{"title":"利用脆弱性市场的不确定性","authors":"Z. Li, Qi Liao","doi":"10.1109/ICCCN.2018.8487368","DOIUrl":null,"url":null,"abstract":"Zero-day vulnerabilities pose significant threats in computer and network security, and have attracted attentions in recent years not only to malicious attackers but government and law enforcement users who need to control (e.g., for forensics purpose) the computer systems which otherwise are inaccessible through traditional channels. Based on the observation that vulnerabilities are acquired and traded in a different way than commodities, we study and propose a vulnerability market model by taking into consideration cheating and uncertainty in the market. The paper illustrates the interactions between the vulnerability sellers and buyers in a game theoretic framework. By modeling the economic aspects of the vulnerability market with a focus on information asymmetry and distinctive incentives of malicious and defensive buyers, we propose active and strategic market participation by defenders to obtain vulnerability information from the marketplace in a cost-effective way. Rather than killing the market, defenders can take advantage of the incomplete information feature of the vulnerability market to improve cyber-security. To further maximize the uncertainty, defenders may also play in the supply side of the vulnerability market to provide low or no value vulnerabilities to dilute the market.","PeriodicalId":399145,"journal":{"name":"2018 27th International Conference on Computer Communication and Networks (ICCCN)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Harnessing Uncertainty in Vulnerability Market\",\"authors\":\"Z. Li, Qi Liao\",\"doi\":\"10.1109/ICCCN.2018.8487368\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Zero-day vulnerabilities pose significant threats in computer and network security, and have attracted attentions in recent years not only to malicious attackers but government and law enforcement users who need to control (e.g., for forensics purpose) the computer systems which otherwise are inaccessible through traditional channels. Based on the observation that vulnerabilities are acquired and traded in a different way than commodities, we study and propose a vulnerability market model by taking into consideration cheating and uncertainty in the market. The paper illustrates the interactions between the vulnerability sellers and buyers in a game theoretic framework. By modeling the economic aspects of the vulnerability market with a focus on information asymmetry and distinctive incentives of malicious and defensive buyers, we propose active and strategic market participation by defenders to obtain vulnerability information from the marketplace in a cost-effective way. Rather than killing the market, defenders can take advantage of the incomplete information feature of the vulnerability market to improve cyber-security. To further maximize the uncertainty, defenders may also play in the supply side of the vulnerability market to provide low or no value vulnerabilities to dilute the market.\",\"PeriodicalId\":399145,\"journal\":{\"name\":\"2018 27th International Conference on Computer Communication and Networks (ICCCN)\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 27th International Conference on Computer Communication and Networks (ICCCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2018.8487368\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 27th International Conference on Computer Communication and Networks (ICCCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2018.8487368","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Zero-day vulnerabilities pose significant threats in computer and network security, and have attracted attentions in recent years not only to malicious attackers but government and law enforcement users who need to control (e.g., for forensics purpose) the computer systems which otherwise are inaccessible through traditional channels. Based on the observation that vulnerabilities are acquired and traded in a different way than commodities, we study and propose a vulnerability market model by taking into consideration cheating and uncertainty in the market. The paper illustrates the interactions between the vulnerability sellers and buyers in a game theoretic framework. By modeling the economic aspects of the vulnerability market with a focus on information asymmetry and distinctive incentives of malicious and defensive buyers, we propose active and strategic market participation by defenders to obtain vulnerability information from the marketplace in a cost-effective way. Rather than killing the market, defenders can take advantage of the incomplete information feature of the vulnerability market to improve cyber-security. To further maximize the uncertainty, defenders may also play in the supply side of the vulnerability market to provide low or no value vulnerabilities to dilute the market.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
