TY - GEN
T1 - Mitigating covert compromises
T2 - 9th International Conference on Web and Internet Economics, WINE 2013
AU - Laszka, Aron
AU - Johnson, Benjamin
AU - Grossklags, Jens
PY - 2013
Y1 - 2013
N2 - Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two main types: targeted and non-targeted attacks. Targeted attacks include, for example, cyberespionage, while non-targeted attacks include botnet recruitment. We are concerned with the subclass of these attacks for which detection is too costly or technically infeasible given the capabilities of a typical organization. As a result, defenders have to mitigate potential damages under a regime of incomplete information. A primary mitigation strategy is to reset potentially compromised resources to a known safe state, for example, by reinstalling computer systems, and changing passwords or cryptographic private keys. In a game-theoretic framework, we study the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks. Our work has practical implications for the definition of security policies, in particular, for password and key renewal schedules.
AB - Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two main types: targeted and non-targeted attacks. Targeted attacks include, for example, cyberespionage, while non-targeted attacks include botnet recruitment. We are concerned with the subclass of these attacks for which detection is too costly or technically infeasible given the capabilities of a typical organization. As a result, defenders have to mitigate potential damages under a regime of incomplete information. A primary mitigation strategy is to reset potentially compromised resources to a known safe state, for example, by reinstalling computer systems, and changing passwords or cryptographic private keys. In a game-theoretic framework, we study the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks. Our work has practical implications for the definition of security policies, in particular, for password and key renewal schedules.
KW - Computer Security
KW - Covert Compromise
KW - Game Theory
KW - Non-Targeted Attacks
KW - Targeted Attacks
UR - http://www.scopus.com/inward/record.url?scp=84893093420&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-45046-4_26
DO - 10.1007/978-3-642-45046-4_26
M3 - Conference contribution
AN - SCOPUS:84893093420
SN - 9783642450457
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 319
EP - 332
BT - Web and Internet Economics - 9th International Conference, WINE 2013, Proceedings
Y2 - 11 December 2013 through 14 December 2013
ER -