{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T14:15:22Z","timestamp":1773324922009,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642145766","type":"print"},{"value":"9783642145773","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-14577-3_16","type":"book-chapter","created":{"date-parts":[[2010,7,16]],"date-time":"2010-07-16T08:11:34Z","timestamp":1279267894000},"page":"192-206","source":"Crossref","is-referenced-by-count":15,"title":["A Learning-Based Approach to Reactive Security"],"prefix":"10.1007","author":[{"given":"Adam","family":"Barth","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Benjamin I. P.","family":"Rubinstein","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mukund","family":"Sundararajan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John C.","family":"Mitchell","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peter L.","family":"Bartlett","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"16_CR1","doi-asserted-by":"crossref","unstructured":"Anderson, R.: Why information security is hard\u2014An economic perspective. In: 17th Annual Computer Security Applications Conference, pp. 358\u2013365 (2001)","DOI":"10.1109\/ACSAC.2001.991552"},{"issue":"11","key":"16_CR2","doi-asserted-by":"publisher","first-page":"1703","DOI":"10.1287\/mnsc.1060.0568","volume":"52","author":"T. August","year":"2006","unstructured":"August, T., Tunca, T.I.: Network software security and user incentives. Management Science\u00a052(11), 1703\u20131720 (2006)","journal-title":"Management Science"},{"key":"16_CR3","unstructured":"Barth, A., Rubinstein, B.I.P., Sundararajan, M., Mitchell, J.C., Song, D., Bartlett, P.L.: A learning-based approach to reactive security (2009), \n                  \n                    http:\/\/arxiv.org\/abs\/0912.1155"},{"key":"16_CR4","unstructured":"Beard, C.: Introducing Test Pilot (March 2008), \n                  \n                    http:\/\/labs.mozilla.com\/2008\/03\/introducing-test-pilot\/"},{"issue":"2","key":"16_CR5","doi-asserted-by":"publisher","first-page":"281","DOI":"10.2753\/MIS0742-1222250211","volume":"25","author":"H. Cavusoglu","year":"2008","unstructured":"Cavusoglu, H., Raghunathan, S., Yue, W.: Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems\u00a025(2), 281\u2013304 (2008)","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"16_CR6","doi-asserted-by":"crossref","first-page":"427","DOI":"10.1145\/258128.258179","volume":"44","author":"N. Cesa-Bianchi","year":"1997","unstructured":"Cesa-Bianchi, N., Freund, Y., Haussler, D., Helmbold, D.P., Schapire, R.E., Warmuth, M.K.: How to use expert advice. Journal of the Association for Computing Machinery\u00a044(3), 427\u2013485 (1997)","journal-title":"Journal of the Association for Computing Machinery"},{"key":"16_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1007\/11786986_42","volume-title":"Automata, Languages and Programming","author":"D. Chakrabarty","year":"2006","unstructured":"Chakrabarty, D., Mehta, A., Vazirani, V.V.: Design is as easy as optimization. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol.\u00a04051, pp. 477\u2013488. Springer, Heidelberg (2006)"},{"key":"16_CR8","unstructured":"Cremonini, M.: Evaluating information security investments from attackers perspective: the return-on-attack (ROA). In: Fourth Workshop on the Economics of Information Security (2005)"},{"key":"16_CR9","unstructured":"Fisher, D.: Multi-process architecture (July 2008), \n                  \n                    http:\/\/dev.chromium.org\/developers\/design-documents\/multi-process-architecture"},{"key":"16_CR10","first-page":"375","volume-title":"Proceedings of the 2007 ACM Conference on Computer and Communications Security","author":"J. Franklin","year":"2007","unstructured":"Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security, pp. 375\u2013388. ACM, New York (2007)"},{"issue":"5","key":"16_CR11","first-page":"771","volume":"14","author":"Y. Freund","year":"1999","unstructured":"Freund, Y., Schapire, R.: A short introduction to boosting. Journal of the Japanese Society for Artificial Intelligence\u00a014(5), 771\u2013780 (1999)","journal-title":"Journal of the Japanese Society for Artificial Intelligence"},{"key":"16_CR12","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1006\/game.1999.0738","volume":"29","author":"Y. Freund","year":"1999","unstructured":"Freund, Y., Schapire, R.E.: Adaptive game playing using multiplicative weights. Games and Economic Behavior\u00a029, 79\u2013103 (1999)","journal-title":"Games and Economic Behavior"},{"key":"16_CR13","unstructured":"Friedberg, J.: Internet fraud battlefield (April 2007), \n                  \n                    http:\/\/www.ftc.gov\/bcp\/workshops\/proofpositive\/Battlefield_Overview.pdf"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Fultz, N., Grossklags, J. (eds.): Blue versus Red: Towards a model of distributed security attacks. Proceedings of the Thirteenth International Conference Financial Cryptography and Data Security (February 