Abstract
This study describes a three-player cyber security game involving an attacker, a defender, and a user. An attacker must choose to attack the defender or the user or to forego an attack altogether. Conversely, defender (e.g., system administrator) and user (e.g., individual system user) must choose between either a “standard” or “enhanced” security level. Deterrence is operationalized as a decision by an attacker to forego an attack. We conducted two behavioral experiments in which players were assigned to the cyber attacker role over multiple rounds of a security game and were incentivized based on their performance. The defender and user’s decisions were based on a joint probability distribution over their two options known to the attacker. Coordination between the defender and user is manipulated via the joint probability distribution. Results indicate that attacker deterrence is influenced by coordination between defender and user.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Huth, P.K.: Deterrence and international conflict: empirical findings and theoretical debates. Annu. Rev. Polit. Sci. 2(1), 25–48 (1999)
Jentleson, B.W., Whytock, C.A.: Who “won” Libya? The force-diplomacy debate and its implications for theory and policy. Int. Secur. 30(3), 47–86 (2006)
Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cyber security risk. Comput. Secur. 31(4), 597–611 (2012)
Summers, T.C., Lyytinen, K.J., Lingham, T., Pierce, E.A.: How hackers think: a study of cybersecurity experts and their mental models. In: Third Annual International Conference on Engaged Management Scholarship, Atlanta, Georgia (2013)
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90–101 (2013)
Hoath, P., Mulhall, T.: Hacking: motivation and deterrence, Part 1. Comput. Fraud Secur. 1998(4), 16–19 (1998)
Barber, R.: Hackers profiled-who are they and what are their motivations? Comput. Fraud Secur. 2001(2), 14–17 (2001)
Wible, B.: A site where hackers are welcome: using hack-in contests to shape preferences and deter computer crime. Yale Law J. 112(6), 1577–1623 (2003)
Hua, J., Bapna, S.: How can we deter cyber terrorism? Inf. Secur. J. Glob. Perspect. 21(2), 102–114 (2012)
Sharma, R.: Peeping into a hacker’s mind: can criminological theories explain hacking? (2007). https://ssrn.com/abstract=1000446 or http://dx.doi.org/10.2139/ssrn.1000446
Chan, S.H., Yao, L.J.: An empirical investigation of hacking behavior. Rev. Bus. Inf. Syst. 9(4), 41–58 (2011)
Guitton, C.: Criminals and cyber attacks: the missing link between attribution and deterrence. Int. J. Cyber Criminol. 6(2), 1030–1043 (2012)
Maimon, D., Alper, M., Sobesto, B., Cukier, M.: Restrictive deterrent effects of a warning banner in an attacked computer system. Criminology 52(1), 33–59 (2014)
Jones, H.M.: The restrictive deterrent effect of warning messages on the behavior of computer system trespassers. Doctoral dissertation (2014)
Wilson, I.I., Henry, T.: Restrictive deterrence and the severity of hackers’ attacks on compromised computer systems. Doctoral dissertation (2014)
Gibbs, J.: Crime, punishment and deterrence. Southwest. Soc. Sci. Q. 48(4), 515–530 (1968)
Tittle, C.: Crime rates and legal sanctions. Soc. Forces 16(4), 409–423 (1969)
Durlauf, S.N., Nagin, D.S.: The deterrent effect of imprisonment. In: Cook, P.J., Ludwig, J., McCrary, J. (eds.) Controlling Crime: Strategies and Tradeoffs, pp. 43–94. University of Chicago Press, Chicago (2010)
Parker, D.B.: Fighting Computer Crime: A New Framework for Protecting Information. Wiley, New York (1998)
Wilke, A., Barrett, H.C.: The hot hand phenomenon as a cognitive adaptation to clumped resources. Evol. Hum. Behav. 30(3), 161–169 (2009)
Scheibehenne, B., Wilke, A., Todd, P.M.: Expectations of clumpy resources influence predictions of sequential events. Evol. Hum. Behav. 32(5), 326–333 (2011)
Tyszka, T., Zielonka, P., Dacey, R., Sawicki, P.: Perception of randomness and predicting uncertain events. Think. Reason. 14(1), 83–110 (2008)
Kahneman, D., Tversky, A.: Choices, values, and frames. Am. Psychol. 39(4), 341–350 (1984)
Tversky, A., Kahneman, D.: Belief in the law of small numbers. Psychol. Bull. 76(2), 105–110 (1971)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Cui, J., Rosoff, H., John, R.S. (2017). Deterrence of Cyber Attackers in a Three-Player Behavioral Game. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds) Decision and Game Theory for Security. GameSec 2017. Lecture Notes in Computer Science(), vol 10575. Springer, Cham. https://doi.org/10.1007/978-3-319-68711-7_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-68711-7_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68710-0
Online ISBN: 978-3-319-68711-7
eBook Packages: Computer ScienceComputer Science (R0)