Crime Pays if you are just an Average Hacker (first version)

Woohyun Shim
Luca Allodi
Fabio Massacci, University of Trento, Povo, Trento - Italy
This study investigates the e ects of incentive and deterrence strategies that might turn a security researcher into a malware writer, or vice versa. By using a simple game theoretic model, we illustrate how hackers maximize their expected utility. Furthermore, our simulation models show how hackers' malicious activities are a ected by changes in strategies employed by defenders. Our results indicate that, despite the manipulation of strategies, average-skilled hackers have incentives to participate in malicious activities, whereas highly skilled hackers who have high probability of getting maximum payo s from legal activities are more likely to participate in legitimate ones. Lastly, according on our ndings, we found that reactive strategies are more e ective than proactive strategies in discouraging hackers' malicious activities.