||Rational Theory of Information Security Battle: Economic Analysis of Preemptive Behavior
Goto, Makoto ,
Discussion Paper, Series A
31 , 2016-06 , Graduate School of Economics and Business Administration, Hokkaido University
We develop a model of a zero-sum information security game by introducing a reward function (called P-function) for cyber attackers into the models of Gordon and Leob (2002) and Tatsumi and Goto (2010). Then the preemptive behavior of cyber attackers or defenders is analyzed. The derivation of the optimal behavior is based on a real options theory and the properties are numerically calculated.
Through our numerical analysis cyber attackers are turned out to be rational in the sense that they are very sensitive and quickly respond to both the monetary gain that they will obtain and the vulnerability of defenders. We further observe among others that, in many cases, defenders can optimally preempt. However, this is because attackers have no incentive to attack targets with a small monetary gain.