Endorsements, licensing, and insurance for distributed system services
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
On power-law relationships of the Internet topology
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Algorithmic Game Theory
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
Network externalities and the deployment of security features and protocols in the internet
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A local mean field analysis of security investments in networks
Proceedings of the 3rd international workshop on Economics of networked systems
Efficiency of selfish investments in network security
Proceedings of the 3rd international workshop on Economics of networked systems
Dynamical Processes on Complex Networks
Dynamical Processes on Complex Networks
Networks, Crowds, and Markets: Reasoning About a Highly Connected World
Networks, Crowds, and Markets: Reasoning About a Highly Connected World
Networks: An Introduction
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Uncertainty in interdependent security games
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Investigating the effect of node heterogeneity and network externality on security adoption
ACM SIGMETRICS Performance Evaluation Review
When information improves information security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Aegis: a novel cyber-insurance model
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Modeling internet security investments: tackling topological information uncertainty
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Security adoption in heterogeneous networks: the influence of cyber-insurance market
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
Hi-index | 0.00 |
Hosts (or nodes) in the Internet often face epidemic risks such as virus and worm attack. Despite the awareness of these risks and the importance of network/system security, investment in security protection is still scare, and hence epidemic risk is still prevalent. Deciding whether to invest in security protection is an interdependent process: security investment decision made by one node can affect the security risk of others, and therefore affect their decisions also. The first contribution of this paper is to provide a fundamental understanding on how ''network externality'' with ''node heterogeneity'' may affect security adoption. Nodes make decisions on security investment by evaluating the epidemic risk and the expected loss. We characterize it as a Bayesian network game in which nodes only have the local information, e.g., the number of neighbors, and minimum common information, e.g., degree distribution of the network. Our second goal is to study a new form of risk management, called cyber-insurance. We investigate how the presence of a competitive insurance market can affect the security adoption and show that if the insurance provider can observe the protection level of nodes, the insurance market is a positive incentive for security adoption if the protection quality is not very high. We also find that cyber-insurance is more likely to be a good incentive for nodes with higher degree. Conversely, if the insurance provider cannot observe the protection level of nodes, we verify that partial insurance can be a non-negative incentive, improving node's utility though not being an incentive.