{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T00:17:10Z","timestamp":1772151430404,"version":"3.50.1"},"reference-count":75,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2026,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Interdependent systems are increasingly vulnerable to rapidly growing cybersecurity threats. In this work, we investigate security decision-making in such systems, which are managed by multiple defenders. Each defender is tasked with protecting a specific subset of assets against potential attackers. The interdependencies among these assets are modeled using an attack graph, where edges between assets indicate that compromising one asset can enable an attack on another. Each edge is associated with a probability of successful attack, which can be mitigated through strategic security investments by the defenders. We employ game-theoretic models to analyze these systems and incorporate the effects of behavioral probability weighting bias, a well-documented phenomenon in human decision-making under risk. Additionally, we introduce malicious players into the framework, whose objective is to maximize the total social cost of the interdependent system. We demonstrate that malicious security games possess an equilibrium, providing a foundation for analyzing such systems. We then present examples to highlight the differences between the socially optimal solution and the equilibrium solutions under both selfish and malicious players. We then analyze the inefficiencies introduced by malicious players and behavioral probability weighting on the system\u2019s social cost. We adapt widely-used metrics to quantify these inefficiencies, derive bounds, and show that the inefficiency grows exponentially with increases in the security budget. We evaluate our models using four representative real-world interdependent systems, comparing game-theoretic optimal investments with socially optimal investments. Furthermore, we benchmark our approach against four popular security resource allocation methods on attack graphs. This work provides a comprehensive framework for understanding and mitigating cybersecurity risks in interdependent systems, accounting for both behavioral biases and the presence of internal malicious actors.<\/jats:p>","DOI":"10.1007\/s10207-025-01180-3","type":"journal-article","created":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T19:46:45Z","timestamp":1765223205000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Selfish or Malicious: Price of malice in human-centric security decision-making for attack graph-based interdependent systems"],"prefix":"10.1007","volume":"25","author":[{"given":"Mustafa","family":"Abdallah","sequence":"first","affiliation":[]},{"given":"Daniel","family":"Woods","sequence":"additional","affiliation":[]},{"given":"Timothy","family":"Cason","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,8]]},"reference":[{"key":"1180_CR1","unstructured":"gtraq Vulnerability Database. https:\/\/www.securityfocus.com\/ (September 2008), [Online; accessed 18-March-2022]"},{"key":"1180_CR2","doi-asserted-by":"crossref","unstructured":"Abdallah, M., Naghizadeh, P., Hota, A.R., Cason, T., Bagchi, S., Sundaram, S.: Behavioral and game-theoretic security investments in interdependent systems modeled by attack graphs. IEEE Transactions on Control of Network Systems (2020)","DOI":"10.1109\/TCNS.2020.2988007"},{"key":"1180_CR3","doi-asserted-by":"crossref","unstructured":"Abdallah, M., Woods, D., Naghizadeh, P., Khalil, I., Cason, T., Sundaram, S., Bagchi, S.: Morshed: Guiding behavioral decision-makers towards better security investment in interdependent systems. