• No results found

Attack and defense. 2nd ATE Symposium University of New South Wales Business School December, 2014

N/A
N/A
Protected

Academic year: 2021

Share "Attack and defense. 2nd ATE Symposium University of New South Wales Business School December, 2014"

Copied!
24
0
0

Loading.... (view fulltext now)

Full text

(1)

Attack and defense

Simona Fabrizi1 Steffen Lippert2 Jos´e Rodrigues-Neto3

1Massey University 2University of Auckland 3Australian National University

2nd ATE Symposium

University of New South Wales Business School December, 2014

(2)

This talk

http://uvmzombies.blogspot.com.au/2013/02/computer-zombies.html

(3)

Botnets

Sophisticated distributed systems comprising millions of computers with decentralized control.

→ Network of “zombie” computers infected with malicious programs

(“malware”) that allows criminals (“botnet herders”) to control the infected machines remotely without the users’ knowledge.

Used to

I execute Distributed Denial of Service (DDoS) attacks.

I harvest credit card information, personal data, financial information, email passwords, etc.

I carry out phishing attacks, send out spam, carry out search engine spam, install adware, engage in click fraud.

Sometimes they are leased out to others, who use them for the above causes. If you have a pulse, you’re a target. Anybody’s information has a value. Any, even “non-sensitive”, information is valuable. Names, addresses, contacts can be monetized, e.g., sold for social phishing attacks.

(4)

Botnets

There is a well-organized industry behind this with advertised prices for both outputs (e.g., credit card information) and inputs (e.g., malware-as-a-service).

I Prices that depend on quality.

I Try-before-you-buy offers.

I Bulk offers.

I “Google Analytics” for the bad guys, etc.

Some organizations behind this are really big.

Example (Rock Phish)

I High-tech phishing. Practically undetectable & unblacklistable.

I Huge: Peter Gutmann (UoA) estimates US$0.5 – US$1B/year revenue.

I Scary: Joseph Menn writes about Rock Phish as organized crime, including kidnapping of anti-crime investigator’s daughter.

(5)

Protection

Some targeted at large institutions: Companies offer banks and other

organizations likely to suffer from phishing attacks round-the-clock services to monitor, analyze, assist in shutting down phishing websites, or to implement two-factor authorization, which is being used increasingly.

Some targeted at end-users: Spam filters target phishing email, firewalls, switches, routers.

Properties of protection

I It is privately costly to invest in protection.

I There are positive externalities from investing in protection.

I It affects the optimal choice of attackers.

(6)

Biological attacks

Some features of malware attacks are present in biological attacks:

I Contagion. Possibility to protect. Externalities of protection. Indirect effects through choices of attackers.

(7)

The project

Try to understand more of the Economics underlying the malware economy, including the impact of market power.

Build stylized models of attack and defense with heterogenous populations of defenders and attackers.

(8)

Model

(9)

Model

Populations

Continuum of attackers in populationI, massµ >0. Choose whether to

attack.

Continuum of defenders in populationJ, unit mass. Decide whether to pay

for protection against attacks or risk suffering loss from attack.

Attack is successful if and only if the defender did not pay for protection. Attackers cannot observe whether defender has protection.

(10)

Attackers

Attackeri obtains payoff ofxi from a successfuldirectattack.

xi is continuously, atomless distributed, CDFFX,FX(+∞) = 1.

Attackeri also obtains payoff ofxi fromindirectattacks on all unprotected

defenders his target is connected to during the attack. Abstract from exact process for now.

(11)

Attackers

Utility of not attacking is

Ui(no attack) = 0.

Let mass of defenders not taking protection beλ∈[0,1].

Model expected utility of attacking as

Ui(attack) =α(λ)xi+β(λ),

α(λ) positive and increasing;−β(λ) positive and increasing.

(12)

Attackers

Attack if

Ui(attack) =α(λ)xi+β(λ)>0 =Ui(no attack)

or

xi>

−β(λ)

α(λ) .

Increase inλmeans fewer protected defenders, should make attack more

profitable d dλ −β(λ) α(λ) ≤0.

Proportion of attackers choosing not to attack:

χ=FX −β(λ) α(λ) .

(13)

Defenders

Defenders have a choice between cost of protection and the chance of suffering a loss.

Denote the loss if she is directly attacked and does not have protection by

Sj >0.

Sj is continuously, atomless distributed, CDFFS,FS(+∞) = 1.

Cost of protectionc(χ)>0 with c0(χ)≤0.

(14)

Defenders

Utility if invested in protection

Vj(protection) =−c(χ).

Fraction and mass of attackers that choose attack: 1−χandµ(1−χ).

Attackers do not target; there may be indirect attacks; abstract from exact process for now.

Expected utility of an unprotected defender

Vj(no protection) =δ(χ)(−Sj).

δ(χ) is positive, decreasing, withδ(1) = 0 and ∀χ= 1,6 δ(χ)∈]0,1] .

