Results 11  20
of
65
How Bad are Selfish Investments in Network Security?
"... Internet security does not only depend on the securityrelated investments of individual users, but also on how these users affect each other. In a noncooperative environment, each user chooses a level of investment to minimize his own security risk plus the cost of investment. Not surprisingly, t ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Internet security does not only depend on the securityrelated investments of individual users, but also on how these users affect each other. In a noncooperative environment, each user chooses a level of investment to minimize his own security risk plus the cost of investment. Not surprisingly, this selfish behavior often results in undesirable security degradation of the overall system. In this paper, (1) we first characterize the price of anarchy (POA) of network security under two models: an “Effectiveinvestment ” model, and a “Badtraffic ” model. We give insight on how the POA depends on the network topology, individual users ’ cost functions, and their mutual influence. We also introduce the concept of “weighted POA ” to bound the region of all feasible payoffs. (2) In a repeated game, on the other hand, users have more incentive to cooperate for their long term interests. We consider the socially best outcome that can be supported by the repeated game, and give a ratio between this outcome and the social optimum. (3) Next, we compare the benefits of improving security technology or improving incentives, and show that improving technology alone may not offset the efficiency loss due to the lack of incentives. (4) Finally, we characterize the performance of correlated equilibrium (CE) in the security game. Although the paper focuses on Internet security, many results are generally applicable to games with positive externalities.
A Survey of Interdependent Security Games
, 2012
"... Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the securityrelated decisions of other connected systems. ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
(Show Context)
Interdependence of information systems is a fundamental property that shapes the problems in information security. The risks faced by system operators and users is not only determined by their own security posture, but is heavily affected by the securityrelated decisions of other connected systems. Therefore, defending networked systems relies on the correlated action of the system operators or users. In this survey, we summarize gametheoretic interdependence models, characterize the emerging security inefficiencies and present solution methods. Our goal is to distill the main insights from the stateoftheart and to identify the areas that need more attention from the research community. 1
The Power of the Defender
, 2005
"... We consider a security problem on a distributed network. We assume a network whose nodes are vulnerable to infection by threats (e.g. viruses), the attackers. A system security software, the defender, is available in the system. However, due to the network’s size, economic and performance reasons, ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
(Show Context)
We consider a security problem on a distributed network. We assume a network whose nodes are vulnerable to infection by threats (e.g. viruses), the attackers. A system security software, the defender, is available in the system. However, due to the network’s size, economic and performance reasons, it is capable to provide safety, i.e. clean nodes from the possible presence of attackers, only to a limited part of it. The objective of the defender is to place itself in such a way as to maximize the number of attackers caught, while each attacker aims not to be caught. In [7], a basic case of this problem was modeled as a noncooperative game, called the Edge model. There, the defender could protect a single link of the network. Here, we consider a more general case of the problem where the defender is able to scan and protect a set of k links of the network, which we call the Tuple model. It is natural to expect that this increased power of the defender should result in a better quality of protection for the network. Ideally, this would be achieved at little expense on the existence and complexity of Nash equilibria (profiles where no entity can improve its local objective unilaterally by switching placements on the network). In this paper we study pure and mixed Nash equilibria in the model. In particular, we propose algorithms for computing such equilibria in polynomial time and we provide a polynomialtime transformation of a special class of Nash equilibria, called matching equilibria, between the Edge model and the Tuple model, and vice versa. Finally, we establish that the increased power of the defender results in higherquality protection of the network.
Selfish response to epidemic propagation
, 2011
"... An epidemic that spreads in a network calls for a decision on the part of the network users. They have to decide whether to protect themselves or not. Their decision depends on the tradeoff between the perceived infection and the protection cost. Aiming to help users reach an informed decision, sec ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
An epidemic that spreads in a network calls for a decision on the part of the network users. They have to decide whether to protect themselves or not. Their decision depends on the tradeoff between the perceived infection and the protection cost. Aiming to help users reach an informed decision, security advisories provide periodic information about the infection level in the network. We study the bestresponse dynamic in a network whose users repeatedly activate or deactivate security, depending on what they learn about the infection level. Our main result is the counterintuitive fact that the equilibrium level of infection increases as the users ’ learning rate increases. The same is true when the users follow smooth bestresponse dynamics, or any other continuous response function that implies higher probability of protection when learning a higher level of infection. In both cases, we characterize the stability and the domains of attraction of the equilibrium points. Our finding also holds when the epidemic propagation is simulated on human contact traces, both when all users are of the same bestresponse behavior type and when they are of two distinct behavior types. 1
Existence Theorems and Approximation Algorithms for Generalized Network Security Games
"... Abstract—Aspnes et al [2] introduced an innovative game for modeling the containment of the spread of viruses and worms (security breaches) in a network. In this model, nodes choose to install antivirus software or not on an individual basis while the viruses or worms start from a node chosen unifo ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Aspnes et al [2] introduced an innovative game for modeling the containment of the spread of viruses and worms (security breaches) in a network. In this model, nodes choose to install antivirus software or not on an individual basis while the viruses or worms start from a node chosen uniformly at random and spread along paths consisting of insecure nodes. They showed the surprising result that a pure Nash Equilibrium always exists when all nodes have identical installation costs and identical infection costs. In this paper we present a substantial generalization of the model of [2] that allows for arbitrary security and infection costs, and arbitrary distributions for the starting point of the attack. More significantly, our model GNS(d) incorporates a network locality parameter d which represents a hoplimit on the spread of infection as accounted for in the strategic decisions, due to either
Estimating systematic risk in realworld networks
 In FC
, 2014
"... Abstract. Social, technical and business connections can all give rise to security risks. These risks can be substantial when individual compromises occur in combinations, and difficult to predict when some connections are not easily observed. A significant and relevant challenge is to predict the ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Social, technical and business connections can all give rise to security risks. These risks can be substantial when individual compromises occur in combinations, and difficult to predict when some connections are not easily observed. A significant and relevant challenge is to predict these risks using only locallyderivable information. We illustrate by example that this challenge can be met if some general topological features of the connection network are known. By simulating an attack propagation on two large realworld networks, we identify structural regularities in the resulting loss distributions, from which we can relate various measures of a network’s risks to its topology. While deriving these formulae requires knowing or approximating the connective structure of the network, applying them requires only locallyderivable information. On the theoretical side, we show that our riskestimating methodology gives good approximations on randomlygenerated scalefree networks with parameters approximating those in our study. Since many realworld networks are formed through preferential attachment mechanisms that yield similar scalefree topologies, we expect this methodology to have a wider range of applications to risk management whenever a large number of connections is involved.