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. pp. 378\u2013392 (2021)","DOI":"10.1145\/3433210.3437534"},{"key":"1180_CR4","doi-asserted-by":"publisher","unstructured":"Abdallah, M., Woods, D., Naghizadeh, P., Khalil, I., Cason, T., Sundaram, S., Bagchi, S.: Tasharok: Using mechanism design for enhancing security resource allocation in interdependent systems. In: 2022 IEEE Symposium on Security and Privacy (SP). pp. 249\u2013266 (2022). https:\/\/doi.org\/10.1109\/SP46214.2022.9833591","DOI":"10.1109\/SP46214.2022.9833591"},{"issue":"1","key":"1180_CR5","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1109\/MSEC.2024.3407593","volume":"23","author":"M Abdallah","year":"2025","unstructured":"Abdallah, M., Bagchi, S., Bopardikar, S.D., Chan, K., Gao, X., Kantarcioglu, M., Li, C., Liu, P., Zhu, Q.: Game theory in distributed systems security: Foundations, challenges, and future directions. IEEE Security & Privacy 23(1), 64\u201374 (2025). https:\/\/doi.org\/10.1109\/MSEC.2024.3407593","journal-title":"IEEE Security & Privacy"},{"key":"1180_CR6","doi-asserted-by":"crossref","unstructured":"Abdallah, M., Cason, T., Bagchi, S., Sundaram, S.: The effect of behavioral probability weighting in a sequential defender-attacker game. In: 2020 59th IEEE Conference on Decision and Control (CDC). pp. 3255\u20133260. IEEE (2020)","DOI":"10.1109\/CDC42340.2020.9304311"},{"key":"1180_CR7","doi-asserted-by":"crossref","unstructured":"Acquisti, A.: Nudging privacy: The behavioral economics of personal information. IEEE security & privacy 7(6) (2009)","DOI":"10.1109\/MSP.2009.163"},{"issue":"1","key":"1180_CR8","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/s10207-023-00731-w","volume":"23","author":"K Adamos","year":"2024","unstructured":"Adamos, K., Stergiopoulos, G., Karamousadakis, M., Gritzalis, D.: Enhancing attack resilience of cyber-physical systems through state dependency graph models. Int. J. Inf. Secur. 23(1), 187\u2013198 (2024)","journal-title":"Int. J. Inf. Secur."},{"key":"1180_CR9","doi-asserted-by":"crossref","unstructured":"Al-Eiadeh, M.R., Abdallah, M.: Genigraph: A genetic-based novel security defense resource allocation method for interdependent systems modeled by attack graphs. Computers & Security 144, 103927 (2024), https:\/\/www.sciencedirect.com\/science\/article\/pii\/S016740482400230X","DOI":"10.1016\/j.cose.2024.103927"},{"key":"1180_CR10","unstructured":"Alpcan, T., Basar, T.: An intrusion detection game with limited observations. In: 12th Int. Symp. on Dynamic Games and Applications. vol.\u00a026 (2006)"},{"key":"1180_CR11","doi-asserted-by":"publisher","first-page":"30907","DOI":"10.1109\/ACCESS.2024.3369906","volume":"12","author":"FR Alzaabi","year":"2024","unstructured":"Alzaabi, F.R., Mehmood, A.: A review of recent advances, challenges, and opportunities in malicious insider threat detection using machine learning methods. IEEE Access 12, 30907\u201330927 (2024)","journal-title":"IEEE Access"},{"key":"1180_CR12","doi-asserted-by":"crossref","unstructured":"Anderson, R.: Security economics: a personal perspective. In: Proceedings of the 28th Annual Computer Security Applications Conference. pp. 139\u2013144. ACM (2012)","DOI":"10.1145\/2420950.2420971"},{"issue":"2","key":"1180_CR13","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1109\/JIOT.2015.2459049","volume":"3","author":"H Bao","year":"2015","unstructured":"Bao, H., Lu, R., Li, B., Deng, R.: Blithe: Behavior rule-based insider threat detection for smart grid. IEEE Internet Things J. 3(2), 190\u2013205 (2015)","journal-title":"IEEE Internet Things J."},{"key":"1180_CR14","doi-asserted-by":"crossref","unstructured":"Butt, S.A., Diaz-Martinez, J.L., Jamal, T., Ali, A., De-La-Hoz-Franco, E., Shoaib, M.: Iot smart health security threats. In: 2019 19th International conference on computational science and its applications (ICCSA). pp. 26\u201331. IEEE (2019)","DOI":"10.1109\/ICCSA.2019.000-8"},{"issue":"4","key":"1180_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3309540","volume":"29","author":"C Cheh","year":"2019","unstructured":"Cheh, C., Thakore, U., Fawaz, A., Chen, B., Temple, W.G., Sanders, W.H.: Data-driven model-based detection of malicious insiders via physical access logs. ACM Transactions on Modeling and Computer Simulation (TOMACS) 29(4), 1\u201325 (2019)","journal-title":"ACM