Most current models of interdependent security decision-making do not explicitly account for the concept of variable loss. In these models, entities either incur some fixed loss when infected or they do not - There is no in-between. Contrary to this, there are a large number of scenarios where the eventual harm caused by a successful attack might vary substantially (e.g., if a web server is attacked, it could be taken offline, it could be used to host illegal content, or it could be used as part of a botnet). This paper introduces the concept of a loss profile in order to capture the notion of variable loss. We exemplify our approach by modelling a simple interdependent network security scenario. We further show how behavioural biases such as ignorance to low probability events, can be effectively modelled with the concept of loss profiles.
|Original language||English (US)|
|Number of pages||12|
|Journal||International Journal of Internet Technology and Secured Transactions|
|State||Published - 2014|
All Science Journal Classification (ASJC) codes
- Computer Science Applications
- Computer Networks and Communications