A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware

Rudra Prasad Baksi; Shambhu Upadhyaya

doi:10.1007/978-3-031-37807-2_6

A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware

Rudra Prasad Baksi
, Shambhu Upadhyaya

Department of Computer Science and Engineering

Illinois State University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Recently, ransomware attacks have become widespread and are causing unprecedented damage to cyber-physical systems. Although there are various types of ransomware, this paper focuses on a generic version and analyzes it using game theory. When attacked, victims are often faced with the dilemma of deciding whether or not to pay a ransom. To assist victims in making this decision, we develop a game-theoretic model that examines the attack environment and determines the conditions under which the defender has an advantage in neutralizing the attack. We introduce two new parameters to the game model to aid in decision-making when confronted with a ransomware attack. Additionally, we present game models that depict both rational and irrational attacker behavior. We perform a sensitivity analysis on the game model in cases where the attacker behaves rationally, and demonstrate the impact of the parameters on the decision-making process and equilibrium strategies. Ultimately, we explore how the model’s outcomes can assist defenders in designing an effective defense system to prevent and mitigate future attacks of a similar nature. This also, prepares the ground for analysis of more advanced form of malware.

Original language	English
Title of host publication	Information Systems Security and Privacy - 7th International Conference, ICISSP 2021, and 8th International Conference, ICISSP 2022, Revised Selected Papers
Editors	Paolo Mori, Gabriele Lenzini, Steven Furnell
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	104-124
Number of pages	21
ISBN (Print)	9783031378065
DOIs	https://doi.org/10.1007/978-3-031-37807-2_6
State	Published - 2023
Event	7th and 8th International Conferences on Information Systems Security and Privacy, ICISSP 2021 and ICISSP 2022 - Virtual, Online Duration: Feb 9 2022 → Feb 11 2022

Publication series

Name	Communications in Computer and Information Science
Volume	1851 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	7th and 8th International Conferences on Information Systems Security and Privacy, ICISSP 2021 and ICISSP 2022
City	Virtual, Online
Period	02/9/22 → 02/11/22

Keywords

Computer security
Cryptography
Cybersecurity
Game theory
Ransomware

Access to Document

10.1007/978-3-031-37807-2_6

Cite this

Baksi, R. P., & Upadhyaya, S. (2023). A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware. In P. Mori, G. Lenzini, & S. Furnell (Eds.), Information Systems Security and Privacy - 7th International Conference, ICISSP 2021, and 8th International Conference, ICISSP 2022, Revised Selected Papers (pp. 104-124). (Communications in Computer and Information Science; Vol. 1851 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-37807-2_6

Baksi, Rudra Prasad ; Upadhyaya, Shambhu. / A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware. Information Systems Security and Privacy - 7th International Conference, ICISSP 2021, and 8th International Conference, ICISSP 2022, Revised Selected Papers. editor / Paolo Mori ; Gabriele Lenzini ; Steven Furnell. Springer Science and Business Media Deutschland GmbH, 2023. pp. 104-124 (Communications in Computer and Information Science).

@inproceedings{b349b76915664aa687a5ae6a26edfa61,

title = "A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware",

abstract = "Recently, ransomware attacks have become widespread and are causing unprecedented damage to cyber-physical systems. Although there are various types of ransomware, this paper focuses on a generic version and analyzes it using game theory. When attacked, victims are often faced with the dilemma of deciding whether or not to pay a ransom. To assist victims in making this decision, we develop a game-theoretic model that examines the attack environment and determines the conditions under which the defender has an advantage in neutralizing the attack. We introduce two new parameters to the game model to aid in decision-making when confronted with a ransomware attack. Additionally, we present game models that depict both rational and irrational attacker behavior. We perform a sensitivity analysis on the game model in cases where the attacker behaves rationally, and demonstrate the impact of the parameters on the decision-making process and equilibrium strategies. Ultimately, we explore how the model{\textquoteright}s outcomes can assist defenders in designing an effective defense system to prevent and mitigate future attacks of a similar nature. This also, prepares the ground for analysis of more advanced form of malware.",

keywords = "Computer security, Cryptography, Cybersecurity, Game theory, Ransomware",

author = "Baksi, \{Rudra Prasad\} and Shambhu Upadhyaya",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 7th and 8th International Conferences on Information Systems Security and Privacy, ICISSP 2021 and ICISSP 2022 ; Conference date: 09-02-2022 Through 11-02-2022",

year = "2023",

doi = "10.1007/978-3-031-37807-2\_6",

language = "English",

isbn = "9783031378065",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "104--124",