Transactions on Modeling and Computer Simulation (TOMACS)"},{"key":"1180_CR16","doi-asserted-by":"crossref","unstructured":"Chen, F., Su, J., Zhang, Y.: A scalable approach to full attack graphs generation. In: Engineering Secure Software and Systems: First International Symposium ESSoS 2009, Leuven, Belgium, February 4-6, 2009. Proceedings 1. pp. 150\u2013163. Springer (2009)","DOI":"10.1007\/978-3-642-00199-4_13"},{"key":"1180_CR17","unstructured":"Cranor, L.F.: A framework for reasoning about the human in the loop. Proc. 1st Conference on Usability, Psychology, and Security, Usenix Assoc. (2008)"},{"issue":"2","key":"1180_CR18","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1145\/3152042.3152080","volume":"45","author":"J Ding","year":"2017","unstructured":"Ding, J., Atif, Y., Andler, S.F., Lindstr\u00f6m, B., Jeusfeld, M.: Cps-based threat modeling for critical infrastructure protection. ACM SIGMETRICS Performance Evaluation Review 45(2), 129\u2013132 (2017)","journal-title":"ACM SIGMETRICS Performance Evaluation Review"},{"issue":"5","key":"1180_CR19","doi-asserted-by":"publisher","first-page":"784","DOI":"10.1109\/JAS.2022.105548","volume":"9","author":"W Duo","year":"2022","unstructured":"Duo, W., Zhou, M., Abusorrah, A.: A survey of cyber attacks on cyber physical systems: Recent advances and challenges. IEEE\/CAA Journal of Automatica Sinica 9(5), 784\u2013800 (2022)","journal-title":"IEEE\/CAA Journal of Automatica Sinica"},{"issue":"1","key":"1180_CR20","doi-asserted-by":"publisher","first-page":"666","DOI":"10.1109\/TII.2013.2277938","volume":"10","author":"CI Fan","year":"2013","unstructured":"Fan, C.I., Huang, S.Y., Lai, Y.L.: Privacy-enhanced data aggregation scheme against internal attackers in smart grid. IEEE Trans. Industr. Inf. 10(1), 666\u2013675 (2013)","journal-title":"IEEE Trans. Industr. Inf."},{"issue":"1","key":"1180_CR21","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1006\/cogp.1998.0710","volume":"38","author":"R Gonzalez","year":"1999","unstructured":"Gonzalez, R., Wu, G.: On the shape of the probability weighting function. Cogn. Psychol. 38(1), 129\u2013166 (1999)","journal-title":"Cogn. Psychol."},{"issue":"4","key":"1180_CR22","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"LA Gordon","year":"2002","unstructured":"Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Transactions on Information and System Security 5(4), 438\u2013457 (2002)","journal-title":"ACM Transactions on Information and System Security"},{"issue":"2","key":"1180_CR23","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1037\/amp0000321","volume":"74","author":"KH Greenaway","year":"2019","unstructured":"Greenaway, K.H., Cruwys, T.: The source model of group threat: Responding to internal and external threats. Am. Psychol. 74(2), 218 (2019)","journal-title":"Am. Psychol."},{"issue":"2","key":"1180_CR24","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1287\/deca.2017.0346","volume":"14","author":"P Guan","year":"2017","unstructured":"Guan, P., He, M., Zhuang, J., Hora, S.C.: Modeling a multitarget attacker-defender game with budget constraints. Decis. Anal. 14(2), 87\u2013107 (2017)","journal-title":"Decis. Anal."},{"issue":"4","key":"1180_CR25","doi-asserted-by":"publisher","first-page":"561","DOI":"10.3233\/JCS-130475","volume":"21","author":"J Homer","year":"2013","unstructured":"Homer, J., Zhang, S., Ou, X., Schmidt, D., Du, Y., Rajagopalan, S.R., Singhal, A.: Aggregating vulnerability metrics in enterprise networks using attack graphs. J. Comput. Secur. 21(4), 561\u2013597 (2013)","journal-title":"J. Comput. Secur."