. Interdependent Security , 2003 .
[20] Peng Liu,et al. Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.
[21] Michael D. Smith,et al. How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks , 2003, Financial Cryptography.
[22] T. Sandler,et al. What do we know about the substitution effect in transnational terrorism , 2003 .
[23] Christopher Krügel,et al. Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.
[24] William H. Sanders,et al. Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.
[25] Huseyin Cavusoglu,et al. Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches , 2004, Decis. Anal..
[26] Michael D. Smith,et al. Computer security strength and risk: a quantitative approach , 2004 .
[27] Peng Ning,et al. Techniques and tools for analyzing intrusion alerts , 2004, TSEC.
[28] Carl E. Landwehr,et al. Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.
[29] Peter P. Swire. A Model for When Disclosure Helps Security: What Is Different About Computer and Network Security? , 2004, J. Telecommun. High Technol. Law.
[30] Huseyin Cavusoglu,et al. Model for Evaluating , 2022 .
[31] Steve Purser. Improving the ROI of the security management process , 2004, Comput. Secur..
[32] Stuart E. Schechter. Toward econometric models of the security risk from remote attacks , 2005, IEEE Security & Privacy.
[33] John McDermott,et al. Attack-potential-based survivability modeling for high-consequence systems , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).
[34] G. Rodewald.. Aligning information security investments with a firm's risk tolerance , 2005, InfoSecCD '05.
[35] Larry Samuelson,et al. Choosing What to Protect: Strategic Defensive Allocation Against an Unknown Attacker , 2005 .
[36] Lawrence A. Gordon,et al. Managing Cybersecurity Resources: A Cost-Benefit Analysis , 2005 .
[37] Huseyin Cavusoglu,et al. The Value of Intrusion Detection Systems in Information Technology Security Architecture , 2005, Inf. Syst. Res..
[38] Christopher J. Coyne,et al. THE ECONOMICS OF COMPUTER HACKING , 2005 .
[39] George A. Akerlof,et al. The Market for “Lemons”: Quality Uncertainty and the Market Mechanism , 1970 .