editor = "Paolo Mori and Gabriele Lenzini and Steven Furnell",

booktitle = "Information Systems Security and Privacy - 7th International Conference, ICISSP 2021, and 8th International Conference, ICISSP 2022, Revised Selected Papers",

address = "Germany",

}

Baksi, RP & Upadhyaya, S 2023, A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware. in P Mori, G Lenzini & S Furnell (eds), Information Systems Security and Privacy - 7th International Conference, ICISSP 2021, and 8th International Conference, ICISSP 2022, Revised Selected Papers. Communications in Computer and Information Science, vol. 1851 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 104-124, 7th and 8th International Conferences on Information Systems Security and Privacy, ICISSP 2021 and ICISSP 2022, Virtual, Online, 02/9/22. https://doi.org/10.1007/978-3-031-37807-2_6

A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware. / Baksi, Rudra Prasad; Upadhyaya, Shambhu.
Information Systems Security and Privacy - 7th International Conference, ICISSP 2021, and 8th International Conference, ICISSP 2022, Revised Selected Papers. ed. / Paolo Mori; Gabriele Lenzini; Steven Furnell. Springer Science and Business Media Deutschland GmbH, 2023. p. 104-124 (Communications in Computer and Information Science; Vol. 1851 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware

AU - Baksi, Rudra Prasad

AU - Upadhyaya, Shambhu

PY - 2023

Y1 - 2023

N2 - Recently, ransomware attacks have become widespread and are causing unprecedented damage to cyber-physical systems. Although there are various types of ransomware, this paper focuses on a generic version and analyzes it using game theory. When attacked, victims are often faced with the dilemma of deciding whether or not to pay a ransom. To assist victims in making this decision, we develop a game-theoretic model that examines the attack environment and determines the conditions under which the defender has an advantage in neutralizing the attack. We introduce two new parameters to the game model to aid in decision-making when confronted with a ransomware attack. Additionally, we present game models that depict both rational and irrational attacker behavior. We perform a sensitivity analysis on the game model in cases where the attacker behaves rationally, and demonstrate the impact of the parameters on the decision-making process and equilibrium strategies. Ultimately, we explore how the model’s outcomes can assist defenders in designing an effective defense system to prevent and mitigate future attacks of a similar nature. This also, prepares the ground for analysis of more advanced form of malware.

AB - Recently, ransomware attacks have become widespread and are causing unprecedented damage to cyber-physical systems. Although there are various types of ransomware, this paper focuses on a generic version and analyzes it using game theory. When attacked, victims are often faced with the dilemma of deciding whether or not to pay a ransom. To assist victims in making this decision, we develop a game-theoretic model that examines the attack environment and determines the conditions under which the defender has an advantage in neutralizing the attack. We introduce two new parameters to the game model to aid in decision-making when confronted with a ransomware attack. Additionally, we present game models that depict both rational and irrational attacker behavior. We perform a sensitivity analysis on the game model in cases where the attacker behaves rationally, and demonstrate the impact of the parameters on the decision-making process and equilibrium strategies. Ultimately, we explore how the model’s outcomes can assist defenders in designing an effective defense system to prevent and mitigate future attacks of a similar nature. This also, prepares the ground for analysis of more advanced form of malware.

KW - Computer security

KW - Cryptography

KW - Cybersecurity

KW - Game theory

KW - Ransomware

UR - https://www.scopus.com/pages/publications/85169002003

U2 - 10.1007/978-3-031-37807-2_6

DO - 10.1007/978-3-031-37807-2_6

M3 - Conference contribution

AN - SCOPUS:85169002003

SN - 9783031378065

T3 - Communications in Computer and Information Science

SP - 104

EP - 124

BT - Information Systems Security and Privacy - 7th International Conference, ICISSP 2021, and 8th International Conference, ICISSP 2022, Revised Selected Papers

A2 - Mori, Paolo

A2 - Lenzini, Gabriele

A2 - Furnell, Steven

PB - Springer Science and Business Media Deutschland GmbH

T2 - 7th and 8th International Conferences on Information Systems Security and Privacy, ICISSP 2021 and ICISSP 2022

Y2 - 9 February 2022 through 11 February 2022

ER -

Baksi RP, Upadhyaya S. A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware. In Mori P, Lenzini G, Furnell S, editors, Information Systems Security and Privacy - 7th International Conference, ICISSP 2021, and 8th International Conference, ICISSP 2022, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2023. p. 104-124. (Communications in Computer and Information Science). doi: 10.1007/978-3-031-37807-2_6