Network Security Games: Combining Game Theory, Behavioral Economics, and Network Measurements
Computer and information networks are a prime example of an environment where negative externalities abound, particularly when it comes to implementing security defenses. A typical example is that of denial-of-service prevention: ingress filtering, where attack traffic gets discarded by routers close to the perpetrators, is in principle an excellent remedy, as it prevents harmful traffic not only from reaching the victims, but also from burdening the network situated between attacker and target. However, with ingress filtering, the entities (at the ingress) that have to invest in additional filtering are not the ones (at the egress) who mostly benefit from the investment, and, may not have any incentive to participate in the scheme. As this example illustrates, it is important to understand the incentives of the different participants to a network, so that we can design schemes or intervention mechanisms to re-align them with a desirable outcome.
KeywordsProspect Theory Attack Behavior Rational Player Bayesian Nash Equilibrium Security Game
Unable to display preview. Download preview PDF.
- 1.Christin, N., Egelman, S., Vidas, T., Grossklags, J.: It’s all about the Benjamins: Incentivizing users to ignore security advice. In: Proceedings of IFCA Financial Cryptography 2011, Saint Lucia (March 2011)Google Scholar
- 2.Christin, N., Yanagihara, S., Kamataki, K.: Dissecting one click frauds. In: Proc. ACM CCS 2010, Chicago, IL (October 2010)Google Scholar
- 3.Grossklags, J., Christin, N., Chuang, J.: Predicted and observed behavior in the weakest-link security game. In: Proceedings of the 2008 USENIX Workshop on Usability, Privacy and Security (UPSEC 2008), San Francisco, CA (April 2008)Google Scholar
- 4.Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 2008 World Wide Web Conference (WWW 2008), Beijing, China, pp. 209–218 (April 2008)Google Scholar
- 5.Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the 9th ACM Conference on Electronic Commerce (EC 2008), Chicago, IL, pp. 160–169 (July 2008)Google Scholar
- 6.Johnson, B., Grossklags, J., Christin, N., Chuang, J.: Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 588–606. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 7.Kahneman, D., Tversky, A.: Prospect theory: An analysis of decision under risk. Econometrica XLVII, 263–291 (1979)Google Scholar
- 8.Leontiadis, N., Moore, T., Christin, N.: Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In: Proceedings of USENIX Security 2011, San Francisco, CA (August 2011)Google Scholar
- 10.Moore, T., Leontiadis, N., Christin, N.: Fashion crimes: Trending-term exploitation on the web. In: Proceedings of ACM CCS 2011, Chicago, IL (October 2011)Google Scholar