Cargando…
The Work‐Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures
The assumption that a cyberattacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed cost...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
John Wiley and Sons Inc.
2021
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9543271/ https://www.ncbi.nlm.nih.gov/pubmed/33960506 http://dx.doi.org/10.1111/risa.13732 |
| _version_ | 1784804336456433664 |
|---|---|
| author | Allodi, Luca Massacci, Fabio Williams, Julian |
| author_facet | Allodi, Luca Massacci, Fabio Williams, Julian |
| author_sort | Allodi, Luca |
| collection | PubMed |
| description | The assumption that a cyberattacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed costs of exploit development induce attackers to delay implementation and deployment of exploits of vulnerabilities. The theoretical model predicts that mass attackers will preferably (i) exploit only one vulnerability per software version, (ii) largely include only vulnerabilities requiring low attack complexity, and (iii) be slow at trying to weaponize new vulnerabilities . These predictions are empirically validated on a large data set of observed massed attacks launched against a large collection of information systems. Findings in this article allow cyber risk managers to better concentrate their efforts for vulnerability management, and set a new theoretical and empirical basis for further research defining attacker (offensive) processes. |
| format | Online Article Text |
| id | pubmed-9543271 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2021 |
| publisher | John Wiley and Sons Inc. |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-95432712022-10-14 The Work‐Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures Allodi, Luca Massacci, Fabio Williams, Julian Risk Anal Original Research Articles The assumption that a cyberattacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed costs of exploit development induce attackers to delay implementation and deployment of exploits of vulnerabilities. The theoretical model predicts that mass attackers will preferably (i) exploit only one vulnerability per software version, (ii) largely include only vulnerabilities requiring low attack complexity, and (iii) be slow at trying to weaponize new vulnerabilities . These predictions are empirically validated on a large data set of observed massed attacks launched against a large collection of information systems. Findings in this article allow cyber risk managers to better concentrate their efforts for vulnerability management, and set a new theoretical and empirical basis for further research defining attacker (offensive) processes. John Wiley and Sons Inc. 2021-05-07 2022-08 /pmc/articles/PMC9543271/ /pubmed/33960506 http://dx.doi.org/10.1111/risa.13732 Text en © 2021 The Authors. Risk Analysis published by Wiley Periodicals LLC on behalf of Society for Risk Analysis. https://creativecommons.org/licenses/by/4.0/This is an open access article under the terms of the http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited. |
| spellingShingle | Original Research Articles Allodi, Luca Massacci, Fabio Williams, Julian The Work‐Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures |
| title | The Work‐Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures |
| title_full | The Work‐Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures |
| title_fullStr | The Work‐Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures |
| title_full_unstemmed | The Work‐Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures |
| title_short | The Work‐Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures |
| title_sort | work‐averse cyberattacker model: theory and evidence from two million attack signatures |
| topic | Original Research Articles |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9543271/ https://www.ncbi.nlm.nih.gov/pubmed/33960506 http://dx.doi.org/10.1111/risa.13732 |
| work_keys_str_mv | AT allodiluca theworkaversecyberattackermodeltheoryandevidencefromtwomillionattacksignatures AT massaccifabio theworkaversecyberattackermodeltheoryandevidencefromtwomillionattacksignatures AT williamsjulian theworkaversecyberattackermodeltheoryandevidencefromtwomillionattacksignatures AT allodiluca workaversecyberattackermodeltheoryandevidencefromtwomillionattacksignatures AT massaccifabio workaversecyberattackermodeltheoryandevidencefromtwomillionattacksignatures AT williamsjulian workaversecyberattackermodeltheoryandevidencefromtwomillionattacksignatures |