TY - JOUR
AU1 - Arce, Daniel, G
AB - Abstract This article presents a game-theoretic model of the interaction between malware creators (hackers) and users. Users select and hackers target information technology platforms based upon each platform’s network externalities and security. In equilibrium, a platform’s market share among users and the distribution of malware across platforms are derived endogenously. In particular, a platform’s relative market share is shown to be the square root of the ratio of its competitor’s vulnerability to its own vulnerability. This provides a useful standard for guiding a platform’s security strategy and for characterizing platform competition on the basis of security. It is also consistent with the longstanding empirical folk wisdom that platform leaders must make increasing investments into cybersecurity in order to maintain market share. Introduction Malware, a term that combines malicious with software, refers to a computer infection program designed to compromise, damage, or infiltrate a computer, server, or network without the user’s knowledge or consent, often for profitable gain. Examples of self-replicating malware include viruses and worms. The potential for malware has been recognized since the dawn of personal computing itself. Hiltzik [1] recounts a 1978 episode at Xerox’s revolutionary PARC research facility where an employee created a worm whose code became corrupted and caused scores of desktop computers connected to PARC’s Ethernet to repeatedly crash. While this initial event was an accident, the presence of purposeful malware is an everyday reality. For example, in its annual cost of cybercrime survey, the Ponemon Institute [2] characterized malware as the costliest of all attack vectors (e.g. as compared to malicious insiders, DDoS attacks, malicious code, botnets, etc.).1 In such a high stakes environment it is necessary to understand the strategic incentives facing those who provide security for information technology platforms (e.g. PCs, tablets, smartphones), users who select this technology, and malware that targets users through platforms. Given the effects of malware, it is not surprising that, “today’s leading [information] technology companies are those that have learned to leverage security to promote innovation, grab market share, and enhance brand [loyalty]” [5]. This article presents a game-theoretic model of the interaction between malware creators (hackers) and users. Users select and hackers target information technology platforms based upon each platform’s network externalities and security. In equilibrium, a platform’s market share among users and the distribution of malware across platforms are derived endogenously. In this way, I provide a theoretical characterization of the relationship between a platform’s relative security and its market share that is a useful standard for guiding a platform’s security strategy. The game itself is structured around an existing bifurcated (duopolistic) platform market. Such platform markets include Windows versus Mac OS for PCs, and Android versus iOS for tablets and mobile devices. The presence of one or a few dominant platforms is problematic from a security perspective because under such conditions platform-based attacks can and do cascade across a platform [6]. Within this context, for a given level of platform security, users select a platform and hackers choose a platform as their target. Users benefit from a platform’s network externalities, which themselves are determined by a platform’s market share via Metcalfe’s law. Malware both compromises and takes advantage of the network externalities associated with a platform. In equilibrium, a platform’s relative market share is shown to be the square root of the ratio of its competitor’s vulnerability to its own vulnerability. This establishes an explicit link between security and brand loyalty for information technology companies. Related literature Game theory is a promising tool for analyzing cybersecurity because it constitutes a mathematical framework that results in quantitative decision rules [7]. Indeed, O’Donnell [8] shows that if a platform’s market share is particularly large, then it may be a dominant strategy for hackers to exclusively target the prevalent platform. He gives the following example: suppose that the Mac OS platform has 4% of the PC and laptop market, whereas Windows has 85%. Furthermore, suppose that the Mac OS platform is 80% secure, whereas Windows