We use cookies to ensure that we give you the best experience on our website. By continuing to browse this repository, you give consent for essential cookies to be used. You can read more about our Privacy and Cookie Policy.

Durham Research Online
You are in:

The Work-Averse Cyber Attacker Model: Theory and Evidence From Two Million Attack Signatures

Allodi, Luca and Massacci, Fabio and Williams, Julian (2021) 'The Work-Averse Cyber Attacker Model: Theory and Evidence From Two Million Attack Signatures.', Risk Analysis: An International Journal .


The assumption that a cyber attacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed costs of exploit development induce attackers to delay implementation and deployment of exploits of vulnerabilities. The theoretical model predicts that mass attackers will preferably i) exploit only one vulnerability per software version, ii) largely include only vulnerabilities requiring low attack complexity, and iii) be slow at trying to weaponize new vulnerabilities. These predictions are empirically validated on a large dataset of observed massed attacks launched against a large collection of information systems. Findings in this paper allow cyber risk managers to better concentrate their efforts for vulnerability management, and set a new theoretical and empirical basis for further research defining attacker (offensive) processes.

Item Type:Article
Full text:Publisher-imposed embargo
(AM) Accepted Manuscript
File format - PDF
Full text:(VoR) Version of Record
Available under License - Creative Commons Attribution 4.0.
Download PDF
Publisher Web site:
Publisher statement:© 2021 The Authors. Risk Analysis published by Wiley Periodicals LLC on behalf of Society for Risk Analysis This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.
Date accepted:03 February 2021
Date deposited:05 February 2021
Date of first online publication:07 May 2021
Date first made open access:20 December 2021

Save or Share this output

Look up in GoogleScholar