},{"key":"1180_CR26","doi-asserted-by":"crossref","unstructured":"Hota, A.R., Clements, A., Sundaram, S., Bagchi, S.: Optimal and game-theoretic deployment of security investments in interdependent assets. In: International Conference on Decision and Game Theory for Security. pp. 101\u2013113 (2016)","DOI":"10.1007\/978-3-319-47413-7_6"},{"key":"1180_CR27","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101660","volume":"89","author":"L Huang","year":"2020","unstructured":"Huang, L., Zhu, Q.: A dynamic games approach to proactive defense strategies against advanced persistent threats in cyber-physical systems. Computers & Security 89, 101660 (2020)","journal-title":"Computers & Security"},{"issue":"6","key":"1180_CR28","doi-asserted-by":"publisher","first-page":"1802","DOI":"10.1109\/JIOT.2017.2703172","volume":"4","author":"A Humayed","year":"2017","unstructured":"Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security - a survey. IEEE Internet Things J. 4(6), 1802\u20131831 (2017)","journal-title":"IEEE Internet Things J."},{"issue":"4","key":"1180_CR29","first-page":"1607","volume":"26","author":"S Hussain","year":"2014","unstructured":"Hussain, S., Kamal, A., Ahmad, S., Rasool, G., Iqbal, S.: Threat modelling methodologies: a survey. Sci. Int. (Lahore) 26(4), 1607\u20131609 (2014)","journal-title":"Sci. Int. (Lahore)"},{"key":"1180_CR30","doi-asserted-by":"crossref","unstructured":"Jauhar, S., Chen, B., Temple, W.G., Dong, X., Kalbarczyk, Z., Sanders, W.H., Nicol, D.M.: Model-based cybersecurity assessment with nescor smart grid failure scenarios. In: Dependable Computing (PRDC), 2015 IEEE 21st Pacific Rim International Symposium on. pp. 319\u2013324. IEEE (2015)","DOI":"10.1109\/PRDC.2015.37"},{"key":"1180_CR31","doi-asserted-by":"publisher","first-page":"263","DOI":"10.2307\/1914185","volume":"47","author":"D Kahneman","year":"1979","unstructured":"Kahneman, D., Tversky, A.: Prospect theory: An analysis of decision under risk. Econometrica 47, 263\u2013291 (1979)","journal-title":"Econometrica"},{"key":"1180_CR32","doi-asserted-by":"crossref","unstructured":"Kahneman, D., Tversky, A.: Prospect theory: An analysis of decision under risk. In: Handbook of the fundamentals of financial decision making: Part I, pp. 99\u2013127. World Scientific (2013)","DOI":"10.1142\/9789814417358_0006"},{"key":"1180_CR33","doi-asserted-by":"crossref","unstructured":"Koutsoupias, E., Papadimitriou, C.: Worst-case equilibria. Computer Science Review 3(2), 65\u201369 (2009), https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1574013709000203","DOI":"10.1016\/j.cosrev.2009.04.003"},{"key":"1180_CR34","doi-asserted-by":"crossref","unstructured":"Kuhn, D.R., Walsh, T.J., Fries, S.: Security considerations for voice over ip systems. NIST special publication 800 (2005)","DOI":"10.6028\/NIST.SP.800-58"},{"key":"1180_CR35","doi-asserted-by":"crossref","unstructured":"Kumar, S., Nagar, G.: Threat modeling for cyber warfare against less cyber-dependent adversaries. In: European Conference on Cyber Warfare and Security. vol.\u00a023, pp. 257\u2013264 (2024)","DOI":"10.34190\/eccws.23.1.2462"},{"key":"1180_CR36","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2019.100219","volume":"35","author":"HS Lallie","year":"2020","unstructured":"Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Computer Science Review 35, 100219 (2020)","journal-title":"Computer Science Review"},{"issue":"2","key":"1180_CR37","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1145\/2635673","volume":"47","author":"A Laszka","year":"2015","unstructured":"Laszka, A., Felegyhazi, M., Buttyan, L.: A survey of interdependent information security games. ACM Computing Surveys (CSUR) 47(2), 23 (2015)","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"1180_CR38","doi-asserted-by":"crossref","unstructured":"Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: IEEE Military Communications Conference. pp. 1\u201310. IEEE (2006)","DOI":"10.1109\/MILCOM.2006.302434"},{"key":"1180_CR39","doi-asserted-by":"crossref","unstructured":"Lippmann, R.P., Ingols, K.W., et\u00a0al.: An annotated review of past papers on attack graphs (2005)","DOI":"10.21236\/ADA431826"},{"key":"1180_CR40","doi-asserted-by":"crossref","unstructured":"Ma, J., Chai, K., Xiao, Y., Lan, T., Huang, W.: High-interaction honeypot system for sql injection analysis. In: 2011 International Conference of Information Technology, Computer Engineering and Management Sciences. vol.