Abstract
False positive rates and their impacts have been a focal point for information security research. However, most of this research investigates false positives exclusively from the system defender’s perspective, while in reality an attacker also faces the classification decision in identifying feasible targets and the consequences of false positive rates. In this paper, we present the first comprehensive analytical model that incorporates the false positives from both the perspective of the attacker and that of the system defender. Our results show that such false positives from the attacker’s perspective have a significant impact on the attacker’s decision making for an attack, as well as the optimal protection strategy for the defender. Our results help to shed new light on a wide range of diverse information security phenomena such as spam emails, the Nigerian scams, and the design of the honeypot as a security mechanism. In addition, we show how an attacker’s misestimation of a certain parameter would affect the defender’s strategy and how the heterogeneity of the systems impacts the defender’s strategy to manipulate the attacker’s possible misestimation.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