products are p% secure. All other things being equal, as long as the expected number of Windows users whose security is breached exceeds that of OS users: (1−p)×85 > (1−0.8)×4 ⇒ 99% > p, then hackers will exclusively target Windows-based PCs. In this example, the Windows platform can be much more secure than the Mac OS platform and yet malware exclusively concentrates on the Windows platform owing to Windows’ enormous market share. Windows’ domination makes it the “hackers’ target of choice” [9]. A major difference between O’Donnell’s [8] game theoretic model and the present one is that in O’Donnell market share is taken as given and users’ payoffs are not specified. Consequently, no equilibrium strategy for users is derived. This is because his focus is on the existence of a dominant strategy for hackers, which by definition is independent of users’ actions and their motivations (payoffs). In contrast, in the present analysis market share is endogenously determined from a mixed strategy Nash equilibrium that characterizes the cross-sectional distribution of platforms selected by users. This facilitates a characterization of how a platform’s relative security determines its market share. The characterization is robust across the Nash and Stackelberg equilibria of the game. Florêncio and Herley [10] examine a game in which hackers employ en masse attempts to breach each individual user’s weaknesses (e.g. passwords), rather than weaknesses in a platform’s structure. This produces the novel result that the probability of hacker success is a function of the “summation” of each user’s security effort. The distinction between their model and the present one lies in the difference between spreading and propagative processes of malware diffusion [11]. Florêncio and Herley [10] is a cloud-based spreading model of hacking based on the vulnerabilities of individual users. The transfer of malware takes place between malicious and susceptible nodes, where there is a population of each type of node. Infected notes do not spread malware. In such a spreading process, the coupling between malware and network structure is loose, consistent with a summation technology. In contrast, the focus here is on the vulnerabilities in the platform that are common to all users of that platform. In terms of diffusion, the resulting game is based on a “multiplicative” propagation externality because both the original malicious node and infected nodes are able to contaminate noninfected susceptible nodes. Self-propagating malware such as viruses and worms imply a much tighter coupling between malware diffusion and platform network structure, represented here by a multiplicative relationship between the platform’s vulnerability and its network properties. Given that most malware is designed to exploit operating system holes (vulnerabilities) and bugs [11], market share matters. As the famous bank robber Willie Sutton reportedly explained, he robbed banks, “because that’s where the money is.” Similarly, hackers write malware to target where users are, and this is determined by the market share of a platform. As such, I employ the mixed strategy approach to explaining market share, where the mixed strategy for users in the associated game characterizes the “proportion of users” that select a given platform, thereby endogenously deriving a platform’s market share. A mixed strategy Nash equilibrium (hereafter, MSNE) allows the equilibrium choice of platform to be bifurcated, whereas a pure strategy equilibrium corresponds to a platform monopoly. Similarly, the mixed strategy for hackers characterizes the “proportion of malware” targeting a given platform. These characterizations are consistent with the “mass action” interpretation of MSNE in strategic form games, originally given in Nash’s [12] dissertation. In the mass action interpretation, a MSNE constitutes a cross-sectional distribution over a population of players’ strategies, with a mixture’s value corresponding to the frequency of a strategy within that population. Hence, for the malware-platform game introduced in the following section I focus on the MSNE, with the mass action interpretation of the MSNE characterizing the market share of each platform (the cross-sectional distribution over users) and the proportion of malware that targets a platform (the cross-sectional distribution over hackers). To reiterate, in this article mixtures are not to be interpreted as a strategically random choice made by individual users