Coordination in Network Security Games: a Monotone Comparative Statics Approach

Malicious softwares or malwares for short have become a major security threat. While originating in criminal behavior, their impact are also influenced by the decisions of legitimate end users. Getting agents in the Internet, and in networks in general, to invest in and deploy security features and protocols is a challenge, in particular because of economic reasons arising from the presence of network externalities. In this paper, we focus on the question of incentive alignment for agents of a large network towards a better security. We start with an economic model for a single agent, that determines the optimal amount to invest in protection. The model takes into account the vulnerability of the agent to a security breach and the potential loss if a security breach occurs. We derive conditions on the quality of the protection to ensure that the optimal amount spent on security is an increasing function of the agent's vulnerability and potential loss. We also show that for a large class of risks, only a small fraction of the expected loss should be invested. Building on these results, we study a network of interconnected agents subject to epidemic risks. We derive conditions to ensure that the incentives of all agents are aligned towards a better security. When agents are strategic, we show that security investments are always socially inefficient due to the network externalities. Moreover alignment of incentives typically implies a coordination problem, leading to an equilibrium with a very high price of anarchy.Comment: 10 pages, to appear in IEEE JSA

Analyzing the Flow of Information from Initial Publishing to Wikipedia

This thesis covers my efforts at researching the factors that lead to a research paper being cited by Wikipedia. Wikipedia is one of the most popular websites on the internet for quickly learning about a specific topic. It achieved this by being able to back up its claims with cited sources, many of which are research papers. I wanted to see exactly how those papers were found by Wikipedia’s editors when they write the articles. To do this, I gathered thousands of computer science research papers from arXiv.org, as well as a selection of papers that were cited by Wikipedia, so that I could examine those papers and see what made them visible and attractive to the Wikipedia editors. After I gathered the information on how and when these papers are cited, I ran a series of tests on them to learn as much as I could about what causes a paper to be cited by Wikipedia. I discovered that papers that are cited by Wikipedia tend to be more popular than papers which are not cited by Wikipedia even before they are cited but getting cited by Wikipedia can result in a boost in popularity. Wikipedia editors also tend to choose papers that either showcase a creation of the author(s) or give a general overview on a topic. I also discovered one paper that was likely added to Wikipedia by the author in an attempt at increased visibility

Topics in random graphs, combinatorial optimization, and statistical inference

The manuscript is made of three chapters presenting three differenttopics on which I worked with Ph.D. students. Each chapter can be read independently of the others andshould be relatively self-contained. Chapter 1 is a gentle introduction to the theory of random graphswith an emphasis on contagions on such networks. In Chapter 2, I explain the main ideas of the objectivemethod developed by Aldous and Steele applied to the spectral measure of random graphs and themonomer-dimer problem. This topic is dear to me and I hope that this chapter will convince the readerthat it is an exciting field of research. Chapter 3 deals with problems in high-dimensional statistics whichnow occupy a large proportion of my time. Unlike Chapters 1 and 2 which could be easily extended inlecture notes, I felt that the material in Chapter 3 was not ready for such a treatment. This field ofresearch is currently very active and I decided to present two of my recent contributions

A Comprehensive Insight into Game Theory in relevance to Cyber Security

The progressively ubiquitous connectivity in the present information systems pose newer challenges tosecurity. The conventional security mechanisms have come a long way in securing the well-definedobjectives of confidentiality, integrity, authenticity and availability. Nevertheless, with the growth in thesystem complexities and attack sophistication, providing security via traditional means can beunaffordable. A novel theoretical perspective and an innovative approach are thus required forunderstanding security from decision-making and strategic viewpoint. One of the analytical tools whichmay assist the researchers in designing security protocols for computer networks is game theory. Thegame-theoretic concept finds extensive applications in security at different levels, including thecyberspace and is generally categorized under security games. It can be utilized as a robust mathematicaltool for modelling and analyzing contemporary security issues. Game theory offers a natural frameworkfor capturing the defensive as well as adversarial interactions between the defenders and the attackers.Furthermore, defenders can attain a deep understanding of the potential attack threats and the strategiesof attackers by equilibrium evaluation of the security games. In this paper, the concept of game theoryhas been presented, followed by game-theoretic applications in cybersecurity including cryptography.Different types of games, particularly those focused on securing the cyberspace, have been analysed andvaried game-theoretic methodologies including mechanism design theories have been outlined foroffering a modern foundation of the science of cybersecurity

