When Hackers Err: The Impacts of False Positives on Information Security Games Academic Article uri icon


  • False positive rates and their impacts have been a focal point for information security research. However, most of this research investigates false positives exclusively from the system defenders perspective, while in reality an attacker also faces the classification decision in identifying feasible targets and the consequences of false positive rates. In this paper, we present the first comprehensive analytical model that incorporates the false positives from both the perspective of the attacker and that of the system defender. Our results show that such false positives from the attackers perspective have a significant impact on the attackers decision making for an attack, as well as the optimal protection strategy for the defender. Our results help to shed new light on a wide range of diverse information security phenomena such as spam emails, the Nigerian scams, and the design of the honeypot as a security mechanism. In addition, we show how an attackers misestimation of a certain parameter would affect the defenders strategy and how the heterogeneity of the systems impacts the defenders strategy to manipulate the attackers possible misestimation.

published proceedings

  • Decision Analysis

author list (cited authors)

  • Mai, B., & Kulkarni, S.

citation count

  • 3

complete list of authors

  • Mai, Bin||Kulkarni, Shailesh

publication date

  • January 2018