2009)","DOI":"10.1007\/978-3-642-03549-4_10"},{"issue":"4","key":"16_CR15","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"L.A. Gordon","year":"2002","unstructured":"Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Transactions on Information and System Security\u00a05(4), 438\u2013457 (2002)","journal-title":"ACM Transactions on Information and System Security"},{"key":"16_CR16","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1145\/1367497.1367526","volume-title":"Proceeding of the 17th International Conference on World Wide Web","author":"J. Grossklags","year":"2008","unstructured":"Grossklags, J., Christin, N., Chuang, J.: Secure or insure?: A game-theoretic analysis of information security games. In: Proceeding of the 17th International Conference on World Wide Web, pp. 209\u2013218. ACM, New York (2008)"},{"issue":"5","key":"16_CR17","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1007\/s10796-006-9011-6","volume":"8","author":"K. Hausken","year":"2006","unstructured":"Hausken, K.: Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers\u00a08(5), 338\u2013349 (2006)","journal-title":"Information Systems Frontiers"},{"issue":"2","key":"16_CR18","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1023\/A:1007424614876","volume":"32","author":"M. Herbster","year":"1998","unstructured":"Herbster, M., Warmuth, M.K.: Tracking the best expert. Machine Learning\u00a032(2), 151\u2013178 (1998)","journal-title":"Machine Learning"},{"key":"16_CR19","unstructured":"Howard, M.: Attack surface: Mitigate security risks by minimizing the code you expose to untrusted users. MSDN Magazine (November 2004), \n                  \n                    http:\/\/msdn.microsoft.com\/en-us\/magazine\/cc163882.aspx"},{"key":"16_CR20","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1145\/1455770.1455774","volume-title":"Proceedings of the 2008 ACM Conference on Computer and Communications Security","author":"C. Kanich","year":"2008","unstructured":"Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: An empirical analysis of spam marketing conversion. In: Proceedings of the 2008 ACM Conference on Computer and Communications Security, pp. 3\u201314. ACM, New York (2008)"},{"key":"16_CR21","unstructured":"Kark, K., Penn, J., Dill, A.: 2008 CISO priorities: The right objectives but the wrong focus. Le Magazine de la S\u00e9curit\u00e9 Informatique (April 2009)"},{"key":"16_CR22","unstructured":"Kumar, V., Telang, R., Mukhopadhyay, T.: Optimal information security architecture for the enterprise, \n                  \n                    http:\/\/ssrn.com\/abstract=1086690"},{"key":"16_CR23","unstructured":"Lye, K.W., Wing, J.M.: Game strategies in network security. In: Proceedings of the Foundations of Computer Security Workshop, pp. 13\u201322 (2002)"},{"key":"16_CR24","first-page":"66","volume-title":"Proceedings of the 21st IEEE Computer Security Foundations Symposium","author":"R.A. Miura-Ko","year":"2008","unstructured":"Miura-Ko, R.A., Yolken, B., Mitchell, J., Bambos, N.: Security decision-making among interdependent organizations. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium, pp. 66\u201380. IEEE Computer Society, Washington (2008)"},{"key":"16_CR25","doi-asserted-by":"crossref","unstructured":"Miura-Ko, R., Bambos, N.: SecureRank: A risk-based vulnerability management scheme for computing infrastructures. In: Proceedings of IEEE International Conference on Communications, pp. 1455\u20131460 (June 2007)","DOI":"10.1109\/ICC.2007.244"},{"issue":"4","key":"16_CR26","doi-asserted-by":"publisher","first-page":"960","DOI":"10.1287\/moor.23.4.960","volume":"23","author":"E. Ordentlich","year":"1998","unstructured":"Ordentlich, E., Cover, T.M.: The cost of achieving the best portfolio in hindsight. Mathematics of Operations Research\u00a023(4), 960\u2013982 (1998)","journal-title":"Mathematics of Operations Research"},{"key":"16_CR27","doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336\u2013345 (2006)","DOI":"10.1145\/1180405.1180446"},{"key":"16_CR28","unstructured":"Pironti, J.P.: Key elements of an information security program. Information Systems Control Journal\u00a01 (2005)"},{"issue":"1","key":"16_CR29","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2005.17","volume":"3","author":"E. Rescorla","year":"2005","unstructured":"Rescorla, E.: Is finding security holes a good idea? IEEE Security and Privacy\u00a03(1), 14\u201319 (2005)","journal-title":"IEEE Security and Privacy"},{"key":"16_CR30","unstructured":"Varian, H.: System reliability and free riding (2001)"},{"key":"16_CR31","unstructured":"Varian, H.R.: Managing online security risks, June 1. New York Times (2000)"},{"key":"16_CR32","unstructured":"Warner, B.: Home PCs rented out in sabotage-for-hire racket. Reuters (July 2004)"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-14577-3_16.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,30]],"date-time":"2021-04-30T12:33:34Z","timestamp":1619786014000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-14577-3_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642145766","9783642145773"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-14577-3_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}