Abstract. This paper analyzes the threat of distributed attacks by developing a two-sided multiplayer model of security in which attackers aim to deny service and defenders strategize to secure their assets. Attackers benefit from the successful compromise of target systems, however, may suffer penalties for increased attack activity. Defenders weigh the likelihood of an attack against the cost of security. We model security decision-making in established (e.g., weakest-link, best-shot) and novel games (e.g., weakest target), and allow defense expenditures in protection and self-insurance technologies. We find that strategic attackers launch attacks only if defenders do not invest in protective measures. Therefore, the threat of protection can be enough to deter an attacker, but as the number of attackers grows, this equilibrium becomes increasingly unstable.