This study describes a three-player cyber security game involving an attacker, a defender, and a user. An attacker must choose to attack the defender or the user or to forego an attack altogether. Conversely, defender (e.g., system administrator) and user (e.g., individual system user) must choose between either a “standard” or “enhanced” security level. Deterrence is operationalized as a decision by an attacker to forego an attack. We conducted two behavioral experiments in which players were assigned to the cyber attacker role over multiple rounds of a security game and were incentivized based on their performance. The defender and user’s decisions were based on a joint probability distribution over their two options known to the attacker. Coordination between the defender and user is manipulated via the joint probability distribution. Results indicate that attacker deterrence is influenced by coordination between defender and user.
CITATION STYLE
Cui, J., Rosoff, H., & John, R. S. (2017). Deterrence of Cyber Attackers in a Three-Player Behavioral Game. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10575 LNCS, pp. 418–436). Springer Verlag. https://doi.org/10.1007/978-3-319-68711-7_22
Mendeley helps you to discover research relevant for your work.