\u00a03, pp. 274\u2013277. IEEE (2011)","DOI":"10.1109\/ICM.2011.287"},{"issue":"4","key":"1180_CR41","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/s11416-021-00414-x","volume":"18","author":"F Manavi","year":"2022","unstructured":"Manavi, F., Hamzeh, A.: A novel approach for ransomware detection based on pe header using graph embedding. Journal of Computer Virology and Hacking Techniques 18(4), 285\u2013296 (2022)","journal-title":"Journal of Computer Virology and Hacking Techniques"},{"issue":"11","key":"1180_CR42","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/2.963441","volume":"34","author":"RA Martin","year":"2001","unstructured":"Martin, R.A.: Managing vulnerabilities in networked systems. Computer 34(11), 32\u201338 (2001)","journal-title":"Computer"},{"issue":"6","key":"1180_CR43","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1109\/MSP.2006.145","volume":"4","author":"P Mell","year":"2006","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Security & Privacy 4(6), 85\u201389 (2006)","journal-title":"IEEE Security & Privacy"},{"issue":"2","key":"1180_CR44","first-page":"1476","volume":"188","author":"BK Mishra","year":"2007","unstructured":"Mishra, B.K., Saini, D.K.: Seirs epidemic model with delay for transmission of malicious objects in computer network. Appl. Math. Comput. 188(2), 1476\u20131482 (2007)","journal-title":"Appl. Math. Comput."},{"key":"1180_CR45","doi-asserted-by":"crossref","unstructured":"Modelo-Howard, G., Bagchi, S., Lebanon, G.: Determining placement of intrusion detectors for a distributed application through bayesian network modeling. In: International Workshop on Recent Advances in Intrusion Detection. pp. 271\u2013290. Springer (2008)","DOI":"10.1007\/978-3-540-87403-4_15"},{"key":"1180_CR46","doi-asserted-by":"crossref","unstructured":"Moscibroda, T., Schmid, S., Wattenhofer, R.: When selfish meets evil: Byzantine players in a virus inoculation game. In: Proceedings of the twenty-fifth annual ACM symposium on Principles of distributed computing. pp. 35\u201344 (2006)","DOI":"10.1145\/1146381.1146391"},{"issue":"2","key":"1180_CR47","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1080\/15427951.2009.10129181","volume":"6","author":"T Moscibroda","year":"2009","unstructured":"Moscibroda, T., Schmid, S., Wattenhofer, R.: The price of malice: A game-theoretic framework for malicious behavior in distributed systems. Internet Mathematics 6(2), 125\u2013155 (2009)","journal-title":"Internet Mathematics"},{"key":"1180_CR48","unstructured":"NREL: Cybersecurity Threat Evaluation on renewable energy systems. https:\/\/www.nrel.gov\/news\/program\/2021\/nrel-joins-industry-in-leading-cybersecurity-threat-evaluation-for-us-wind-fleet.html (April 2021), [Online; accessed 1-February-2022]"},{"issue":"3","key":"1180_CR49","doi-asserted-by":"publisher","first-page":"497","DOI":"10.2307\/2998573","volume":"66","author":"D Prelec","year":"1998","unstructured":"Prelec, D.: The probability weighting function. Econometrica 66(3), 497\u2013527 (1998)","journal-title":"Econometrica"},{"key":"1180_CR50","unstructured":"Pretre, B.: Attacks on peer-to-peer networks. Dept. of Computer Science Swiss Federal Institute of Technology (ETH) Zurich Autumn (2005)"},{"key":"1180_CR51","doi-asserted-by":"crossref","unstructured":"Redmiles, E.M., Mazurek, M.L., Dickerson, J.P.: Dancing pigs or externalities?: Measuring the rationality of security decisions. In: Proceedings of the 2018 ACM Conference on Economics and Computation. pp. 215\u2013232. ACM (2018)","DOI":"10.1145\/3219166.3219185"},{"key":"1180_CR52","unstructured":"Robertson, J., Turton, W.: Colonial Pipeline ransomware attack. https:\/\/www.bloomberg.com\/news\/articles\/2021-05-09\/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown (May 2021), [Online; accessed 30-October-2022]"},{"key":"1180_CR53","doi-asserted-by":"crossref","unstructured":"Rosen, J.B.: Existence and uniqueness