Taxonomy of Economical Solutions

A few research works exist in this economic domain, yet this is a whole new environment where attackers are being forced to assert their validity through some analytical work. Such approaches work against the DDoS attacks in a mutual and distributive way. Several facets of an economic approach are the implementation of multiple payment systems, rational allocation of resources, enforcement of fines, competitive resource prices, complex negotiation between costs, and types of resources. Cybersecurity economics (also called information technology economics) uses the concepts of economics to explore cybersecurity. Such concepts include trade-offs faced by industry actors, undertaken under budget constraints. This domain particularly explores the economic concepts and behavioral analysis to study cybersecurity. Therefore, this chapter illuminates significant economic solutions in cyber economics. Further, it discusses some major pricing schemes on the Internet to incentivise the users to send their data wisely into the network.

Сybersecurity economics

The link between the fields of computer science and economics is traced in the literature, where it has been observed that the data breach is mostly due to the presence of disproportionate incentives rather than the absence of sufficient technological protections [1]. Many of the problems exist in terms of obligation and liability for data breaches due to misallocated costs [2]. Table 4.1 shows some of the significant research works in this domain.

Now, we will discuss the pricing strategies and incentivised solutions that prevent users from misbehaving on the Internet.

TABLE 4.1 Significant works in economics of cybersecurity.




Behavioural Analysis

Behavioural cyberattack analysis

• One paper performs an existing botnet infiltration for the analysis of malware [3-6]

conversions. Other work focuses on the psychological attributes of computer scammers or the application of cybercrime analysis (forum interviews of card fraudsters).

Data violations

• This scientific work applies to the violations of a user's private data modelled in the [7] laboratory.


• This work uses experiments to investigate the behaviour of a user towards security [8-11] decisions or the response of a user to the Internet security.

Study on Victim

Monitoring consumer

responses/security flaws

The psychological impact

of identity theft

  • • These studies concentrate on the experiences and reactions of users to cybercrime [12, 13] and polls of people who are vulnerable to phishing.
  • • This work uses discussions/surveys to analyse the dynamics of identity fraud and [14, 15] the psychological and financial effect on victims.

Game Theory-based Solutions

Security investment approaches

Cyber insurance models

  • • These papers analyse interdependent security problems and characterise rational [16, 17] player equilibriums.
  • • Such works examine how cyber insurance impacts IT protection and health of a [18, 19] player, including the requirements for selecting an appropriate insurance. We also examine other risk-sharing frameworks among players.

58 Distributed Denial of Service (DDoS) Attacks

Models for information sharing and data exchange

Attacker-defender models

Botnet economics

  • • Such studies concentrate on how to enhance safety by exchanging information on [20, 21] critical occurrences among contenders.
  • • Total effort game: Program stability relies on all participant collective effort. [22, 23]
  • • Best shot game: Security of a network depends on the maximum effort employed by the participant.
  • • Weakest player game: Security of a system depends on the effort put by the weakest participant in the network.
  • • Network cyber-economics game.
  • • This study formulates the economic models of botnets, i.e., the black-market [24, 25] economy, where there is a demand and supply of compromised systems and

malware services.

Advancements in Methodology

Cybercrime assessment • This study concentrates on the empirical issue of how cybercrime is assessed and [26] quantified.

Other Research

Alerts and asset values • These works examine the consequences of announced data breach on the market [27] of data breach prices of an organisation.

Taxonomy of Economical Solutions 59

60 Distributed Denial of Service (DDoS) Attacks

Pricing Strategies

A defined objective in networking is to cohere all telecommunications services, i.e., voice, video, and data into a common IP platform. This IP platform should be able to meet the different performance standards of a range of applications envisioned, which imply advancements to the best effort service of the current Internet. This platform can be developed by exploring protocols and mechanisms of minimal QoS. Such network must employ pricing schemes that corroborate return on investment for the service providers and sustain as simple and transparent to the end users [28]. Further, Internet traffic pricing can be a reliable solution to the DDoS attacks because it can provide an appropriate QoS during congestion times for heterogeneous applications. An appropriate pricing of resources renders resource allocation problem distributed, i.e., decentralised. However, there always exist disadvantages with some advantages. The major drawback of this pricing scheme lies in the fact that it requires specialised software and hardware for traffic metering and billing process [29]. The primary purpose of any price structure is to make the best use of the available resources and to provide the best possible service to the end user.

During the early 1990s, Cocchi et al. [30] made the first attempt to address the issue of Internet charging and pricing. In 1994, MacKie-Mason and Varian [31] conceived the concept of utilisation of auction frameworks for a best-effort network in “smart businesses.” This work provided the baseline for the introduction of externalities and congestion rates to the Internet. In 1995, Shenker [32] proposed an essential concept focused on a consolidated service model that incorporated both soft and hard-guaranteed services to the users. So, these are some of the initial works that introduced the pricing concept to the Internet users. Now, we will discuss some major pricing schemes.

< Prev   CONTENTS   Source   Next >