Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Proceedings of the 2003 ACM workshop on Rapid malcode
Inoculation strategies for victims of viruses and the sum-of-squares partition problem
Journal of Computer and System Sciences
Network externalities and the deployment of security features and protocols in the internet
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Security Decision-Making among Interdependent Organizations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
A local mean field analysis of security investments in networks
Proceedings of the 3rd international workshop on Economics of networked systems
Efficiency of selfish investments in network security
Proceedings of the 3rd international workshop on Economics of networked systems
Security interdependencies for networked control systems with identical agents
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Security of interdependent and identical networked control systems
Automatica (Journal of IFAC)
Diffusion dynamics of network technologies with bounded rational users: aspiration-based learning
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Malicious softwares or malwares for short have become a major security threat. While originating in criminal behavior, their impact are also influenced by the decisions of legitimate end users. Getting agents in the Internet, and in networks in general, to invest in and deploy security features and protocols is a challenge, in particular because of economic reasons arising from the presence of network externalities. Our goal in this paper is to model and quantify the impact of such externalities on the investment in security features in a network. We study a network of interconnected agents, which are subject to epidemic risks such as those caused by propagating viruses and worms. Each agent can decide whether or not to invest some amount to self-protect and deploy security solutions which decreases the probability of contagion. Borrowing ideas from random graphs theory, we solve explicitly this 'micro'- model and compute the fulfilled expectations equilibria. We are able to compute the network externalities as a function of the parameters of the epidemic. We show that the network externalities have a public part and a private one. As a result of this separation, some counter-intuitive phenomena can occur: there are situations where the incentive to invest in self-protection decreases as the fraction of the population investing in self-protection increases. In a situation where the protection is strong and ensures that the protected agent cannot be harmed by the decision of others, we show that the situation is similar to a free-rider problem. In a situation where the protection is weaker, then we show that the network can exhibit critical mass. We also look at interaction with the security supplier. In the case where security is provided by a monopolist, we show that the monopolist is taking advantage of these positive network externalities by providing a low quality protection.