of equilibrium points for concave n-person games. Econometrica pp. 520\u2013534 (1965)","DOI":"10.2307\/1911749"},{"key":"1180_CR54","doi-asserted-by":"crossref","unstructured":"Roth, A.: The price of malice in linear congestion games. In: International Workshop on Internet and Network Economics. pp. 118\u2013125. Springer (2008)","DOI":"10.1007\/978-3-540-92185-1_20"},{"key":"1180_CR55","doi-asserted-by":"crossref","unstructured":"Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: System Sciences (HICSS), 2010 43rd Hawaii International Conference on. pp. 1\u201310. IEEE (2010)","DOI":"10.1109\/HICSS.2010.35"},{"issue":"3","key":"1180_CR56","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1109\/JSYST.2010.2059212","volume":"4","author":"AY Saber","year":"2010","unstructured":"Saber, A.Y., Venayagamoorthy, G.K.: Efficient utilization of renewable energy sources by gridable vehicles in cyber-physical energy systems. IEEE Syst. J. 4(3), 285\u2013294 (2010)","journal-title":"IEEE Syst. J."},{"key":"1180_CR57","doi-asserted-by":"crossref","unstructured":"Sanjab, A., Saad, W., Ba\u015far, T.: Prospect theory for enhanced cyber-physical security of drone delivery systems: A network interdiction game. In: Communications (ICC), 2017 IEEE International Conference on. pp.\u00a01\u20136. IEEE (2017)","DOI":"10.1109\/ICC.2017.7996862"},{"issue":"4","key":"1180_CR58","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1145\/2627534.2627558","volume":"41","author":"AB Sharma","year":"2014","unstructured":"Sharma, A.B., Ivan\u010di\u0107, F., Niculescu-Mizil, A., Chen, H., Jiang, G.: Modeling and analytics for cyber-physical systems in the age of big data. ACM SIGMETRICS Performance Evaluation Review 41(4), 74\u201377 (2014)","journal-title":"ACM SIGMETRICS Performance Evaluation Review"},{"key":"1180_CR59","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy. pp. 273\u2013284. IEEE (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"1180_CR60","doi-asserted-by":"crossref","unstructured":"Sinha, A., Fang, F., An, B., Kiekintveld, C., Tambe, M.: Stackelberg security games: looking beyond a decade of success. In: Proceedings of the 27th International Joint Conference on Artificial Intelligence (IJCAI). pp. 5494\u20135501 (2018)","DOI":"10.24963\/ijcai.2018\/775"},{"issue":"2","key":"1180_CR61","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1109\/JSYST.2015.2388707","volume":"11","author":"AK Sood","year":"2015","unstructured":"Sood, A.K., Zeadally, S., Bansal, R.: Exploiting trust: stealthy attacks through socioware and insider threats. IEEE Syst. J. 11(2), 415\u2013426 (2015)","journal-title":"IEEE Syst. J."},{"issue":"82","key":"1180_CR62","first-page":"16","volume":"800","author":"K Stouffer","year":"2011","unstructured":"Stouffer, K.: Guide to industrial control systems (ics) security. NIST Spec. Publ. 800(82), 16\u201316 (2011)","journal-title":"NIST Spec. Publ."},{"issue":"10","key":"1180_CR63","doi-asserted-by":"publisher","first-page":"2506","DOI":"10.1109\/TIFS.2018.2821095","volume":"13","author":"X Sun","year":"2018","unstructured":"Sun, X., Dai, J., Liu, P., Singhal, A., Yen, J.: Using bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans. Inf. Forensics Secur. 13(10), 2506\u20132521 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"1180_CR64","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101793","volume":"95","author":"CL Tan","year":"2020","unstructured":"Tan, C.L., Chiew, K.L., Yong, K.S., Abdullah, J., Sebastian, Y., et al.: A graph-theoretic approach for the detection of phishing webpages. Computers & Security 95, 101793 (2020)","journal-title":"Computers & Security"},{"key":"1180_CR65","doi-asserted-by":"crossref","unstructured":"Varian, H.: System reliability and free riding. In: Economics of information security, pp. 1\u201315. Springer (2004)","DOI":"10.1007\/1-4020-8090-5_1"},{"key":"1180_CR66","unstructured":"Week, I.: The 10 biggest cyber security attacks of 2020. https:\/\/searchsecurity.techtarget.com\/news\/252494362\/10-of-the-biggest-cyber-attacks (Jan 2021), [Online; accessed 1-October-2022]"},{"issue":"1","key":"1180_CR67","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/s10683-021-09714-x","volume":"25","author":"D Woods","year":"2022","unstructured":"Woods, D., Abdallah, M., Bagchi, S., Sundaram, S., Cason, T.: Network defense and behavioral biases: an experimental study. Exp. Econ. 25(1), 254\u2013286 (2022)","journal-title":"Exp. Econ."