Inter-Temporal Reward Strategies in the Presence of Strategic Ethical Hackers

IF 3 3区 计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE IEEE/ACM Transactions on Networking Pub Date : 2024-07-08 DOI:10.1109/TNET.2024.3422922
Jing Hou;Xuyu Wang;Amy Z. Zeng
{"title":"Inter-Temporal Reward Strategies in the Presence of Strategic Ethical Hackers","authors":"Jing Hou;Xuyu Wang;Amy Z. Zeng","doi":"10.1109/TNET.2024.3422922","DOIUrl":null,"url":null,"abstract":"A skyrocketing increase in cyber-attacks significantly elevates the importance of secure software development. Companies launch various bug-bounty programs to reward ethical hackers for identifying potential vulnerabilities in their systems before malicious hackers can exploit them. One of the most difficult decisions in bug-bounty programs is appropriately rewarding ethical hackers. This paper develops a model of an inter-temporal reward strategy with endogenous e-hacker behaviors. We formulate a novel game model to characterize the interactions between a software vendor and multiple heterogeneous ethical hackers. The optimal levels of rewards are discussed under different reward strategies. The impacts of ethical hackers’ strategic bug-hoarding and their competitive and collaborative behaviors on the performance of the program are also evaluated. We demonstrate the effectiveness of the inter-temporal reward mechanism in attracting ethical hackers and encouraging early bug reports. Our results indicate that ignoring the ethical hackers’ strategic behaviors could result in setting inappropriate rewards, which may inadvertently encourage them to hoard bugs for higher rewards. In addition, a more skilled e-hacker is more likely to delay their reporting and less motivated to work collaboratively with other e-hackers. Moreover, the vendor gains more from e-hacker collaboration when it could significantly increase the speed or probability of uncovering difficult-to-detect vulnerabilities.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 5","pages":"4427-4440"},"PeriodicalIF":3.0000,"publicationDate":"2024-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE/ACM Transactions on Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10589536/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

A skyrocketing increase in cyber-attacks significantly elevates the importance of secure software development. Companies launch various bug-bounty programs to reward ethical hackers for identifying potential vulnerabilities in their systems before malicious hackers can exploit them. One of the most difficult decisions in bug-bounty programs is appropriately rewarding ethical hackers. This paper develops a model of an inter-temporal reward strategy with endogenous e-hacker behaviors. We formulate a novel game model to characterize the interactions between a software vendor and multiple heterogeneous ethical hackers. The optimal levels of rewards are discussed under different reward strategies. The impacts of ethical hackers’ strategic bug-hoarding and their competitive and collaborative behaviors on the performance of the program are also evaluated. We demonstrate the effectiveness of the inter-temporal reward mechanism in attracting ethical hackers and encouraging early bug reports. Our results indicate that ignoring the ethical hackers’ strategic behaviors could result in setting inappropriate rewards, which may inadvertently encourage them to hoard bugs for higher rewards. In addition, a more skilled e-hacker is more likely to delay their reporting and less motivated to work collaboratively with other e-hackers. Moreover, the vendor gains more from e-hacker collaboration when it could significantly increase the speed or probability of uncovering difficult-to-detect vulnerabilities.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
存在战略性道德黑客时的跨时空奖励策略
网络攻击的急剧增加大大提高了安全软件开发的重要性。公司推出各种漏洞赏金计划,奖励道德黑客在恶意黑客利用漏洞之前发现系统中的潜在漏洞。在漏洞赏金计划中,最困难的决策之一就是适当奖励道德黑客。本文建立了一个具有内生电子黑客行为的跨期奖励策略模型。我们建立了一个新颖的博弈模型来描述软件供应商与多个异质道德黑客之间的互动。我们讨论了不同奖励策略下的最优奖励水平。此外,我们还评估了道德黑客策略性囤积漏洞及其竞争和合作行为对程序性能的影响。我们证明了跨时空奖励机制在吸引道德黑客和鼓励早期漏洞报告方面的有效性。我们的结果表明,忽视道德黑客的策略行为可能会导致设置不恰当的奖励,从而无意中鼓励他们囤积漏洞以获得更高的奖励。此外,技术更高超的电子黑客更有可能延迟报告,与其他电子黑客合作的积极性也会降低。此外,当电子黑客的合作能显著提高发现难以发现的漏洞的速度或概率时,供应商就能从电子黑客的合作中获得更多收益。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IEEE/ACM Transactions on Networking
IEEE/ACM Transactions on Networking 工程技术-电信学
CiteScore
8.20
自引率
5.40%
发文量
246
审稿时长
4-8 weeks
期刊介绍: The IEEE/ACM Transactions on Networking’s high-level objective is to publish high-quality, original research results derived from theoretical or experimental exploration of the area of communication/computer networking, covering all sorts of information transport networks over all sorts of physical layer technologies, both wireline (all kinds of guided media: e.g., copper, optical) and wireless (e.g., radio-frequency, acoustic (e.g., underwater), infra-red), or hybrids of these. The journal welcomes applied contributions reporting on novel experiences and experiments with actual systems.
期刊最新文献
Table of Contents IEEE/ACM Transactions on Networking Information for Authors IEEE/ACM Transactions on Networking Society Information IEEE/ACM Transactions on Networking Publication Information FPCA: Parasitic Coding Authentication for UAVs by FM Signals
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1