ABSTRACT
This paper examines a cyber environment involving attackers and telecommunications operators from attackers’ perspective. We incorporate a behavioural approach to understanding attackers’ behaviour during the attack process. Traditionally, security games have been analysed assuming the attackers to be of strictly bounded rationality or strategy-less. Furthermore, studies consider attackers do aim to maximise their expected gain which contradicts the assumption of bounded rationality of attackers. We have analysed security interactions considering attackers as rational entities with attack strategies. To understand the thought process and behavioural decision-making choices of attackers, we utilise a decision analysis model capturing the attack process. Based on our analysis, we propose a framework providing a way to enhance attack strategies against cooperating and non-cooperating (competing) operators. This study is intended to capture essential characteristics of an attacker to comprehensively understand and predict their expected behaviour assisting cybersecurity.
