Cyber security: Influence of patching vulnerabilities on the decision-making of hackers and analysts

Zahid Maqbool, V. Pammi, V. Dutt
{"title":"Cyber security: Influence of patching vulnerabilities on the decision-making of hackers and analysts","authors":"Zahid Maqbool, V. Pammi, V. Dutt","doi":"10.1109/CyberSA.2018.8551421","DOIUrl":null,"url":null,"abstract":"Patching of vulnerabilities on computer systems by analysts enables us to protect these systems from cyber-attacks. However, even after patching, the computer systems may still be vulnerable to cyber-attacks as the patching process may not be foolproof. Currently, little is known about how hacker’s attack actions would be influenced by the varying effectiveness of the patching process. The primary objective of this study was to investigate the influence of the patching process on the attack-and-defend decisions of hackers and analysts. In this study, we used a 2-player zero-sum stochastic Markov security game in a lab-based experiment involving participants performing as hackers and analysts. In the experiment, participants were randomly assigned to two between-subjects patching conditions: effective (N = 50) and less-effective (N = 50). In effective patching, the probability of the network to be in a non-vulnerable state was 90% after patching by the analyst; whereas, in less-effective patching, the probability of the network to be in the non-vulnerable state was 50% after patching by the analyst. Results revealed that the proportion of attack and defend actions were similar between effective and less-effective conditions. Furthermore, although the proportion of defend actions were similar between vulnerable and non-vulnerable states, the proportion of attack actions were smaller in the non-vulnerable state compared to the vulnerable state. A majority of time, both players deviated significantly from their Nash equilibria in different conditions and states. We highlight the implications of our results for patching and attack actions in computer networks.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2018.8551421","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Patching of vulnerabilities on computer systems by analysts enables us to protect these systems from cyber-attacks. However, even after patching, the computer systems may still be vulnerable to cyber-attacks as the patching process may not be foolproof. Currently, little is known about how hacker’s attack actions would be influenced by the varying effectiveness of the patching process. The primary objective of this study was to investigate the influence of the patching process on the attack-and-defend decisions of hackers and analysts. In this study, we used a 2-player zero-sum stochastic Markov security game in a lab-based experiment involving participants performing as hackers and analysts. In the experiment, participants were randomly assigned to two between-subjects patching conditions: effective (N = 50) and less-effective (N = 50). In effective patching, the probability of the network to be in a non-vulnerable state was 90% after patching by the analyst; whereas, in less-effective patching, the probability of the network to be in the non-vulnerable state was 50% after patching by the analyst. Results revealed that the proportion of attack and defend actions were similar between effective and less-effective conditions. Furthermore, although the proportion of defend actions were similar between vulnerable and non-vulnerable states, the proportion of attack actions were smaller in the non-vulnerable state compared to the vulnerable state. A majority of time, both players deviated significantly from their Nash equilibria in different conditions and states. We highlight the implications of our results for patching and attack actions in computer networks.
网络安全:修补漏洞对黑客和分析师决策的影响
通过分析人员修补计算机系统的漏洞,使我们能够保护这些系统免受网络攻击。然而,即使打了补丁,电脑系统仍可能容易受到网络攻击,因为打补丁的过程可能不是万无一失的。目前,黑客的攻击行为如何受到补丁程序不同有效性的影响尚不清楚。本研究的主要目的是调查补丁过程对黑客和分析师的攻击和防御决策的影响。在这项研究中,我们在一个基于实验室的实验中使用了一个2人零和随机马尔可夫安全博弈,参与者分别扮演黑客和分析师。在实验中,参与者被随机分配到两种受试者之间的补丁条件:有效(N = 50)和不有效(N = 50)。在有效修补中,分析师修补后网络处于非脆弱状态的概率为90%;而在效率较低的修补中,分析师修补后网络处于非脆弱状态的概率为50%。结果显示,在有效和无效条件下,攻击和防御动作的比例相似。此外,尽管防御行为的比例在脆弱状态和非脆弱状态之间相似,但攻击行为的比例在非脆弱状态下比在脆弱状态下要小。大多数时候,双方在不同的条件和状态下都明显偏离了他们的纳什均衡。我们强调了我们的结果对计算机网络中的补丁和攻击行动的影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信