The Work-Averse Cyber Attacker Model: Theory and Evidence From Two Million Attack Signatures

36 Pages Posted: 1 Nov 2016 Last revised: 28 Jun 2017

See all articles by Luca Allodi

Luca Allodi

Eindhoven University of Technology

Fabio Massacci

DISI - University of Trento

Julian M. Williams

Durham Business School

Date Written: June 27, 2017

Abstract

A common conceit is that the typical cyber attacker is assumed to be all powerful and able to exploit all possible vulnerabilities with almost equal likelihood. In this paper we present, and empirically validate, a novel and more realistic attacker model. The intuition of our model is that a mass attacker will optimally choose whether to act and weaponize a new vulnerability, or keep using existing toolkits if there are enough vulnerable users. The model predicts that mass attackers may i) exploit only one vulnerability per software version, ii) include only vulnerabilities with low attack complexity, and iii) be slow at introducing new vulnerabilities into their arsenal. We empirically test these predictions by conducting a natural experiment for data collected on attacks against more than one million real systems by Symantec’s WINE platform. Our analysis shows that mass attackers fixed costs are indeed significant and that substantial efficiency gains can be made by individuals and organizations by accounting for this effect.

Keywords: Cyber Security, Dynamic Programming, Malware Production, Risk Management

JEL Classification: C61, C9, D9, L5

Suggested Citation

Allodi, Luca and Massacci, Fabio and Williams, Julian M., The Work-Averse Cyber Attacker Model: Theory and Evidence From Two Million Attack Signatures (June 27, 2017). Available at SSRN: https://ssrn.com/abstract=2862299 or http://dx.doi.org/10.2139/ssrn.2862299

Luca Allodi (Contact Author)

Eindhoven University of Technology ( email )

De Zaale
Eindhoven, Eindhoven 5600MB
Netherlands

Fabio Massacci

DISI - University of Trento ( email )

Via Sommarive 9
Trento, Trento 38123
Italy

HOME PAGE: http://www.massacci.org

Julian M. Williams

Durham Business School ( email )

Mill Hill Lane
Durham, Durham DH1 3LB
United Kingdom

Register to save articles to
your library

Register

Paper statistics

Downloads
113
rank
236,814
Abstract Views
667
PlumX Metrics