Modeling Internet Security Investments Tackling Topological Information Uncertainty



Similar documents
Econ 430 Lecture 9: Games on Networks

Individual security and network design

Role of Network Topology in Cybersecurity

Network Security Validation Using Game Theory

Coordination in Network Security Games

Improving Network Security Through Insurance A Tale of Cyber-Insurance Markets

Network Security A Decision and Game-Theoretic Approach

IMPROVING NETWORK SECURITY THROUGH CYBER-INSURANCE. Ranjan Pal

Game Theory: Supermodular Games 1

Will Cyber-Insurance Improve Network Security? A Market Analysis

Moral Hazard. Itay Goldstein. Wharton School, University of Pennsylvania

How To Understand Network Security

Using Insurance to Increase Internet Security

Compact Representations and Approximations for Compuation in Games

ECON 459 Game Theory. Lecture Notes Auctions. Luca Anderlini Spring 2015

Perfect Bayesian Equilibrium

Bargaining Solutions in a Social Network

Voluntary Participation in Cyber-insurance Markets

Exam Introduction Mathematical Finance and Insurance

ECON Game Theory Exam 1 - Answer Key. 4) All exams must be turned in by 1:45 pm. No extensions will be granted.

Voluntary Participation in Cyber-insurance Markets

A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks Lin Chen, Member, IEEE, and Jean Leneutre

A Game Theoretical Framework for Adversarial Learning

Internet Advertising and the Generalized Second Price Auction:

Imperfect monitoring in communication networks

A Graph-Theoretic Network Security Game

Equilibrium computation: Part 1

ON PRICE CAPS UNDER UNCERTAINTY

Application of Game Theory in Inventory Management

Game Theory 1. Introduction

Buyer Search Costs and Endogenous Product Design

On Compulsory Per-Claim Deductibles in Automobile Insurance

National Responses to Transnational Terrorism: Intelligence and Counterterrorism Provision

2. Information Economics

CPC/CPA Hybrid Bidding in a Second Price Auction

Microeconomic Theory Jamison / Kohlberg / Avery Problem Set 4 Solutions Spring (a) LEFT CENTER RIGHT TOP 8, 5 0, 0 6, 3 BOTTOM 0, 0 7, 6 6, 3

On the Efficiency of Competitive Stock Markets Where Traders Have Diverse Information

Oligopoly: How do firms behave when there are only a few competitors? These firms produce all or most of their industry s output.

Computational Learning Theory Spring Semester, 2003/4. Lecture 1: March 2

Computational Game Theory and Clustering

Economic Incentives to Increase Security in the Internet: The Case for Insurance

UCLA. Department of Economics Ph. D. Preliminary Exam Micro-Economic Theory

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

The Max-Distance Network Creation Game on General Host Graphs

1. Write the number of the left-hand item next to the item on the right that corresponds to it.

Bayesian Nash Equilibrium

Online Appendix Feedback Effects, Asymmetric Trading, and the Limits to Arbitrage

Aegis A Novel Cyber-Insurance Model

Cheap Talk : Multiple Senders and Multiple Receivers

Stock Investing Using HUGIN Software

Chapter 7. Sealed-bid Auctions

How To Play A Static Bayesian Game

A Portfolio Model of Insurance Demand. April Kalamazoo, MI East Lansing, MI 48824

Cournot s model of oligopoly

Working Paper Series

Game-Theoretic Analysis of Attack and Defense in Cyber-Physical Network Infrastructures

DATA ANALYSIS II. Matrix Algorithms

Patent Litigation with Endogenous Disputes

Unraveling versus Unraveling: A Memo on Competitive Equilibriums and Trade in Insurance Markets

6.254 : Game Theory with Engineering Applications Lecture 2: Strategic Form Games

6.207/14.15: Networks Lectures 19-21: Incomplete Information: Bayesian Nash Equilibria, Auctions and Introduction to Social Learning

6.254 : Game Theory with Engineering Applications Lecture 1: Introduction

Summary of Doctoral Dissertation: Voluntary Participation Games in Public Good Mechanisms: Coalitional Deviations and Efficiency

SECURE SHARING AND COMMUNICATION. Protection for servers, and collaboration

21. Unverifiable Investment, Hold Up, Options and Ownership

Transcription:

Modeling Internet Security Investments Tackling Topological Information Uncertainty Ranjan Pal Department of Computer Science University of Southern California, USA Joint Work with Pan Hui Deutsch Telekom Laboratories, Berlin, Germany

Introduction (1/2) Traditional Internet was designed under ideal security assumptions only trustworthy users no propagation of malicious elements Today the Internet faces lot of threats denial of service attacks worms, viruses, spams, etc. Traditional security mechanisms to mitigate risks antivirus and anti-spam softwares by Symantec, Kaspersky, etc. firewalls

Introduction (2/2) Security strength of Internet user dependent on the security strength of other users Security strength impacted by individual self-defense mechanisms anti-virus and anti-spam software firewalls Important decision variables for users in making their investments amount of security investments of other users in the network knowledge of underlying connectivity structure

Motivation Our Problem How could users optimally invest in security investments in an uncertain network environment?? Optimal user investments drive optimal network security free riding leads to suboptimal network security [Walrand et.al, 10] It is however not possible/feasible to obtain perfect information regarding security investments or topology due to the large size of the Internet interdependent and correlated risk structure Internet users are selfish and would not be inclined to share investment information

Contributions Study security investment games under conditions of uncertainty in topological information and user investment amounts positive externalities due to other user security investments Model optimal security investment problem as a Bayesian game of incomplete information study existence and properties related to the Nash equilibria of our game study and compare optimal user strategies and their respective payoffs amongst various types of users (based on user degrees) study implications of equilibria on free-riding behavior and cyber-insurance compare equilibrium behavior with the same when more information is available