and hackers. Perhaps the first explicit use of mixed strategies to formally characterize market share in this way is Cornell and Roll [13], who use the MSNE of a securities trading game to derive the proportion of analysts and non-analysts that is consistent with the efficient market hypothesis. More recently, Bendle and Vandenbosch [14] use MSNE to characterize the distribution of firm types (profit-maximizing, competitor-orientated, or reciprocal) within a market. A major difference between these analyses and the present one is that here market share also figures directly into the payoffs of users and hackers. The model The model introduced in this section is based on the recognition that several existing information technology markets are currently bifurcated into essentially two platforms. For example, according to NetMarketShare.com, Windows currently holds approximately 88% of the PC market with Mac’s OS second at 9%.2 For smartphones the breakdown is Android with 70% and iOS with 29%. Accordingly, assuming bifurcated/duopolistic platform competition is consistent with the current reality for PCs, laptops, smartphones, and tablets. Consequently, the process by which user preferences, pricing, and innovation interact to determine the bifurcated outcome of platform competition is taken as given.3 In this way, the focus is on how network externalities and security influence both users’ selection of a platform and facilitate malware’s exploitation of a platform’s market share. The players in this game are users and hackers. Users choose between two platforms and receive benefits from the network externalities associated with a platform. That is, users of a platform receive benefits that increase with the number of users of the platform. The positive network externalities of a platform are offset by the likelihood of malware compromising the platform, as measured by the platform’s security, and the degree to which hacker’s target a platform. At the same time, the greater a platform’s market share, the more benefit a hacker receives from creating malware that targets the platform for any given level of security. The payoffs for users and hackers are determined by their platform’s market share and security. Specifically, let s ∈ (0, 1) ≡ market share of platform 1, with (1− s) ≡ market share of platform 2. p ∈ (0, 1) ≡ security of platform 1; denoting the probability that an attack on platform is 1 unsuccessful, with 1− p denoting platform 1’s vulnerability. q ∈ (0, 1) ≡ security of platform 2 (the probability of successful deterrence), with 1− q denoting platform 2’s vulnerability. v1 = (1− p)/(1− q) ≡ vulnerability ratio of platform 1. v2 = (1− q)/(1− p) ≡ vulnerability ratio of platform 2. To foreshadow, although p and q are taken as given, the properties of the MSNE of the game diagnose the role of security in determining a platform’s market share, as well as provide a novel characterization of how market share and security jointly determine the degree to which a platform is targeted by hackers. The associated game is given in strategic form in Table 1, where a hacker’s strategy is which platform to target and a user’s strategy is which platform to select. The strategic form is consistent with the mass action interpretation of the MSNE derived below. Hackers’ payoffs are a function of the market share of the platform targeted, s or 1−s, because hackers prefer a platform with a larger installed base [15]. The ability to compromise a particular platform is given by the probabilities 1−p and 1−q. Thus, the hacker’s payoffs on the main diagonal of Table 1 are (1−p)s when platform 1 is targeted, and (1−q)(1−s) if the hacker instead targets platform 2. In addition, I assume that there is no substantive cost difference for attacking either platform; hacker targeting is primarily influenced by a platform’s relative security and market share. Another interpretation of this assumption is that because malware is characterized by a self-propagating diffusion process based on a platform’s vulnerability, it is an example of an attack that scales [16]. That is, owing to the potential for cascading, platform-based malware involves a very low, almost negligible, cost per user attacked. Finally, if a hacker targets a platform that is not selected by any user then the hacker’s payoff is normalized to zero, corresponding to the hacker’s off-diagonal payoffs. Table 1: The Platform-Malware Game [s ≡ Market Share of Platform 1] Hackers Target Malware on Users