Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
On the effectiveness of automatic patching
Proceedings of the 2005 ACM workshop on Rapid malcode
When selfish meets evil: byzantine players in a virus inoculation game
Proceedings of the twenty-fifth annual ACM symposium on Principles of distributed computing
Random Graph Dynamics (Cambridge Series in Statistical and Probabilistic Mathematics)
Random Graph Dynamics (Cambridge Series in Statistical and Probabilistic Mathematics)
Algorithmic Game Theory
Network externalities and the deployment of security features and protocols in the internet
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Efficient control of epidemics over random networks
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
On modeling product advertisement in social networks
ACM SIGMETRICS Performance Evaluation Review
Economics of malware: epidemic risks model, network externalities and incentives
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
Tiered incentives for integrity based queuing
Proceedings of the 2010 Workshop on Economics of Networks, Systems, and Computation
A game-theoretical approach for finding optimal strategies in a botnet defense model
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
How bad are selfish investments in network security?
IEEE/ACM Transactions on Networking (TON)
Diffusion and cascading behavior in random networks
ACM SIGMETRICS Performance Evaluation Review
Aegis: a novel cyber-insurance model
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Modeling internet security investments: tackling topological information uncertainty
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Security adoption in heterogeneous networks: the influence of cyber-insurance market
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
On modeling product advertisement in large-scale online social networks
IEEE/ACM Transactions on Networking (TON)
Game theory meets network security and privacy
ACM Computing Surveys (CSUR)
Diffusion dynamics of network technologies with bounded rational users: aspiration-based learning
IEEE/ACM Transactions on Networking (TON)
Security adoption and influence of cyber-insurance markets in heterogeneous networks
Performance Evaluation
| Hi-index | 0.00 |
Getting agents in the Internet, and in networks in general, to invest in and deploy security features and protocols is a challenge, in particular because of economic reasons arising from the presence of network externalities. Our goal in this paper is to model and investigate the impact of such externalities on security investments in a network. Specifically, we study a network of interconnected agents subject to epidemic risks such as viruses and worms where agents can decide whether or not to invest some amount to deploy security solutions. We consider both cases when the security solutions are strong (they perfectly protect the agents deploying them) and when they are weak. We make three contributions in the paper. First, we introduce a general model which combines an epidemic propagation model with an economic model for agents which captures network effects and externalities. Second, borrowing ideas and techniques used in statistical physics, we introduce a Local Mean Field (LMF) model, which extends the standard mean-field approximation to take into account the correlation structure on local neighborhoods. Third, we solve the LMF model in a network with externalities, and we derive analytic solutions for sparse random graphs of agents, for which we obtain asymptotic results. We find known phenomena such as free riders and tipping points. We also observe counter-intuitive phenomena, such as increasing the quality of the security technology can result in a decreased adoption of that technology in the network. In general, we find that both situations with strong and weak protection exhibit externalities and that the equilibrium is not socially optimal - therefore there is a market failure. Insurance is one mechanism to address this market failure. In related work, we have shown that insurance is a very effective mechanism [3,4], and argue that using insurance would increase the security in a network such as the Internet.