Journal of the ACM (JACM)
Machine Learning - Special issue on context sensitivity and concept drift
The Cost of Achieving the Best Portfolio in Hindsight
Mathematics of Operations Research
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Is Finding Security Holes a Good Idea?
IEEE Security and Privacy
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Network Software Security and User Incentives
Management Science
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
Security Decision-Making among Interdependent Organizations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Journal of Management Information Systems
Blue versus Red: Towards a Model of Distributed Security Attacks
Financial Cryptography and Data Security
Design is as easy as optimization
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part I
A learning-based approach to reactive security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Optimal information security investment with penetration testing
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
A learning-based approach to reactive security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Understanding and protecting privacy: formal semantics and principled audit mechanisms
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Hi-index | 0.00 |
Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender’s strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker’s incentives and knowledge.