select Platform 1 Platform 2 Platform 1 (1−p)s,ps2N2 0,(1−s)2N2 Platform 2 0,s2N2 (1−q)(1−s),q(1−s)2N2 Hackers Target Malware on Users select Platform 1 Platform 2 Platform 1 (1−p)s,ps2N2 0,(1−s)2N2 Platform 2 0,s2N2 (1−q)(1−s),q(1−s)2N2 N ≡ total number of users across platforms. Table 1: The Platform-Malware Game [s ≡ Market Share of Platform 1] Hackers Target Malware on Users select Platform 1 Platform 2 Platform 1 (1−p)s,ps2N2 0,(1−s)2N2 Platform 2 0,s2N2 (1−q)(1−s),q(1−s)2N2 Hackers Target Malware on Users select Platform 1 Platform 2 Platform 1 (1−p)s,ps2N2 0,(1−s)2N2 Platform 2 0,s2N2 (1−q)(1−s),q(1−s)2N2 N ≡ total number of users across platforms. According to Metcalfe’s law, a user’s value of the network effects specific to a platform is proportional to the square of the number of users of the platform. Given n1 users of platform 1 and n2 users of platform two, the associated network effects are n12 and n22, respectively. I realize that this may be an ideal; however, the purpose of this theoretical model is to provide foundational guidelines for security strategy.4 In addition, let n1 + n2 = N. Given the market shares of platform 1, s = n1/N, and platform 2, (1−s) = n2/N, it therefore holds that the network effects consistent with Metcalfe’s law are proportional to the market share of each platform in the following way: n12=s2N2 and n22=(1−s)2N2. The network benefits to users of a platform can be expressed in terms of the square of the market share of the platform and total number of users. Consequently, if a platform is not attacked, then then the payoffs for users of platforms 1 and 2 are assumed to be s2N2 and (1−s)2N2, respectively. These correspond to the users’ off-diagonal payoffs in Table 1. When a platform is attacked, users’ network benefits from a platform depend on the platform’s security. Malware that targets a platform’s vulnerabilities has the potential to cascade throughout the platform. Specifically, given security level p, if hackers target platform 1, this diminishes the network benefits of platform 1, s2N2, by the amount (1−p)s2N2, leaving a user of platform 1 with a payoff equal to ps2N2. Similarly, if hackers target platform 2, the payoff to users of platform 2 is q(1−s)2N2. These are the users’ respective payoffs on the main diagonal of Table 1. Nash equilibrium and characterization As explained above, the focus is on the mixed strategy Nash equilibrium (MSNE) of this game because a pure strategy equilibrium on the part of users would imply a monopolistic outcome, and such an outcome is not observed for the platform markets under study. Within this context, the interpretation of MSNE is as given by Nash’s [12] concept of mass action: cross-sectional distributions of users and hackers over the platforms, respectively; rather than the probability that an individual user or hacker selects a particular platform. As such, let σ ∈ (0, 1) ≡ mixed strategy distribution of users selecting platform 1; 1 − σ ≡ mixed strategy distribution of users selecting platform 2; τ ∈ (0, 1) ≡ mixed strategy distribution of malware hackers targeting platform 1; and 1 − τ ≡ mixed strategy distribution of malware hackers targeting platform 2. In a MSNE, σ has the property that a hacker’s expected payoff for targeting platform 1 is equal to that for targeting platform 2. Referring to Table 1: (1−p)s*σ+0*(1−σ)=0*σ+(1−q)(1−s)*(1−σ). (1) Under the mass action interpretation of MSNE, σ and 1−σ represent the cross-sectional distribution of users selecting platforms 1 and 2. Consequently, in a fulfilled expectations equilibrium it is required that: σ=s. (2) That is, under the mass action interpretation of MSNE, the equilibrium mixed strategy is equal to that platform’s market share. Users’ expectations of a platform’s market share are thereby fulfilled. Substituting (2) into (1), platform 1’s relative market share is s/(1−s)=(1−q)/(1−p). Similarly, platform 2’s relative market share is (1−s)/s=(1−p)/(1−q). From these derivations, one can see that a platform’s relative market share is determined by the vulnerability ratio of its competitor, defined above as v2 = (1−q)/(1−p) for platform 2 and v1 = (1−p)/(1−q) for platform 1. Specifically: RESULT 1: In bifurcated platform competition, platform i’s relative market share is equal to the square root of the vulnerability ratio of its competitor, si/(1−si)=vj,  i≠j, i,j∈{1,2}. Result 1 establishes a fundamental strategic interdependence between the relative market share of a platform and the way