Nash Equilibria for Weakest Target Security Games with Heterogeneous Agents
Motivated attackers cannot always be blocked or deterred. In the physical-world security context, examples include suicide bombers and sexual predators. In computer networks, zero-day exploits unpredictably threaten the information economy and end users. In this paper, we study the conflicting incentives of individuals to act in the light of such threats.
More specifically, in the weakest target game an attacker will always be able to compromise the agent (or agents) with the lowest protection level, but will leave all others unscathed. We find the game to exhibit a number of complex phenomena. It does not admit pure Nash equilibria, and when players are heterogeneous in some cases the game does not even admit mixed-strategy equilibria.
Most outcomes from the weakest-target game are far from ideal. In fact, payoffs for most players in any Nash equilibrium are far worse than in the game’s social optimum. However, under the rule of a social planner, average security investments are extremely low. The game thus leads to a conflict between pure economic interests, and common social norms that imply that higher levels of security are always desirable.
KeywordsSecurity Economics Game Theory Heterogeneity
Unable to display preview. Download preview PDF.
- 2.Böhme, R., Schwartz, G.: Modeling cyber-insurance: Towards a unifying framework. In: Proceedings of the Ninth Workshop on the Economics of Information Security (WEIS 2010), Cambridge, MA (June 2010)Google Scholar
- 3.Christin, N., Grossklags, J., Chuang, J.: Near rationality and competitive equilibria in networked systems. In: Proceedings of ACM SIGCOMM 2004 Workshop on Practice and Theory of Incentives in Networked Systems (PINS), Portland, OR, pp. 213–219 (August 2004)Google Scholar
- 5.Dixit, A., Skeath, S.: Games of Strategy. Norton & Company, New York (1999)Google Scholar
- 7.Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 2008 World Wide Web Conference (WWW 2008), Beijing, China, pp. 209–218 (April 2008)Google Scholar
- 8.Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the 9th ACM Conference on Electronic Commerce (EC 2008), Chicago, IL, pp. 160–169 (July 2008)Google Scholar
- 9.Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G., Paxson, V., Savage, S.: Spamalytics: An empirical analysis of spam marketing conversion. In: Proceedings of the Conference on Computer and Communications Security (CCS), Alexandria, VA, pp. 3–14 (October 2008)Google Scholar
- 10.Kearns, M., Ortiz, L.: Algorithms for interdependent security games. In: Thrun, S., Saul, L., Schölkopf, B. (eds.) Advances in Neural Information Processing Systems 16, pp. 561–568. MIT Press, Cambridge (2004)Google Scholar
- 12.Lelarge, M., Bolot, J.: Network externalities and the deployment of security features and protocols in the Internet. In: Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS 2008), Annapolis, MA, pp. 37–48 (June 2008)Google Scholar
- 13.Miura-Ko, A., Yolken, B., Mitchell, J., Bambos, N.: Security decision-making among interdependent organizations. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), Pittsburgh, PA, pp. 66–80 (June 2008)Google Scholar
- 14.Nguyen, K., Alpcan, T., Basar, T.: Stochastic games for security in networks with interdependent nodes. In: Proceedings of the International Conference on Game Theory for Networks (GameNets 2009), Istanbul, Turkey, pp. 697–703 (May 2009)Google Scholar
- 15.Rapoport, A., Chammah, A.: Prisoner’s Dilemma: A Study in Conflict and Cooperation. Ann Arbor Paperbacks, University of Michigan Press (1965)Google Scholar
- 17.Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS 2010), Koloa, HI, pp. 1–10 (January 2010)Google Scholar
- 18.Skoudis, E.: Malware: Fighting malicious code. Prentice Hall, Upper Saddle River (2004)Google Scholar