22 research outputs found
Coordination in Network Security Games: a Monotone Comparative Statics Approach
Malicious softwares or malwares for short have become a major security
threat. While originating in criminal behavior, their impact are also
influenced by the decisions of legitimate end users. Getting agents in the
Internet, and in networks in general, to invest in and deploy security features
and protocols is a challenge, in particular because of economic reasons arising
from the presence of network externalities.
In this paper, we focus on the question of incentive alignment for agents of
a large network towards a better security. We start with an economic model for
a single agent, that determines the optimal amount to invest in protection. The
model takes into account the vulnerability of the agent to a security breach
and the potential loss if a security breach occurs. We derive conditions on the
quality of the protection to ensure that the optimal amount spent on security
is an increasing function of the agent's vulnerability and potential loss. We
also show that for a large class of risks, only a small fraction of the
expected loss should be invested.
Building on these results, we study a network of interconnected agents
subject to epidemic risks. We derive conditions to ensure that the incentives
of all agents are aligned towards a better security. When agents are strategic,
we show that security investments are always socially inefficient due to the
network externalities. Moreover alignment of incentives typically implies a
coordination problem, leading to an equilibrium with a very high price of
anarchy.Comment: 10 pages, to appear in IEEE JSA
Individual Security and Network Design with Malicious Nodes
Networks are beneficial to those being connected but can also be used as
carriers of contagious hostile attacks. These attacks are often facilitated by
exploiting corrupt network users. To protect against the attacks, users can
resort to costly defense. The decentralized nature of such protection is known
to be inefficient but the inefficiencies can be mitigated by a careful network
design. Is network design still effective when not all users can be trusted? We
propose a model of network design and defense with byzantine nodes to address
this question. We study the optimal defended networks in the case of
centralized defense and, for the case of decentralized defense, we show that
the inefficiencies due to decentralization can be fully mitigated, despite the
presence of the byzantine nodes.Comment: 19 pages, 3 figure
Pricing and Investments in Internet Security: A Cyber-Insurance Perspective
Internet users such as individuals and organizations are subject to different
types of epidemic risks such as worms, viruses, spams, and botnets. To reduce
the probability of risk, an Internet user generally invests in traditional
security mechanisms like anti-virus and anti-spam software, sometimes also
known as self-defense mechanisms. However, such software does not completely
eliminate risk. Recent works have considered the problem of residual risk
elimination by proposing the idea of cyber-insurance. In this regard, an
important research problem is the analysis of optimal user self-defense
investments and cyber-insurance contracts under the Internet environment. In
this paper, we investigate two problems and their relationship: 1) analyzing
optimal self-defense investments in the Internet, under optimal cyber-insurance
coverage, where optimality is an insurer objective and 2) designing optimal
cyber-insurance contracts for Internet users, where a contract is a (premium,
coverage) pair