in which platforms compete on security. In terms of novelty, Dyskstra [18] notes that the establishment of theoretical building blocks or axioms to guide cybersecurity decision making remains unexpectedly rare for an otherwise mature field. The implications of this result are discussed below. First, it is noteworthy that the equilibrium has implications for a platform’s relative market share because a high relative market share is associated with disproportionate returns on investment [19]. Relative market share is a measure of how much one platform’s market share differs from another. Furthermore, power law predictions for relative market share (also known as “share ratios”) are quite common empirically [20]. The present analysis provides a theoretical foundation for this phenomenon. Second, it follows that p = q ⇒ s = ½. Equal quality (in terms of security) leads to equal market share. Third, Result 1 characterizes the strategic role that a platform’s security plays in determining a platform’s relative market share. Specifically, ∂(s/(1−s))/∂p > 0 and ∂(s/(1−s))/∂q < 0. In equilibrium, platform 1’s relative market share is increasing in its security (p) and decreasing in the security of platform 2 (q). Indeed, this result is a strategic extension of Hirschman’s [21] classic analysis of consumer loyalty and quality deterioration. Specifically, platform 1’s relative market share is decreasing in its lapse in security (vulnerability), 1−p, and increasing in platform 2’s lapse in security (vulnerability), 1−q. This is illustrated in Fig. 1. When a platform’s security initially deteriorates, represented by an “increase” in values along the y-axis, its relative market share initially decreases at a slow rate. If this deterioration persists, then the exodus of users leads to a rapid decrease in relative market share. Figure 1: View largeDownload slide Market share and security Figure 1: View largeDownload slide Market share and security Fourth, a platform creator must make increasingly greater investments in security; otherwise, its market share will erode. For example, increasing p for platform 1 increases (1−q)/(1−p) but relative market share, s/(1−s)=(1−q)/(1−p), grows much more slowly than does (1−q)/(1−p). These implications of Result 1 are consistent with Microsoft’s decision to consolidate security services under the umbrella of the Microsoft Security Response Center (MSRC), as part of its Trustworthy Computing initiative in 2002. The MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services. Once a vulnerability is identified, the MSRC works with the relevant development team to find and distribute a solution. This initiative was formed in response to Microsoft losing market share owing to its status as a whipping boy in security circles. I now turn to hacker targeting behavior (in aggregate). The details of the derivation of τ for hackers are given in the Appendix, as they mirror the derivation of σ for users in Result 1. RESULT 2: In bifurcated platform competition, given security levels p for platform 1 and q for platform 2, the proportion of hackers that target platform 1 is τ and the proportion that target platform 2 is 1−τ where τ=12(1−p)−q2(1−q). (3) Security affects malware targeting in the following ways: ∂τ/∂p > 0 and ∂τ/∂q < 0. This is somewhat counterintuitive until one considers the interplay between market share and security established in Result 1. An increase in security, p, increases platform 1’s relative market share, s/(1−s), which thereby increases malware’s targeting of platform 1,τ. This is because the only way that s/(1−s) can increase is if s increases and s enters directly into the payoff of hackers that target platform 1. Conversely, an increase in platform 2’s security, q, decreases platform 1’s relative market share, s/(1−s), which thereby decreases the extent that malware targets platform 1, τ. Stackelberg equilibrium and characterization Up until this point, platform market share and hacker behavior are determined simultaneously (or at least under conditions of imperfect information). By considering an environment in which market share is already determined before hackers decide on their target, it is possible to test whether the Nash characterization of relative market share is robust. This requires the derivation of the Stackelberg equilibrium for the game in Table 1. In order to remove any ambiguity about what is meant by a Stackelberg equilibrium, Rasmusen’s [22] definition is used: “A Stackelberg