Effect of Security Investment on Evolutionary Games

被引：0

作者：

Zhang, Chen ^{[1
]}

Pan, Rong ^{[2
]}

Chaudhury, Abhijit ^{[2
]}

Xu, Changxin ^{[3
]}

机构：

[1] Bryant Univ, Dept Comp Informat Syst, Smithfield, RI USA

[2] China Construct Bank, Nanjing 2100002, Jiangsu, Peoples R China

[3] Hohai Univ, Sch Business, Nanjing 210098, Jiangsu, Peoples R China

来源：

JOURNAL OF INFORMATION SCIENCE AND ENGINEERING | 2014年 / 30卷 / 06期

关键词：

management; network reliability; security; artificial intelligence; evolutionary algorithm; INFORMATION SECURITY; SOFTWARE VULNERABILITIES; INTERNET SECURITY; MARKET; MODEL;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we propose an evolutionary game model to analyze the investment decision making process in the cyber offender-defender interaction and provide a quantified approach for defender to calculate the safety threshold to avoid the occurrence of offender-leading game. Then we use simulation as a workbench to discuss the adjustment of each parameter to the security investment threshold. Our evolutionary game model shows that the cyber offender-defender game can possibly reach one realistic stable point after a long-term evolution, which implicates a tied offender-defender game. We found that an offender-leading game can be avoided by maintaining the security investment above a safety threshold level determined by the system vulnerability among other environmental parameters such as residual risk and potential loss. Hence with an optimal level of security investment, the defender can lead the game effectively to discourage attacking attempts. Both linear and nonlinear simulations share similar trends and our evolutionary game theoretic analysis remains valid in either case.

引用

页码：1695 / 1718

页数：24

共 57 条

[1] MARKET FOR LEMONS - QUALITY UNCERTAINTY AND MARKET MECHANISM
AKERLOF, GA
[J]. QUARTERLY JOURNAL OF ECONOMICS, 1970, 84 (03) : 488 - 500
[2] Why information security is hard - An economic perspective
Anderson, R
[J]. 17TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2001, : 358 - 365
[3] Baker S., 2010, In the Crossfire, Critical Infrastructure in the Age of Cyber War
[4] BOHME R, 2010, WORKSH EC INF SEC
[5] BOLOT J, 2008, CYBER INSURANCE INCE
[6] A model for evaluating IT security investments
Cavusoglu, H
Mishra, B
Raghunathan, S
[J]. COMMUNICATIONS OF THE ACM, 2004, 47 (07) : 87 - 92
[7] The effect of Internet security breach announcements on market value: Capital market reactions for breached firms and Internet security developers
Cavusoglu, H
Mishra, B
Raghunathan, S
[J]. INTERNATIONAL JOURNAL OF ELECTRONIC COMMERCE, 2004, 9 (01) : 69 - 104
[8] Decision-theoretic and game-theoretic approaches to IT security investment
Cavusoglu, Huseyin
Raghunathan, Srinivasan
Yue, Wei T.
[J]. JOURNAL OF MANAGEMENT INFORMATION SYSTEMS, 2008, 25 (02) : 281 - 304
[9] *ERNST YOUNG, 2004, ERNST YOUNG GLOB INF
[10] FARAHMAND F, 2005, J INF TECHNOL, V6, P203, DOI DOI 10.1007/S10799-005-5880-5

← 1 2 3 4 5 6 →