Network Model (1/4) Network Structure n network users forming a graph G = (V, E) v ij is edge weight and equals 1 if utility of user i is affected by security investment of user j, 0 otherwise N i (v) ={j v ij =1} denotes all one-hop neighbors of i N k i (v) =N k 1 i (v) ( j ɛ N k 1 i (v) N j(v)) expression for k-hop neighbors degree of a node i equals d i = N i (v)

Network Model (2/4) User strategies and payoffs assume that strategy set is compact and in interval [0,1] utility function of each user equals U i = U i (x i, x Ni (v)) utility function exhibits positive externalities x x,u i (x i, x ) U i (x i, x ) utility function exhibits strategic substitutes U i (x i, x ) U i (x i, x ) U i (x i, x ) U i (x i, x ) Intuition behind a strategic substitute decreases marginal utility of user if neighbors invest de-incentivizes user from investing in security

Network Model (3/4) Specific Game types [Varian 2004)] Sum of Investments game U i (x 1,..., x di )=f x i + λ d i x j c(x i ) f non-decreasing, c increasing, λ j=1 degree of positive externality example application - P2P networks Best-Shot game ( a special case of sum of investments game) user security strength depends on investments made by strongest neighbor example applications - censorship resistant networks, Internet backbone networks U i (x i, ( x,0)) = U i (x i, x ), (x i, x ) ɛ [0, 1] d i+1

Network Model (4/4) Information Structure each user knows only his own degree d i as perfect information Internet user degrees are correlated [Newman, 02] user needs to account for neighbor degree information for making better investments user knows P ( d Ni (v) d i ) with ex-ante symmetrical beliefs and common priors family of distributions based on own degree C {[P ( d d)] d ɛ N d} d ɛ N conditional distribution concerning neighbor degrees vary with a user s own degree - thus need to find correlation between different random variables of different dimension use concept of affiliation in statistics (positive and negative ) [Esary et.al, 67] Affiliation is used to track correlation patterns of groups of random variables with different dimensions

Game Definition (1/2) Symmetric Bayesian Game of Incomplete Information n users type space - user knowledge on potential degrees of neighboring players strategy set S - the set of all possible investments expected utility of user EU i (x i, γ,d i )= Bayesian Nash equilibria is a strategy vector that maximizes the expected utility of each player in the network Main goal of our work x Ni (v) ɛ S d i study existence, uniqueness, and monotonicity of Nash equilibria relate network structure and user utility to Nash equilibria U i (x i,x Ni (v))dρ i ( γ,d i ) relate user strategies (security investments) to their degrees

Game Definition (2/2) Specific properties of expected utility functions as applicable to our game degree substitutability EU i (x i, γ,d i ) EU i (x i, γ,d i ) EU i (x i, γ,d i) EU i (x i, γ,d i) if high strategy is less attractive for a player of certain degree, it is true for all other players of higher degree when strategy played by others is non-increasing Rule - when user utility functions exhibit strategic substitutes and C exhibits negative affiliation, degree substitutability arises [Jackson et.al, 06] Sum of investments and best-shot games exhibit degree substitutability payoff functions in these games exhibit strategic substitutes Internet networks at user level are most likely to exhibit a negatively affiliated C [Yet to be proved] Internet networks at router level show negative affiliation - [Newman, 02]

Results (1/4) Lemma 1. There exists a symmetric equilibrium when utility functions exhibit strategic substitutes and user strategies are non-increasing Implications investments monotonically decrease with degree for at least one NE lower user investments on being well connected - may lead to free riding cyber-insurance could incentivize such users to invest more pay more premiums or invest more [ under mandatory insurance] for non-monotone equilibria (not possible in best-shot games [Jackson et.al 06]) might prove good for overall network security users may invest more with higher degrees - pays lesser premiums

Results (2/4) So monotone decreasing equilibrium is a nice property to have to promote cyber-insurance markets!!! Lemma 2. Given a best-shot game and the fact that degrees of neighboring nodes are independent, strategic substitutes of user utility functions result in every symmetric equilibrium of the Bayesian game being monotone decreasing Implications under degree independence (ex., as in Erdos-Renyi graphs) all equilibria monotone decreasing great news for cyber-insurers, provided insurance made mandatory and market exists Internet though does not follow ER structure

Results (3/4) Lemma 3. Given a best-shot game, if C is negatively affiliated and user utility functions exhibit strategic substitutes, in every monotonically decreasing symmetric equilibrium, the expected utilities of players are non-decreasing in degree Implications provides relation between network degree and equilibrium payoffs players with more neighbors exert lesser efforts and earn higher payoffs compared to less connected peers as implications related to cyber-insurance follows as per Lemmas 1 and 2

Results (4/4) Equilibrium behavior under increasing information for ease of exposition assume stochastic independence of user degrees Lemma 4. Given a best-shot game, if user utility functions exhibit strategic substitutes, and neighbor degrees are stochastically independent, Bayesian game has at least one symmetric equilibrium that is monotone decreasing Implications even for a best-shot game all equilibria may not be monotone Lemma 1 implications follow in this case computing equilibria is PPAD-complete [Daskalakis et.al. 08] so for multiple equilibria clients may go for a contract which might overprice them, leading to market failure - true for all cases of multiple equilibria in Results 1, 2

Conclusion Proposed a security investment model for the Internet accounting for positive externality of other investments uncertainty in network topology information Modeled problem as Bayesian game of incomplete information Studied Nash equilibria, its existence, uniqueness, monotonicity, and implementability Showed that better connected network users might have freedom to invest less and gain more in payoff compared to not-so-well connected nodes Studied implications of equilibrium behavior on free riding and cyberinsurance Showed that increasing information may not be helpful in practice

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information