equilibrium is a strategy profile in which the players select strategies in a given order and each player’s strategy is a best response to the fixed strategies of the players preceding him …. Such an equilibrium would not generally be either Nash or [subgame] perfect.” In the Stackelberg equilibrium for the game in Table 1, users select their platform – thereby retaining the endogeneity of relative market share – and then hackers take the market share of each platform as given when deciding which platform to attack. In this way, users are the leaders in the Stackelberg equilibrium and hackers are the followers. Following Moulin [23], denote BRH(σ) as the hackers’ best reply correspondence to the users’/leaders’ (potentially mixed) strategy, σ. That is, BRH(σ) is the set of hacker strategies that maximize the hackers’ payoff against strategy σ. Then pair (σL, BRH(σL)) constitutes a Stackelberg equilibrium if σL=supσUL(σ,BR(σ)), where UL(⋅,⋅) is the users’/leader’s (expected) payoff function. Finally, for purposes of comparison with the Nash characterization of relative market share, only the Stackelberg equilibria involving bifurcated platform markets are considered. This is also in keeping with the reality of bifurcated markets for the platforms under study. RESULT 3: Given Nash strategy σ* and maxmin strategy σ^=(1−q)(1−s)2/[(1−p)s2+(1−q)(1−s)2]: If σ^<σ*  and v2<1/p, then the associated Stackelberg equilibrium is (1, σ*). That is, the platform market is bifurcated according to Nash strategy σ* but hackers only target platform 1. If σ*<σ^  and v1<1/q, then the associated Stackelberg equilibrium is (2, σ*). That is, the platform market is bifurcated according to Nash strategy σ* but hackers only target platform 2. Proof: see Appendix. The main implication of this result is that the Nash characterization of bifurcated platform market shares given in Result 1 continues to hold within a Stackelberg framework. The first condition for each case (σ* versus σ^) determines the platform that is targeted by hackers and the second condition ensures that market shares are bifurcated because the vulnerability ratio of the competing platform lies below an upper bound. In this way, the hackers’ decision to target either platform 1 or platform 2, but not both, results from their platform choice being a “best reply” to the users’ cross-sectional distribution over the two platforms. This is qualitatively different from the hackers’ target being a dominant strategy for an exogenously given distribution of platform market shares. Conclusion This article uses a game theoretic model to show that when users’ benefits of a platform are dependent on that platform’s network externalities, and hackers target platforms on the basis of market share, then the relative market share of a platform is the square root of the ratio of its competitor’s vulnerability to its own vulnerability. This characterization is robust across Nash and Stackelberg analyses, where in the former market share and hacker activity are determined simultaneously and in the latter market share is first determined by users and then hackers take the market share as given when determining which platform to attack. Interestingly, as a platform’s security increases, malware hackers “increase” their targeting of the platform, owing to the way that increased security increases a platform’s market share. This suggests that the very maintenance of a platform’s market share requires greater and greater investment in security, as hackers are attracted by a platform’s market share. The square root rule provides a useful theoretical standard for guiding a platform’s security strategy that is consistent with the longstanding empirical folk wisdom that platform leaders must make increasing investments into cybersecurity in order to maintain market share. Indeed, our result can be contrasted with that of Lelarge [24], who demonstrates that a platform monopolist will have little to no incentive to provide a high level of security. For platform markets that are instead essentially bifurcated, such as PCs/Macs, tablets, or mobile devices, increased security can be leveraged to promote market share, which also enhances users’ loyalty owing to the increased network externalities associated with increased market share. In contrast, a minority platform users’ appearance of superior security may instead be an illusion related to low hacker targeting owing to low market share. Admittedly, use of the square root rule requires