(15)

Defenders

Invest in protection if

Vj(protection) =−c(χ)> δ(χ)(−Sj) =Vj(no protection)

or

Sj>

c(χ)

δ(χ). Mass of unprotected defenders:

λ=FL c(χ) δ(χ) .

(16)

Equilibrium self-protection

(17)

Equilibrium self-protection

Proposition

Suppose that c(χ)>0, for everyχ. Suppose thatβ(λ)6= 0for allλ,α(0) = 0

andα(λ)>0 for allλ >0. Suppose FX

β(1)

α(1)

<1. Then, the game has a unique Nash equilibrium such that0< λ∗<1and0≤χ∗<1. Moreover:

χ∗ = FX β(λ) α(λ∗) , λ∗ = FS c(χ) δ(χ∗) .

α(0) = 0 means attackers cannot gain anything from attacking if all

defenders are protected.

FX

β(1)

α(1)

<1 means if no defenders protect, then there must be some

active attackers.

(18)

Equilibrium self-protection

α(0) = 0 would not apply if protection was not perfect. Indeed, our

formulation allows for less than full protection. Thenc would combine the

price paid for partial protection with the expected damage from successful attacks.

Denotec= ddcχχc andδ= ddχδ χδ.

Proposition

Suppose that c(χ)>0 for allχ, andα(λ)6= 0andβ(λ)6= 0 for allλ. Suppose FX

β(1)

α(1)

<1. Then, the game has a Nash equilibrium. This Nash equilibrium is unique ifc ≥δ, for allχ. In this equilibrium, a proportionχ∗ of attackers do

not attack and a proportionλ∗ of defenders do not pay for protection (as defined above). This equilibrium is such that0< λ∗<1 and0≤χ∗<1.

(19)

Equilibrium self-protection

Inefficiency of equilibrium self-protection

Marginal defender’s choice to invest in protection lowers the mass of active attackers.

→ Positive externality onto other unprotected defenders.

→ Ifdc/dχ <0 also positive externality onto other protected defenders.

(20)

Market for protection

(21)

Market for protection

Assume protection is sold at a pricep.

Given the above propositions, for anyp, there exists a unique equilibrium with

χ∗=FX −β(λ∗) α(λ∗) , λ∗=FS p δ(χ∗) .

Demand for protection: D(p) = 1−λ∗. Under reasonable assumptions on

δ(χ) and α(λ),D(p) andχ∗ are decreasing inp.

(22)

Market for protection

Assume price-taking firms that provide protection to a measureqof

defenders incur a costC(q, χ∗) =qc(χ∗).

Then, the allocation in the competitive equilibrium coincides with that in self-protection.

There is too little protection.

(23)

Welfare loss with market power

A monopolist would incurC(1−λ∗, χ∗) = (1−λ∗)c(χ∗). Price decrease has two effects

d dp[(1−λ ∗)c(χ;ω)] = (1λ) d dχ[c(χ ∗)] d dp[χ ∗] | {z } indirect effect,>0 −c(χ∗)d dp[λ ∗] | {z } direct effect,<0 .

Monopoly solution satisfies

−1 ελ = p−nc(χ∗)−(1−λ∗)ddχ[c(χ∗)]fX(·)ddλ h −β(λ∗) α(λ∗) io p .

(1) Welfare loss from externality onto unprotected defenders is compounded by

monopoly mark-up.

(2) Monopolist internalizes part of the externality: A decrease in the price

increases demand and decreases attacks, making protection cheaper.

(24)

To do

A lot.

Networked defenders and attackers that can distinguish defenders with different connectivity.

I Who will be attacked?

I Who will be protected?

I Relative size of externalities?

I Pricing of protection?

I Cross subsidies between defender groups?

Organised attacker that hires subset of attackers at a price for a DDoS attack.

I How does price for botnet rental depends on decentralized equilibrium?

I How does it change with connectivity and the implied change in protection levels?

I ...

References

Related documents

possessing gender specific risk factors show better prognosis of cerebral venous and sinus thrombosis (CVST) compared to men 5.. One recent study from Indian

Enterprises considering a job-scheduling product should develop specific lists of evaluation criteria, pricing and functional requirements in the traditional areas of date-

• Bank risk management: Deals with the handling of different types of risks faced by the banks, for example, market risk, credit risk, liquidity risk, legal risk, operational

A 78 year-old male with history of coronary artery disease s/p coronary artery bypass grafting, hypertension, and dyslipidemia presents for routine physical examination.. He feels

OPTION 3 – CLICK &amp; COLLECT (online) Available all year round Visit: booklists.ziggies.net.au School-Year Code: TSHSC-9 Password:

calculation of CAPE tendency. This derivation accounts for processes that act to stabilize or destabilize the atmosphere and are not accounted for in a subtraction of CAPE at

Anticipating self-referential feedback has an in fluence on activity emotions (positive for enjoyment, negative for anger); anticipating normative feedback has a positive in fluence

For example, at this conference you will hear about how two countries’ use of INTERPOL’s databases helped us to expose a violent transnational organized crime ring involved in