How loss profiles reveal behavioural biases in interdependent security decisions

Alan Nochenson, Jens Grossklags, C. F.Larry Heimann

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


Most current models of interdependent security decision-making do not explicitly account for the concept of variable loss. In these models, entities either incur some fixed loss when infected or they do not - There is no in-between. Contrary to this, there are a large number of scenarios where the eventual harm caused by a successful attack might vary substantially (e.g., if a web server is attacked, it could be taken offline, it could be used to host illegal content, or it could be used as part of a botnet). This paper introduces the concept of a loss profile in order to capture the notion of variable loss. We exemplify our approach by modelling a simple interdependent network security scenario. We further show how behavioural biases such as ignorance to low probability events, can be effectively modelled with the concept of loss profiles.

Original languageEnglish
Pages (from-to)105-116
Number of pages12
JournalInternational Journal of Internet Technology and Secured Transactions
Issue number2
StatePublished - 2014
Externally publishedYes


  • Behavioural bias
  • Interdependencies
  • Low probability events
  • Networks
  • Security
  • Variable loss


Dive into the research topics of 'How loss profiles reveal behavioural biases in interdependent security decisions'. Together they form a unique fingerprint.

Cite this