Uncertainty in interdependent security games

Authors:
Benjamin Johnson;Jens Grossklags;Nicolas Christin;John Chuang
Affiliations:
CyLab, Carnegie Mellon University;Center for Information Technology Policy, Princeton University;CyLab, Carnegie Mellon University;School of Information, UC Berkeley
Venue:
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Year:
2010

Citing 14
Cited 3

The economic cost of publicly announced information security breaches: empirical evidence from the stock market

Journal of Computer Security - IFIP 2000
The Economic Incentives for Sharing Security Information

Information Systems Research
A Bayesian game approach for intrusion detection in wireless ad hoc networks

GameNets '06 Proceeding from the 2006 workshop on Game theory for communications and networks
An inquiry into the nature and causes of the wealth of internet miscreants

Proceedings of the 14th ACM conference on Computer and communications security
Secure or insure?: a game-theoretic analysis of information security games

Proceedings of the 17th international conference on World Wide Web
Security Decision-Making among Interdependent Organizations

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Security and insurance management in networks with heterogeneous agents

Proceedings of the 9th ACM conference on Electronic commerce
Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games

Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems - Volume 2
An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price

IEEE Transactions on Software Engineering
Detecting network-wide and router-specific misconfigurations through data mining

IEEE/ACM Transactions on Networking (TON)
Blue versus Red: Towards a Model of Distributed Security Attacks

Financial Cryptography and Data Security
On non-cooperative location privacy: a game-theoretic analysis

Proceedings of the 16th ACM conference on Computer and communications security
Uncertainty in the weakest-link security game

GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
When information improves information security

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security

Modeling internet security investments: tackling topological information uncertainty

GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Computational Aspects of Uncertainty Profiles and Angel-Daemon Games

Theory of Computing Systems
Security adoption and influence of cyber-insurance markets in heterogeneous networks

Performance Evaluation

Quantified Score

Hi-index	0.00

Visualization

Abstract

Even the most well-motivated models of information security have application limitations due to the inherent uncertainties involving risk. This paper exemplifies a formal mechanism for resolving this kind of uncertainty in interdependent security (IDS) scenarios. We focus on a single IDS model involving a computer network, and adapt the model to capture a notion that players have only a very rough idea of security threats and underlying structural ramifications. We formally resolve uncertainty by means of a probability distribution on risk parameters that is common knowledge to all players. To illustrate how this approach might yield fruitful applications, we postulate a well-motivated distribution, compute Bayesian Nash equilibria and tipping conditions for the derived model, and compare these with the analogous conditions for the original IDS model.