Network security an economic perspective
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Network Security: an Economic Perspective PowerPoint PPT Presentation


  • 43 Views
  • Uploaded on
  • Presentation posted in: General

Network Security: an Economic Perspective. Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011. Threats and Vulnerabilities. Attacks are exogenous. Contribution. Optimal security investment for a single agent Gordon and Loeb model, 1/e rule

Download Presentation

Network Security: an Economic Perspective

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Network security an economic perspective

Network Security:an Economic Perspective

Marc Lelarge (INRIA-ENS)

currently visiting STANFORD

TRUST seminar, Berkeley 2011.


Threats and vulnerabilities

Threats and Vulnerabilities

Attacks are exogenous


Contribution

Contribution

  • Optimal security investment for a single agent

    • Gordon and Loeb model, 1/e rule

    • Monotone comparative statics

  • Optimal security investment for an interconnected agent

    - Network externalities

  • Equilibrium analysis of the security game

    - Free-rider problem, Critical mass, PoA


1 single agent

(1) Single agent

  • Two parameters:

    • Potential monetary loss:

    • Probability of security breach without additional security:

  • Agent can invest to reduce the probability of loss to:

  • Optimal investment:


1 gordon and loeb

(1) Gordon and Loeb

  • Class of security breach probability functions:

  • measure of the productivity of security.

Gordon and Loeb (2002)


1 gordon and loeb cont

(1) Gordon and Loeb (cont.)

Optimal

investment

(size of

potential

loss fixed)

vulnerability


1 gordon and loeb cont1

(1) Gordon and Loeb (cont.)

Probability of loss for

a given investment


1 gordon and loeb cont2

(1) Gordon and Loeb (cont.)

Low vulnerability

High vulnerability


1 conditions for monotone investment

(1) Conditions for monotone investment

  • If

    then is non-decreasing

  • Augmenting return of investment with vulnerability:

  • Extension to submodular functions.


1 the 1 e rule

(1) The 1/e rule

  • If the function is log-convex in x then the optimal security investment is bounded by: ,i.e

of the expected loss


Contribution1

Contribution

  • Optimal security investment for a single agent

    • Gordon and Loeb model, 1/e rule

    • Monotone comparative statics

  • Optimal security investment for an interconnected agent

    - Network externalities

  • Equilibrium analysis of the security game

    - Free-rider problem, Critical mass, PoA


2 effect of the network

(2) Effect of the network

  • Agent faces an internal risk and an indirect risk.

  • Information available to the agent: in a poset(partially ordered set).

  • Optimal security investment:


2 how to estimate the probability of loss

(2) How to estimate the probability of loss?

  • Epidemic risk model

  • Binary choice for protection

  • Limited information on the network of contagion (physical or not): degree distribution.

    • Best guess: take a graph uniformly at random.

Galeotti et al. (2010)


2 epidemic model

(2) Epidemic Model

Attacker

  • Attacker directly infects an agent N with prob. p.

  • Each neighbor is contaminated with prob. q if in S or if in N.

S

N


2 monotone comparative statics

(2) Monotone comparative statics

  • If the function is strictly decreasing in for any

    then the optimal investment is non-decreasing.

  • Equivalent to:

    Network externalities function is decreasing:


2 strong protection

(2) Strong protection

  • An agent investing in S cannot be harmed by the actions of others: . in previous equation.

  • Decreasing network externalities function.


2 weak protection

(2) Weak protection

  • If , the network externalities function is:


Contribution2

Contribution

  • Optimal security investment for a single agent

    • Gordon and Loeb model, 1/e rule

    • Monotone comparative statics

  • Optimal security investment for an interconnected agent

    - Network externalities

  • Equilibrium analysis of the security game

    - Free-rider problem, Critical mass, PoA


3 fulfilled expectations equilibrium

(3) Fulfilled expectations equilibrium

  • Concept introduced by Katz & Shapiro (85)

  • Willingness to pay for the agent of type :

    multiplicative specification of network externalities, Economides & Himmelberg (95).

  • C.d.f of types: % with

  • Willingness to pay for the ‘last’ agent:


3 fulfilled expectations equilibrium1

(3) Fulfilled expectations equilibrium

  • In equilibrium, expectation are fulfilled:

  • The willingness to pay is:

  • Extension of Interdependent Security

    2 players game introduced by Kunreuther & Heal (03).


3 critical mass

(3) Critical mass

  • Equilibria given by the fixed point equation


3 critical mass cont

(3) Critical mass (cont.)

  • Equilibria given by the fixed point equation

cost

fraction of

population

investing in security


3 critical mass cont1

(3) Critical mass (cont.)

  • If only one type: willingness to pay = network externalities function.

cost

fraction of

population

investing in security


3 price of anarchy

(3) Price of Anarchy

  • The social welfare function:

  • Because of the public and private externalities, agent under-invest in security (in all cases).

Private externalities

Public externalities


Conclusion

Conclusion

  • Simple single agent model: 1/e rule

    • General conditions for monotone investment

  • Interconnected agents: network externalities function

    • General conditions to align incentives

  • Equilibrium analysis of the security game

    • Critical mass, PoA

  • Extensions: In this talk, agent is risk-neutral. What happens if risk-adverse? Insurance?


Thank you

Thank you!

Feedbacks are welcome:

[email protected]


  • Login