<p>Ransomware is one of the most prevalent and unique threats to computer and information security today. Part of what distinguishes ransomware from other malware is the number of decisions made by both the attacker and the defender that are specific to ransomware attacks. Beyond choices about how best to prevent an attack, the defender must make decisions like whether or not to pay the ransom based on the likelihood the attacker will return the data if the ransom is paid. Game theory is used to model this exact type of decision making in order to predict how rational agents will behave given specific choices. Based on the possible outcomes available to each player and the payoffs associated with these outcomes, one can determine the best option at each stage in the game. In this work, our goal is to create a new game theoretical model of the interaction between ransomware attacker and defender that synthesizes and improves upon existing models. Our model takes into account useful assumptions in the existing literature like the presence of a threat of prosecution for the attacker, while adding new insights such as the possibility of the defender’s backup strategy being incomplete or failing. By incorporating these assumptions into our model, we create a framework that allows for the most realistic game theoretical analysis of ransomware to date.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Game Theoretical Model of Ransomware with Imperfect Information

  • Byron Denham,
  • Dale Thompson

摘要

Ransomware is one of the most prevalent and unique threats to computer and information security today. Part of what distinguishes ransomware from other malware is the number of decisions made by both the attacker and the defender that are specific to ransomware attacks. Beyond choices about how best to prevent an attack, the defender must make decisions like whether or not to pay the ransom based on the likelihood the attacker will return the data if the ransom is paid. Game theory is used to model this exact type of decision making in order to predict how rational agents will behave given specific choices. Based on the possible outcomes available to each player and the payoffs associated with these outcomes, one can determine the best option at each stage in the game. In this work, our goal is to create a new game theoretical model of the interaction between ransomware attacker and defender that synthesizes and improves upon existing models. Our model takes into account useful assumptions in the existing literature like the presence of a threat of prosecution for the attacker, while adding new insights such as the possibility of the defender’s backup strategy being incomplete or failing. By incorporating these assumptions into our model, we create a framework that allows for the most realistic game theoretical analysis of ransomware to date.