Home Publications

Crime Pays if You Are Only an Average Hacker

Research Area: Uncategorized Year: 2012
Type of Publication: In Proceedings
  • Shim, Woohyun
  • Allodi, Luca
  • Massacci, Fabio
Book title: Proceedings of IEEE/ASE 2012 Cyber Security Conference
partner: UNITN; project: NESSoS; no tier; citation: 1
This study investigates the effects of incentive and deterrence strategies that might turn a security researcher into a malware writer, or vice versa. By using a simple game theoretic model, we illustrate how hackers maximize their expected utility. Furthermore, our simulation models show how hackers' malicious activities are affected by changes in strategies employed by defenders. Our results indicate that, despite the manipulation of strategies, average-skilled hackers have incentives to participate in malicious activities, whereas highly skilled hackers who have high probability of getting maximum payoffs from legal activities are more likely to participate in legitimate ones. Lastly, according on our findings, we found that reactive strategies are more effective than proactive strategies in discouraging hackers' malicious activities.