IDEAS home Printed from https://ideas.repec.org/a/inm/ordeca/v15y2018i2p90-109.html
   My bibliography  Save this article

When Hackers Err: The Impacts of False Positives on Information Security Games

Author

Listed:
  • Bin Mai

    (University of North Texas, Denton, Texas 76203)

  • Shailesh Kulkarni

    (Department of Information Technology and Decision Sciences, University of North Texas, Denton, Texas 76203)

Abstract

False positive rates and their impacts have been a focal point for information security research. However, most of this research investigates false positives exclusively from the system defender’s perspective, while in reality an attacker also faces the classification decision in identifying feasible targets and the consequences of false positive rates. In this paper, we present the first comprehensive analytical model that incorporates the false positives from both the perspective of the attacker and that of the system defender. Our results show that such false positives from the attacker’s perspective have a significant impact on the attacker’s decision making for an attack, as well as the optimal protection strategy for the defender. Our results help to shed new light on a wide range of diverse information security phenomena such as spam emails, the Nigerian scams, and the design of the honeypot as a security mechanism. In addition, we show how an attacker’s misestimation of a certain parameter would affect the defender’s strategy and how the heterogeneity of the systems impacts the defender’s strategy to manipulate the attacker’s possible misestimation.

Suggested Citation

  • Bin Mai & Shailesh Kulkarni, 2018. "When Hackers Err: The Impacts of False Positives on Information Security Games," Decision Analysis, INFORMS, vol. 15(2), pages 90-109, June.
  • Handle: RePEc:inm:ordeca:v:15:y:2018:i:2:p:90-109
    DOI: 10.1287/deca.2017.0363
    as

    Download full text from publisher

    File URL: https://doi.org/10.1287/deca.2017.0363
    Download Restriction: no

    File URL: https://libkey.io/10.1287/deca.2017.0363?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Kjell Hausken, 2018. "A cost–benefit analysis of terrorist attacks," Defence and Peace Economics, Taylor & Francis Journals, vol. 29(2), pages 111-129, February.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Vicki M. Bier & Simon French, 2020. "From the Editors: Decision Analysis Focus and Trends," Decision Analysis, INFORMS, vol. 17(1), pages 1-8, March.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Chen, Shun & Zhao, Xudong & Chen, Zhilong & Hou, Benwei & Wu, Yipeng, 2022. "A game-theoretic method to optimize allocation of defensive resource to protect urban water treatment plants against physical attacks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 36(C).
    2. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    3. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    4. Adam Behrendt & Vineet M. Payyappalli & Jun Zhuang, 2019. "Modeling the Cost Effectiveness of Fire Protection Resource Allocation in the United States: Models and a 1980–2014 Case Study," Risk Analysis, John Wiley & Sons, vol. 39(6), pages 1358-1381, June.
    5. Zhiheng Xu & Jun Zhuang, 2019. "A Study on a Sequential One‐Defender‐N‐Attacker Game," Risk Analysis, John Wiley & Sons, vol. 39(6), pages 1414-1432, June.
    6. Qingqing Zhai & Rui Peng & Jun Zhuang, 2020. "Defender–Attacker Games with Asymmetric Player Utilities," Risk Analysis, John Wiley & Sons, vol. 40(2), pages 408-420, February.
    7. Daniel G. Arce, 2019. "On the human consequences of terrorism," Public Choice, Springer, vol. 178(3), pages 371-396, March.
    8. Halkos, George & Managi, Shunsuke & Zisiadou, Argyro, 2017. "Analyzing the determinants of terrorist attacks and their market reactions," Economic Analysis and Policy, Elsevier, vol. 54(C), pages 57-73.
    9. Argenti, Francesca & Landucci, Gabriele & Reniers, Genserik & Cozzani, Valerio, 2018. "Vulnerability assessment of chemical facilities to intentional attacks based on Bayesian Network," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 515-530.
    10. Chen, Chao & Reniers, Genserik & Khakzad, Nima, 2019. "Integrating safety and security resources to protect chemical industrial parks from man-made domino effects: A dynamic graph approach," Reliability Engineering and System Safety, Elsevier, vol. 191(C).
    11. Grant, Matthew J. & Stewart, Mark G., 2017. "Modelling improvised explosive device attacks in the West – Assessing the hazard," Reliability Engineering and System Safety, Elsevier, vol. 165(C), pages 345-354.
    12. Hausken, Kjell, 2021. "The precautionary principle as multi-period games where players have different thresholds for acceptable uncertainty," Reliability Engineering and System Safety, Elsevier, vol. 206(C).
    13. Jaspersen, Johannes G. & Montibeller, Gilberto, 2020. "On the learning patterns and adaptive behavior of terrorist organizations," European Journal of Operational Research, Elsevier, vol. 282(1), pages 221-234.
    14. Kjell Hausken, 2020. "Game theoretic analysis of ideologically biased clickbait or fake news and real news," Operations Research and Decisions, Wroclaw University of Science and Technology, Faculty of Management, vol. 30(2), pages 39-57.
    15. Halkos, George & Zisiadou, Argyro, 2016. "Exploring the effect of terrorist attacks on markets," MPRA Paper 71877, University Library of Munich, Germany.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:ordeca:v:15:y:2018:i:2:p:90-109. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.