Expanding the Gordon-Loeb Model to Cyber-Insurance

We present an economic model for decisions on competing cyber-security and cyber-insurance investment based on the Gordon-Loeb model for investment in information security. We consider a one-period scenario in which a firm may invest in information security measures to reduce the probability of a breach, in cyber-insurance or in a combination of both. The optimal combination of investment and insurance under the assumptions of the Gordon-Loeb model is investigated via consideration of the costs and benefits of investment in security alongside purchasing insurance at an independent premium rate. Under both exponential (constant absolute risk aversion) and logarithmic (constant relative risk aversion) utility functions it is found that when the insurance premium is below a certain value, utility is maximised with insurance and security investment. These results suggest that cyber-insurance is a worthwhile undertaking provided it is not overly costly. We believe this model to be the first attempt to integrate the Gordon-Loeb model into a classical microeconomic analysis of insurance, particularly using the Gordon-Loeb security breach functions to determine the probability of an insurance claim. The model follows the tradition of the Gordon-Loeb model in being accessible to practitioners and decision makers in information security

Measuring the performance of investments in information security startups: An empirical analysis by cybersecurity sectors using Crunchbase data

Early-stage firms play a significant role in driving innovation and creating new products and services, especially for cybersecurity. Therefore, evaluating their performance is crucial for investors and policymakers. This work presents a financial evaluation of early-stage firms' performance in 19 cybersecurity sectors using a private-equity dataset from 2010 to 2022 retrieved from Crunchbase. We observe firms, their primary and secondary activities, funding rounds, and pre and post-money valuations. We compare cybersecurity sectors regarding the amount raised over funding rounds and post-money valuations while inferring missing observations. We observe significant investor interest variations across categories, periods, and locations. In particular, we find the average capital raised (valuations) to range from USD 7.24 mln (USD 32.39 mln) for spam filtering to USD 45.46 mln (USD 447.22 mln) for the private cloud sector. Next, we assume a log process for returns computed from post-money valuations and estimate the expected returns, systematic and specific risks, and risk-adjusted returns of investments in early-stage firms belonging to cybersecurity sectors. Again, we observe substantial performance variations with annualized expected returns ranging from 9.72\% for privacy to 177.27\% for the blockchain sector. Finally, we show that overall, the cybersecurity industry performance is on par with previous results found in private equity. Our results shed light on the performance of cybersecurity investments and, thus, on investors' expectations about cybersecurity.Comment: This document results from a research project funded by the Cyber-Defence Campus, armasuisse Science and Technology. We appreciate helpful comments from seminar participants at the Cyber Alp Retreat 2022 and WEIS 202

Managing the Adoption of Asymmetric Bidirectional Firewalls: Seeding and

Abstract-The security of the Internet can be significantly improved if Internet Service Providers adopt firewalls to monitor traffic entering and leaving access networks. But this process suffers due to 'free-riding', and hence, regulatory requirements and 'seeding' strategies are required to influence the adoption process. In this paper, we analytically derive the equilibrium adoption levels and relate them to the initial seeding and mandating condition, and explore the issues of incentive alignment across users, firewall developers, and regulators. We define different notions of optimality and analytically develop optimum seeding and mandating policies

Informed Trading and Cybersecurity Breaches

Cybersecurity has become a significant concern in corporate and commercial settings, and for good reason: a threatened or realized cybersecurity breach can materially affect firm value for capital investors. This paper explores whether market arbitrageurs appear systematically to exploit advance knowledge of such vulnerabilities. We make use of a novel data set tracking cybersecurity breach announcements among public companies to study trading patterns in the derivatives market preceding the announcement of a breach. Using a matched sample of unaffected control firms, we find significant trading abnormalities for hacked targets, measured in terms of both open interest and volume. Our results are robust to several alternative matching techniques, as well as to both cross-sectional and longitudinal identification strategies. All told, our findings appear strongly consistent with the proposition that arbitrageurs can and do obtain early notice of impending breach disclosures, and that they are able to profit from such information. Normatively, we argue that the efficiency implications of cybersecurity trading are distinct – and generally more concerning – than those posed by garden-variety information trading within securities markets. Notwithstanding these idiosyncratic concerns, however, both securities fraud and computer fraud in their current form appear poorly adapted to address such concerns, and both would require nontrivial re-imagining to meet the challenge (even approximately)