Whack-a-mole: Asymmetric Conflict and Guerrilla Warfare in Web Security

Many malicious and fraudulent endeavors on the web exhibit characteristics of asymmetric conflict and guerrilla warfare. Defenders work continuously to detect and take down malicious websites, while attackers respond by resisting takedowns, evading detection, or creating large numbers of new sites. This is reminiscent of the arcade game of whack-a-mole – the faster the moles pop in and out of the holes, the harder it becomes for the player to hit every one of them. In this work, we present the Colonel Blotto Web Security (CBWS) framework to model the asymmetric conflict and guerrilla warfare in web security. We find that even with a resource asymmetry disadvantage, an attacker can still realize significant utilities, provided that it can exploit an information asymmetry in its favor. In some cases, an attacker can realize a high utility with just a minimal number of websites that go undetected. In other cases, an attacker may realize little if any utility even after creating a large number of websites. The CBWS framework also allows us to model the effects of competition among multiple attackers. We find that competition weakens the effects of information asymmetry, and leads to a degradation of attacker utilities, even as more malicious sites are created.