Team for Research in
Ubiquitous Secure Technology

Colonel Blotto in the Phishing War
Pern Hui Chia, John Chuang

Citation
Pern Hui Chia, John Chuang. "Colonel Blotto in the Phishing War". Lecture Notes in Computer Science, GameSec 2011, Springer, pp.201-218, 2012.

Abstract
Phishing exhibits characteristics of asymmetric conflict and guerrilla warfare. Phishing sites, upon detection, are subject to removal by takedown specialists. In response, phishers create large numbers of new phishing attacks to evade detection and stretch the resources of the defenders. We propose the Colonel Blotto Phishing (CBP) game, a two-stage Colonel Blotto game with endogenous dimensionality and detection probability. We find that the optimal number of new phishes to create, from the attacker’s perspective, is influenced by the degree of resource asymmetry, the cost of new phishes, and the probability of detection. Counter-intuitively, we find that it is the less resourceful attacker who would create more phishing attacks in equilibrium. And depending on the detection probability, an attacker will vary his strategies to either create even more phishes, or to focus on raising his resources to increase the chance he will extend the lifetime of his phishes. We discuss the implications to anti-phishing strategies and point out that the game is also applicable to web security problems more generally.

Electronic downloads

Citation formats  
  • HTML
    Pern Hui Chia, John Chuang. <a
    href="http://www.truststc.org/pubs/866.html"
    >Colonel Blotto in the Phishing War</a>, Lecture
    Notes in Computer Science, GameSec 2011, Springer,
    pp.201-218, 2012.
  • Plain text
    Pern Hui Chia, John Chuang. "Colonel Blotto in the
    Phishing War". Lecture Notes in Computer Science,
    GameSec 2011, Springer, pp.201-218, 2012.
  • BibTeX
    @inproceedings{ChiaChuang12_ColonelBlottoInPhishingWar,
        author = {Pern Hui Chia and John Chuang},
        title = {Colonel Blotto in the Phishing War},
        booktitle = {Lecture Notes in Computer Science, GameSec 2011},
        organization = {Springer},
        pages = {pp.201-218},
        year = {2012},
        abstract = {Phishing exhibits characteristics of asymmetric
                  conflict and guerrilla warfare. Phishing sites,
                  upon detection, are subject to removal by takedown
                  specialists. In response, phishers create large
                  numbers of new phishing attacks to evade detection
                  and stretch the resources of the defenders. We
                  propose the Colonel Blotto Phishing (CBP) game, a
                  two-stage Colonel Blotto game with endogenous
                  dimensionality and detection probability. We find
                  that the optimal number of new phishes to create,
                  from the attacker’s perspective, is influenced
                  by the degree of resource asymmetry, the cost of
                  new phishes, and the probability of detection.
                  Counter-intuitively, we find that it is the less
                  resourceful attacker who would create more
                  phishing attacks in equilibrium. And depending on
                  the detection probability, an attacker will vary
                  his strategies to either create even more phishes,
                  or to focus on raising his resources to increase
                  the chance he will extend the lifetime of his
                  phishes. We discuss the implications to
                  anti-phishing strategies and point out that the
                  game is also applicable to web security problems
                  more generally. },
        URL = {http://www.truststc.org/pubs/866.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.