},{"key":"1180_CR68","doi-asserted-by":"crossref","unstructured":"Xing, K., Li, A., Jiang, R., Jia, Y.: A review of apt attack detection methods and defense strategies. In: 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC). pp. 67\u201370. IEEE (2020)","DOI":"10.1109\/DSC50466.2020.00018"},{"key":"1180_CR69","doi-asserted-by":"crossref","unstructured":"Yan, G., Lee, R., Kent, A., Wolpert, D.: Towards a bayesian network game framework for evaluating ddos attacks and defense. In: Proceedings of the 2012 ACM conference on Computer and communications security (CCS). pp. 553\u2013566 (2012)","DOI":"10.1145\/2382196.2382255"},{"key":"1180_CR70","doi-asserted-by":"crossref","unstructured":"Yang, L.X., Li, P., Yang, X., Tang, Y.Y.: A risk management approach to defending against the advanced persistent threat. IEEE Trans. Dependable Secure Comput. 17(6), 1163\u20131172 (2018)","DOI":"10.1109\/TDSC.2018.2858786"},{"issue":"6","key":"1180_CR71","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/MNET.2015.7340429","volume":"29","author":"S Yu","year":"2015","unstructured":"Yu, S., Wang, G., Zhou, W.: Modeling malicious activities in cyber space. IEEE Network 29(6), 83\u201387 (2015)","journal-title":"IEEE Network"},{"key":"1180_CR72","doi-asserted-by":"crossref","unstructured":"Zhang, H., Lou, F., Fu, Y., Tian, Z.: A conditional probability computation method for vulnerability exploitation based on cvss. In: Proc. IEEE 2nd International Conference on Data Science and Cyberspace. pp. 238\u2013241 (Jun 2017)","DOI":"10.1109\/DSC.2017.33"},{"key":"1180_CR73","doi-asserted-by":"crossref","unstructured":"Zhang, M., Wang, L., Jajodia, S., Singhal, A., Albanese, M.: Network diversity: a security metric for evaluating the resilience of networks against zero-day attacks. IEEE Trans. Inf. Forensics Secur. 11(5), 1071\u20131086 (2016)","DOI":"10.1109\/TIFS.2016.2516916"},{"key":"1180_CR74","doi-asserted-by":"crossref","unstructured":"Zhang, M., Zheng, Z., Shroff, N.B.: A game theoretic model for defending against stealthy attacks with limited resources. In: International conference on decision and game theory for security. pp. 93\u2013112. Springer (2015)","DOI":"10.1007\/978-3-319-25594-1_6"},{"key":"1180_CR75","doi-asserted-by":"crossref","unstructured":"Zhu, G., Chen, M., Yuan, C., Huang, Y.: Simple and efficient partial graph adversarial attack: A new perspective. IEEE Transactions on Knowledge and Data Engineering (2024)","DOI":"10.1109\/TKDE.2024.3364972"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01180-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01180-3","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01180-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T16:07:57Z","timestamp":1769875677000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01180-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":75,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,2]]}},"alternative-id":["1180"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01180-3","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,8]]},"assertion":[{"value":"13 March 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare full compliance with ethical standards. This paper does not contain any studies involving humans or animals performed by any of the authors. The authors have no conflict of interest as defined by Springer, or other interests that might be perceived to influence the results and\/or discussion reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of Interest"}}],"article-number":"4"}}