A network game with attackers and a defender
 Algorithmica
"... Consider an information network with threats called attackers; each attacker uses a probability distribution to choose a node of the network to damage. Opponent to the attackers is a protector entity called defender; the defender scans and cleans from attacks some part of the network (in particular, ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Consider an information network with threats called attackers; each attacker uses a probability distribution to choose a node of the network to damage. Opponent to the attackers is a protector entity called defender; the defender scans and cleans from attacks some part of the network (in particular, a link), which it chooses independently using its own probability distribution. Each attacker wishes to maximize the probability of escaping its cleaning by the defender; towards a conflicting objective, the defender aims at maximizing the expected number of attackers it catches. We model this network security scenario as a noncooperative strategic game on graphs. We are interested in its associated Nash equilibria, where no network entity can unilaterally increase its local objective. We obtain the following results: • We obtain an algebraic characterization of (mixed) Nash equilibria. • No (nontrivial) instance of the graphtheoretic game has a pure Nash equilibrium. This is an immediate consequence of some covering properties we prove for the supports of the players in all (mixed) Nash equilibria.
Approximation Algorithms for the Firefighter Problem: Cuts over Time and Submodularity
"... Abstract. We provide approximation algorithms for several variants of the Firefighter problem on general graphs. The Firefighter problem models the case where an infection or another diffusive process (such as an idea, a computer virus, or a fire) is spreading through a network, and our goal is to s ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We provide approximation algorithms for several variants of the Firefighter problem on general graphs. The Firefighter problem models the case where an infection or another diffusive process (such as an idea, a computer virus, or a fire) is spreading through a network, and our goal is to stop this infection by using targeted vaccinations. Specifically, we are allowed to vaccinate at most B nodes per timestep (for some budget B), with the goal of minimizing the effect of the infection. The difficulty of this problem comes from its temporal component, since we must choose nodes to vaccinate at every timestep while the infection is spreading through the network, leading to notions of “cuts over time”. We consider two versions of the Firefighter problem: a “nonspreading” model, where vaccinating a node means only that this node cannot be infected; and a “spreading ” model where the vaccination itself is an infectious process, such as in the case where the infection is a harmful idea, and the vaccine to it is another infectious idea. We give complexity and approximation results for problems on both models. 1
The complexity of estimating systematic risk in networks
 In: Proceedings of the 27th IEEE Computer Security Foundations Symposium (CSF
, 2014
"... Abstract—This risk of catastrophe from an attack is a consequence of a network’s structure formed by the connected individuals, businesses and computer systems. Understanding the likelihood of extreme events, or, more generally, the probability distribution of the number of compromised nodes is an ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
Abstract—This risk of catastrophe from an attack is a consequence of a network’s structure formed by the connected individuals, businesses and computer systems. Understanding the likelihood of extreme events, or, more generally, the probability distribution of the number of compromised nodes is an essential requirement to provide riskmitigation or cyberinsurance. However, previous network security research has not considered features of these distributions beyond their first central moments, while previous cyberinsurance research has not considered the effect of topologies on the supply side. We provide a mathematical basis for bridging this gap: we study the complexity of computing these lossnumber distributions, both generally and for special cases of common realworld networks. In the case of scalefree networks, we demonstrate that expected loss alone cannot determine the riskiness of a network, and that this riskiness cannot be naively estimated from smaller samples, which highlights the lack/importance of topological data in security incident reporting. I.
The Price of Malice: A GameTheoretic Framework for Malicious Behavior in Distributed Systems
, 2010
"... In recent years, game theory has provided insights into the behavior of distributed systems by modeling the players as utilitymaximizing agents. In particular, it has been shown that selfishness causes many systems to perform in a globally suboptimal fashion. Such systems are said to have a large p ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
In recent years, game theory has provided insights into the behavior of distributed systems by modeling the players as utilitymaximizing agents. In particular, it has been shown that selfishness causes many systems to perform in a globally suboptimal fashion. Such systems are said to have a large price of anarchy. In this article, we extend this field of research by allowing some players to be malicious rather than selfish. What, we ask, is the impact of malicious players on the system consisting of otherwise selfish players? In particular, we introduce the price of malice as a measure that captures how much the system’s efficiency degrades in the presence of malicious players, compared to a purely selfish environment. As a specific example, we analyze the price of malice of a game that models the containment of the spread of viruses. In this game, each player or node can choose whether to install antivirus software. Then, a virus starts from a random node and recursively infects all neighboring nodes that are not inoculated. We establish various results about this game. For instance, we quantify how much the presence of malicious players can deteriorate or—in case of highly riskaverse selfish players—improve the social welfare of the distributed system.