knowledge of a platform’s vulnerability, and it is difficult to estimate a platform’s security level. At the same time, it is in the interest of platform designers to know as much as possible about their own product’s vulnerability, and that of their competitors – especially since the relationship between market share and relative vulnerability is characterized by the square root rule. Platforms thrive on network externalities which are, by definition, a function of a platform’s market share. Indeed, the characterization provided here employs a market share version of Metcalfe’s law. Yet while there is general agreement that network externalities are super-linear in the number of users, there are also reasons why Metcalfe’s law need not hold. For example, if not all the connections in a network are equally valuable to a user [25]. Hence, adapting the model to alternatives to Metcalfe’s law is an area for future research. Finally, the current model treats the difficulty/amount of effort needed for an attacker to compromise a platform as linear in the platform’s security. This may not always be the case. For example, iOS is notoriously harder than Android to get exploits for, due in no small part to Android being open source while iOS is much more closed. As such, another interesting extension would therefore be to approximate the level of security of a platform by the average value of a full working exploit for that platform. Appendix: proofs. Result 2. Let τ be the proportion of hackers targeting platform 1 and 1−τ the proportion targeting platform 2. From Table 1, by the indifference property of MSNE it must be the case that the equilibrium value of τ makes the users’ expected payoff for selecting platform 1 equal to that for platform 2: ps2N2∗τ+s2N2∗(1−τ)=(1−s)2N2∗τ+q(1−s)2N2∗(1−τ). (A.1) Dividing by N2 and aggregating terms: s2−q(1−s)2={(1−p)s2+(1−q)(1−s)2}×τ. (A.2) Dividing both sides by s2: 1−q[(1−s)/s]2={(1−p)+(1−q)[(1−s)/s]2}×τ. (A.3) Recall that in equilibrium (1−s)/s=(1−p)/(1−q). Substituting this into (A.3): 1−q(1−p)/(1−q)={(1−p)+(1−p)}×τ. (A.4) Solving for τ τ=12(1−p)−q2(1−q). (A.5) Result 3. The proof follows the technique introduced by Andreozzi [26]. Let σL denote the users’ strategy when acting as a Stackelberg leader and σ* denote the Nash equilibrium distribution of users selecting platform 1. From the indifference property associated with Nash mixture σ*, if σ* < σL then the hacker’s best reply is to choose platform 1 and if σL < σ* then the hackers’ best reply is to choose platform 2. Case 1: σ* < σL. Given that the hackers’ best reply is to choose platform 1, the users’ expected utility is σL[ps2N2]+(1−σL)[(1−s)2N2]=[ps2N2−(1−s)2N2]σL+(1−s)2N2. If ps2N2>(1−s)2N2 then this expected payoff is maximized by setting σL=1, in which case the platform market is not bifurcated. Consequently, bifurcation requires ps2N2<(1−s)2N2; i.e. s/(1−s)<1/p. (A.6) Under this condition, σ*=supσL∈(σ*,1][ps2N2−(1−s)2N2]σL+(1−s)2N2. Hence, the Stackelberg equilibrium is (1,σ*), meaning that the platform is bifurcated according to the Nash equilibrium cross-sectional distribution of players, and hackers exclusively target platform 1. Finally, given that the equilibrium relative market share is characterized by σ*, by Result 1 Equation (A.6) can be rewritten as (1−q)/(1−p)<1/p. (A.7) Case 2: σL < σ*. Given that the hacker’s best reply is to choose platform 2, the users’ expected utility is σL[s2N2]+(1−σL)[q(1−s)2N2]=[s2N2−q(1−s)2N2]σL+q(1−s)2N2. If s2N2<q(1−s)2N2 then this expected payoff is maximized by setting σL=0 and the platform market would not be bifurcated. Bifurcation therefore requires s2N2>q(1−s)2N2;i.e. (1−s)/s<1/q. (A.8) Under this condition, σ*=supσL∈[0,σ*)[s2N2−q(1−s)2N2]σL+q(1−s)2N2. The corresponding Stackelberg equilibrium is (2,σ*). Once again, the cross-sectional distribution of market share is the Nash one, with hackers now focusing on platform 2. From Result 1, Equation (A.8) can be rewritten as (1−p)/(1−q)<1/q. (A.9) Case 3: σL = σ*. By definition, hackers are indifferent between attacking platforms 1 and 2. As such, it is assumed that hackers attack the platform that gives users a lower payoff. Under σ*, users get a lower payoff when hackers attack platform 1 if [ps2N2−(1−s)2N2]σ*+(1−s)2N2<[s2N2−q(1−s)2N2]σ*+q(1−s)2N2. Which reduces to σ^=(1−q)(1−s)2(1−p)s2+(1−q)(1−s)2<σ*. Footnotes 1 Earlier studies of the cost of malware include Anderson et al. [3] and Gantz et al. [4]. 2 https://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0. 