• Tidak ada hasil yang ditemukan

23 A Survey of Interdependent Information Security Games

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2023

Membagikan "23 A Survey of Interdependent Information Security Games"

Copied!
38
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 38 Halaman )

Teks penuh

Depending on the nature of the spillover, we can refer to positive or negative externalities. The detrimental effect of misaligned incentives in the case of a monopoly provider is particularly evident in the security context. A very important element of this central model, the actor interdependence model, will be discussed separately in Section 4 due to its complexity.

2008] and in all the games based on the inoculation interdependence model.6 For example, continuous investments are assumed in Varian [2004], Jiang et al. The exact form of the risk function is determined by the model of interdependence between the players.

Table I. Notations Used in the Article
Table I. Notations Used in the Article

Other Models Focusing on Positive Externalities

In the weakest link (also called perimeter defense) model, the level of security is determined by the smallest security investment. In the best shot model, the level of security is determined by the largest security investment. In the total effort (also called cumulative defense and sum-of-efforts) model, the level of security is determined by the sum of the security investment of all players.

Models Focusing on Negative Externalities

Each player's factory is modeled as a discrete-time stochastic system controlled by the input sequence chosen in the second stage. The model includes both reliability and safety risks; the latter reflects the interdependence between players as their systems are connected to a network. Both orders of decision-making are studied; that is, both when the opponent moves first and the other players move second, and vice versa.

In the weakest target model, the attacker can always compromise the player(s) who invest the least, but leave the other players unscathed. This models an attacker who has infinite power and is determined to endanger any group of players with the least possible effort. The difference is that the probability of a successful attack on the player(s) who invest the least depends on their level of investment in this model.

2012], the stochastic one-hop propagation model of Kunreuther and Heal [2003] is extended to account for strategic attacks, which take into account the players' security investments. In particular, the attacker is modeled as a strategic player who can choose for each player whether to launch an attack or not. The attacker's goal is to maximize the sum of the players' costs while minimizing the number of attacks she must launch.

EXTENSIONS TO THE CORE MODEL OF INTERDEPENDENT SECURITY GAMES

  • Incomplete Information
  • Nonrational and Altruistic Players
  • Malicious Players
  • Risk-Averse Players

Incomplete information, only the distribution of the other players' direct threats is known [Grossklags et al. Each player is assumed to know her own degree di (i.e., the number of other players with whom she is somehow connected), but only has information regarding the probability distributions of her neighbors' degrees dNi (i.e., knows the values ​​of P(dNi| di)). The players are assumed to begin with ex-ante symmetric beliefs and shared assumptions regarding the degrees of their neighbors, which are then updated based on their own degrees.

It is also assumed that each player is aware of the degree correlation between the neighboring nodes and to take this into account when deciding on her strategy. The stability and the domains of attraction of the game's equilibria are studied in three scenarios: homogeneous strictly rational players, homogeneous non-strictly rational players, and strictly rational players divided into two response classes (i.e. players are grouped together based on their behavior). In the third scenario, the players are strictly rational, but inhomogeneous: They are divided into two classes corresponding to different loss values ​​and costs of investment.

In the non-selfish environment, the players try to minimize their perceived cost, which is the sum of their actual cost and the actual cost of their neighbors multiplied by a friendship factor F. The friendship factor captures the extent to which players care about their friends (that is say the players next to them in the social network). In practice, however, the investment decisions made by the players can influence the actions of the adversaries.

A given ecosystem strongly influences an attacker's strategic decisions regarding whether to conduct generic attacks against a large set of targets or conduct a more targeted operation.

Table III. Summary of Modeling Assumptions in Related Work
Table III. Summary of Modeling Assumptions in Related Work

EQUILIBRIA AND EFFICIENCY OF INTERDEPENDENT SECURITY GAMES

  • Existence, Multiplicity, and Computability of Nash Equilibria
  • Efficiency of Nash Equilibria and Free-Riding
  • Equilibrium Selection
  • Incomplete Information
  • Byzantine Players
  • Quality of Security Technology

Since the set of equilibria can be very important to the system's efficiency, it is discussed in more detail in the next subsection. Varian [2004] shows that in the total effort interdependence model, investment levels are always too low in equilibrium compared to socially optimal levels. 2003] it is shown that in the general model of two players the social cost in equilibrium in the case of positive externalities is always lower than in the case of independent players.

For example, in Varian [2004] it is shown that in the total effort interdependence model with identical players, the equilibrium investment level remains constant. 2008], it is shown that in the total effort interdependence model, an equilibrium in which each player invests becomes more and more unlikely as the number of players increases. In the stochastic one-hop propagation-based model for computer security of Kunreuther and Heal [2003], it is shown that increasing the number of players increases the negative externality to an investment player if the other players do not invest.

