1 / 21

Impact of DoS Attacks on Website Visits: Switching Costs vs Preferences

Explore the lasting impact of DoS attacks on user behavior and the factors influencing future website visits. Learn about switching costs versus changing preferences, their managerial implications, and overall implications on user decisions.

trimmer
Download Presentation

Impact of DoS Attacks on Website Visits: Switching Costs vs Preferences

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Why do denial of service attacks reduce future visits? Switching costs vs. changing preferences Avi Goldfarb University of Toronto June 2, 2005

  2. Denial of Service (DoS) Attacks On February 7, 2000, a hacker named ‘mafiaboy’ shut down the Yahoo website for 3 hours in the first of a wave of DoS attacks. February 8, 2000: Amazon, Buy.com, CNN.com, EBay February 9, 2000: E*Trade, ZDNet Since then, dozens of other cases.

  3. Effect of DoS Attacks • DoS attacks had a lasting impact as well as a short-run impact • I show that these attacks had an impact on user behavior to all websites except E*Trade. • I examine the cause of the lasting impact • Do users like the attacked website less? • Or do users become locked-in to competing websites? • The results help understand the impact of a website shutdown on user behavior. • How costly are DoS attacks in the long run? • Why?

  4. Structure of the Talk • DoS Attacks • Data • The overall effect -identification and magnitude 4. Switching costs vs. changing preferences -identification and results 5. Caveats 6. Managerial implications and conclusions

  5. Denial of Service (DoS) Attacks • Defined as an attack to suspend the availability of a service. • Typically, attackers make websites inaccessible by overloading servers with requests for information (called “Distributed DoS”). • Has happened frequently since February 2000, most notably Microsoft (MSN, Expedia, Carpoint) in January 2001. • Now sometimes used for blackmail (e.g. Gambling websites during the Superbowl)

  6. Immediate Impact

  7. Data • The raw data set (from Plurimus Corp.) consists of every website visited by 2651 households from December 27, 1999 to March 31, 2000. • A total of 3,228,595 observations • An average of 1217 per household • Exact timing of attacks in CNET • Data for Yahoo is especially rich, so I will emphasize the Yahoo results.

  8. General Method • The data provide a natural experiment for testing the effects of exogenous website shutdowns. • There is a Treatment Group that was online during the attack and a Control Group that was not. • The impact is the difference between these groups. • The treatment group is defined by the probability of visiting the attacked website during the attack. • Regressions test whether the treatment group behaved differently after the attack than the control group. • Difference-in-Difference identification

  9. 60 50 DoS Attack 40 Against Yahoo Market Share (%) 30 20 10 0 5th week 4th week 3rd week 2nd week week week after 2nd week 3rd week 4th week 5th week 6th week 7th week before before before before before after after after after after after Yahoo share Rival share all others The Effect on Yahoo’s Share

  10. Magnitude of the Overall Effect

  11. Yahoo-Overall CoefficientsProbit

  12. WHY DO TEMPORARY WEBSITE SHUTDOWNS REDUCE FUTURE VISITS? Switching costs vs. changing preferences

  13. Online Switching Costs • Considerable disagreement about existence of switching costs online • Economics tradition says no—Shapiro & Varian (1999), Gandal (2001), & Porter (2001) say none—the competition is just a click away • Marketing tradition says yes—customers show state dependence in most categories. Johnson, Bellman, & Lohse (2003) label this “cognitive switching costs” in the online context

  14. Identification of switching costs as different from overall opinion • This method identifies (short-run) switching costs that accrue to the website visited instead of the attacked website during the attack. • Switching costs will accrue only to the website visited as an alternative to the attacked website. • i.e. suppose a user tries to visit Yahoo and cannot due to the DoS attack. Instead, the user visits MSN. • If the reduction in Yahoo visits is due to switching costs, only MSN will benefit. Other portals such as Altavista will not. • If the reduction is due to a decreased perception of Yahoo’s quality, then MSN and Altavista will benefit proportionally to the user’s previous preferences

  15. 60 50 DoS Attack 40 Against Yahoo Market Share (%) 30 20 10 0 5th week 4th week 3rd week 2nd week week week after 2nd week 3rd week 4th week 5th week 6th week 7th week before before before before before after after after after after after Yahoo share Rival share all others The Effect on Yahoo’s Share

  16. Magnitudes of Switching Costs and Changing Preferences

  17. Yahoo-Switching Cost CoefficientsProbit

  18. Caveats • I evaluate short-run switching costs to the website visited instead of the attacked website. • This is a distinct concept from long-run switching costs and loyalty that accrue over a long time and involve deep relationships. • There may also be a reduction in switching costs at the attacked website. I do not measure these. • Household-level not individual-level data (should bias effects toward zero). • I do not actually observe a perception of reduced quality. I only observe that the utility measure of the website is lower relative to all other websites in the category. • Each DoS attack lasted less than 4 hours. • I cannot understand the impact of a long-term shutdown

  19. Segmentation (overall effect)Yahoo

  20. Segmentation (switching costs)Yahoo

  21. Conclusions • DoS Attacks Matter. They cost Yahoo millions of visits • (Estimated total cost $338,854) • Both an immediate and a lasting effect • Lasting effect has two causes • Changing preferences • Switching costs • Sources not clear: learning, state dependence, etc.

More Related