Abstract for: Refinement of Supply and Demand Model for Vulnerability Black Market

Vulnerability black markets (VBMs) are sites for trading malicious tools targeting software vulnerabilities. VBMs enable different actors to access malware and use them to attack vulnerable computers. This article presents an economic rationale for the existence and continuity of VBMs. It is assumed that buyers and sellers’ decision to trade in the black markets depend upon their perceived costs and benefits. As long as the expected utilities of engaging in the black markets are higher than the costs, buyers and sellers will continuously trade in VBMs. A system dynamics (SD) model is developed to capture such problem. Concepts from market-for-crimes theories are adopted into the model, since they provide a useful perspective for explaining criminal behavior such as in VBM. Two scenarios are developed for simulating and testing different policies: to limit the opportunities for illicit involvement in VBMs and to introduce stricter law enforcement for discouraging participants from engaging in black market. The simulations show that unless the disruptions toward VBM forums are strong enough, sporadic market closures are followed by re-opening. . Stricter law enforcement may be effective to cause the participants discontinuing their activities if the punishment increases the financial or psychic price of involvement in the VBMs.