2006], it is shown that the inefficiency (i.e. the PoA) in the basic vaccination game is proportional to the number of players. For example, in Varian [2004] it is shown that in the weakest link interdependence model with identical players, the socially optimal and the equilibrium risks are identical, regardless of the number of players. 2009], it is shown that there can be no NE in the SIS model, so that the infection rate is below the epidemic threshold, at which the disease dies out.

It is shown in Lelarge [2009] that if the potential losses of the Li players are uneven, there is a possibility for the existence of multiple NEs even in the case of strong protection.

IMPROVING SECURITY DECISIONS

Game-Theoretic Equilibrium Improvements

2011] it is shown that technological improvements may not compensate for the negative effect of the lack of incentives; that is, the PoA does not change with the improvement of security technology, in the case of effective investment and poor traffic dependency models. If the quality of safety is low, demand is higher because of the positive externalities that the monopolist can benefit from. However, if the quality of security is high, demand is lower due to the free-rider effect.

A distribution μ is a CE iff, for each game, the recommended strategy xi is actually the best response to the randomized strategies of the other players with distribution μ(x−i|xi). In other words, it is a NE for all players to follow the broker's recommendation. In practice, the role of mediator may be played by a trusted third party, such as a government agency.

First, it is shown that in a general game based on interdependence patterns, a discrete CE may not reach SO; however, it can be better than all NE of the game. In this case, there is a probability of tipping or cascading: Inducing some of the players to invest in security will cause others to follow suit. It is shown that, if a minimal critical coalition exists, then it must consist of the players with the highest indirect losses.

If the cost of persuading a single player to invest in a security when no other player does is assumed to be equal to the cost of the security.

Mechanisms for Improved Security

From the players' perspective, the different characteristics of the supply side can be summarized as the maturity of the insurance market. The price of insurance is determined by the maturity of the insurance market and the level of risk. Immature markets can be modeled via a loading factor, which measures the excess of the premium relative to the risk [Ogut et al.

2005], it is shown that the maturity of the insurance market can influence both the insurance and safety investment decisions of the players. The immaturity of the market is obviously disadvantageous for the players due to the increased costs of insurance. It is shown that the penalty should be imposed on the player who has the lowest cost of reducing the probability of security breach and that the penalty should be equal to the losses of the other players.

According to the doctrine of the negligence rule, a supervisor determines the level of care prior to the game. 2009] it is shown that the NO of the virus protection game depends on the vector of the unit costs of investmentsC. These limits can serve as a form of strict regulation that requires players to achieve a level of safety regardless of the costs incurred.

If the degree of interdependence is very high and the level of security productivity is very low, there exists exactly one NE in which all players refrain from investing, which corresponds to the corner solution of the SO.

SUMMARY AND FUTURE DIRECTIONS

  • Security Investments
  • Strategic Adversaries
  • Negative Externalities
  • Topology and Network Modeling
  • Reducing Uncertainty and Information Sharing
  • Dynamic and Repeated Games

Second, coordinating a coalition requires effort from the participating actors, which can be modeled with costs that are proportional to the size of the coalition. In interdependent security games, players' investment in security is modeled as a discrete or continuous variable. Modeling this variety of security options is a potential improvement over many existing game theoretic models.

In addition, there is evidence that the attacks experienced by defenders are the result of the participation of various participants in the underground economy [Levchenko et al. Choice involves the attacker's rational (or not so rational) decision-making process, which is very difficult to model. One of the few exceptions, including advocate interdependence, is Hausken [2006], discussed in Section 5.3.

Nevertheless, most research articles consider single-stage (i.e. one-shot) games. InProceedings of the 50th IEEE Conference on Decision and Control and European Control Conference (CDC-ECC’11). InProceedings of the International Conference on Game Theory, Game Theory Society's 22nd Stony Brook Game Theory Festival.

InProceedings of the 1st Workshop on Building Analysis Dataset and Gathering Experience Returns for Security (BADGERS'11).

Gambar

Table I. Notations Used in the Article
Table II. Summary of Models of Interdependence between Players
Table III. Summary of Modeling Assumptions in Related Work
Table IV. Mechanisms Regulatory/ Incentive/

Referensi

Unduh sekarang ( PDF - 38 Halaman - 409.79 KB )

Garis besar

SUMMARY AND FUTURE DIRECTIONS

Dokumen terkait

1 Introduction 2 Setting up an inverse problem

In this work an inverse problem of spectral analysis for a quadratic pencil of operators with general nonselfadjoint nonseparated boundary conditions is considered.. Uniqueness and