Insurance and the computer industry
Communications of the ACM
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
Network externalities and the deployment of security features and protocols in the internet
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Security and insurance management in networks with heterogeneous agents
Proceedings of the 9th ACM conference on Electronic commerce
A local mean field analysis of security investments in networks
Proceedings of the 3rd international workshop on Economics of networked systems
Blue versus Red: Towards a Model of Distributed Security Attacks
Financial Cryptography and Data Security
The Complexity of Computing a Nash Equilibrium
SIAM Journal on Computing
Uncertainty in the weakest-link security game
GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
Analyzing Self-Defense Investments in Internet Security under Cyber-Insurance Coverage
ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Uncertainty in interdependent security games
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
How bad are selfish investments in network security?
IEEE/ACM Transactions on Networking (TON)
When information improves information security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Security adoption and influence of cyber-insurance markets in heterogeneous networks
Performance Evaluation
Hi-index | 0.00 |
Modern distributed communication networks like the Internet are characterized by nodes (Internet users) interconnected with one another via communication links. In this regard, the security of individual nodes depend not only on their own efforts, but also on the efforts and underlying connectivity structure of neighboring network nodes. By the term ‘effort', we imply the amount of investments made by a user in security mechanisms like antivirus softwares, firewalls, etc., to improve his security. However, often due to the large magnitude of such networks, it is not always possible for nodes to have complete effort and connectivity structure information about all their neighbor nodes. Added to this is the fact that in many applications, the Internet users are selfish and are not willing to co-operate with other users on sharing effort information. In this paper, we adopt a non-cooperative game-theoretic approach to analyze individual user security in a communication network by accounting for both, the partial information that a network node possess about its underlying neighborhood connectivity structure and security investment of its neighbors, as well as the presence of positive externalities arising from efforts exerted by neighboring nodes. We analyze the strategic interactions between Internet users on their security investments in order to investigate the equilibrium behavior of nodes and show (i) the existence of monotonic symmetric Bayesian Nash equilibria of efforts and (ii) better connected Internet users choose lower efforts to exert but earn higher utilities than less connected peers with respect to security improvement when user utility functions exhibit strategic substitutes, i.e, are submodular. Our results extend previous work with respect to tackling topological information uncertainty, and provide useful insights to Internet users on appropriately (from improving payoffs perspective) investing in security mechanisms under realistic environments of effort and topological information uncertainty, in order to improve system security and welfare. We also discuss the implications of our results on the parameters of risk management techniques like cyber-insurance, and compare the user investment behavior in the incomplete information case with the case when users have increased topological information of their network.