29 August 2018. 3 For example, a minority platform may successfully cater to a niche market (e.g., arts and academia) by providing proprietary segment-specific benefits. 4 Metcalfe [17] uses Facebook data to validate that the coefficient on the square of the number of users equals one. References 1 Hiltzik M. Dealers of Lightning. Xerox PARC and the Dawn of the Computer Age . New York : HarperCollins , 1999 . 2 Ponemon Institute . Cost of Cyber Crime Study & the Risk of Business Innovation . Traverse City, MI : Ponemon Institute , 2016 . 3 Anderson R , Clayton R , Barton C , et al. Measuring the cost of cybercrime. In: Böhme R (ed.), The Economics of Information Security and Privacy . Berlin : Springer , 2013 , 265 – 300 . 4 Gantz JF , Florean A , Lee R , et al. The Link between Pirated Software and Security Breaches. How Malware in Pirated Software Is Costing the World Billions . Framington, MA : International Data Corporation , 2014 . 5 Stackpole B , Oksendahl E. Security and Strategy. From Requirements to Reality . Boca Raton, FL : CRC Press , 2010 . 6 Geer D , Pfleeger CP , Schneier B , et al. Cyberinsecurity: the cost of monopoly . Computer & Communications Industry Association Report 2003 . 7 Roy S , Ellis C , Shiva S , et al. A survey of game theory as applied to network security . In: Proceedings of the 43rd Hawaii International Conference on System Sciences , 2010 , 1 – 10 . 8 O’Donnell A. When malware attacks (Anything but windows). IEEE SECUR PRIV 2008 , 6870. 9 Berghel H. Malware month . Commun Acm 2003 ; 46 : 15 – 19 . 10 Florêncio D , Herly C. Where do all the attacks go? In: Shneier B (ed.), Economics of Information Security and Privacy III . New York : Springer , 2013 , 13 – 33 . 11 Karyotis V , Khouzani MHR. Malware Diffusion Models for Modern Complex Networks. Theory and Applications . Cambridge, MA : Morgan Kaufman , 2016 . 12 Nash J. Non-cooperative games. PhD Dissertation, Princeton University Department of Mathematics, 1950. In: Kuhn HW , Nasar S (eds.), The Essential John Nash . Princeton, NJ : Princeton University Press , 2002 , 53 – 84 . 13 Cornell B , Roll R. Strategies for pairwise competitions in markets and organizations . Bell J Econ 1981 ; 12 : 201 – 213 . Google Scholar Crossref Search ADS 14 Bendle N , Vandenbosch N. Competitor orientation and the evolution of business markets . Market Sci 2014 ; 33 : 781 – 795 . Google Scholar Crossref Search ADS 15 Honeynet Project . Know Your Enemy: Learning about Security Threats , 2nd edn . Indianapolis : Addison-Wesley Professional , 2004 . 16 Herley C. Security, cybercrime, and scale . Commun Acm 2014 ; 7 : 64 – 71 . Google Scholar Crossref Search ADS 17 Metcalf B. Metcalfe’s law after 40 years of the Ethernet . IEEE Comp 2013 ; 46 : 26 – 31 . Google Scholar Crossref Search ADS 18 Dykstra J. Essential Cybersecurity Science . Boston : O’Reilly , 2016 . 19 Gottfredson M , Schaubert S. The Breakthrough Imperative. How the Best Managers Get Outstanding Results . New York : Collins , 2008 . 20 Kohli R , Sah R. Some empirical regularities in market shares . Manage Sci 2006 ; 52 : 1792 – 1798 . Google Scholar Crossref Search ADS 21 Hirschman AO. Exit, Voice and Loyalty . Cambridge, MA : Harvard University Press , 1970 . 22 Rasmusen E. Games and Information , 4th edn. Malden, MA : Blackwell , 2007 . 23 Moulin H. Game Theory for the Social Sciences . New York : NYU Press , 1981 . 24 Lelarge M. Economics of malware: epidemic risk model, network externalities and incentives. In: 47th Annual Allerton Conference on Communication, Control, and Computing . Allerton House, University of Illinois at Urbana-Champaign , 2009 , 1353 – 60 . 25 Odlyzko A , Tilly B. A Refutation of Metcalfe’s Law and a Better Estimate for the Value of Networks and Network Interconnections . University of Minnesota : Digital Technology Center , 2005 . 26 Andreozzi L. Rewarding policemen increases crime. Another surprising result from the Inspection Game . Public Choice 2004 ; 121 : 69 – 82 . Google Scholar Crossref Search ADS © The Author(s) 2018. Published by Oxford University Press. This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-nc/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited. For commercial re-use, please contact journals.permissions@oup.com
TI - Malware and market share
JF - Journal of Cybersecurity
DO - 10.1093/cybsec/tyy010
DA - 2018-01-01
UR - https://www.deepdyve.com/lp/oxford-university-press/malware-and-market-share-bigw8lXWae
VL - 4
IS - 1
DP - DeepDyve
ER -