Abstract
Hosts (or nodes) in the Internet often face epidemic risks such as virus and worms attack. Despite the awareness of these risks and the availability of anti-virus software, investment in security protection is still scare, and hence epidemic risk is still prevalent. Deciding whether to invest in security protection is an interdependent process: security investment decision made by one node can affect the security risk of others, and therefore affect their decisions also. The first contribution of this paper is to provide a fundamental understanding on how “network externality” effect with “nodes heterogeneity” may affect security adoption. We characterize it as a Bayesian network game in which nodes only have the local information, e.g., the number of neighbors, as well as minimum common information, e.g., degree distribution of the network. Our second contribution is in analyzing a new form of risk management called cyber-insurance. We investigate how the presence of competitive insurance market can affect the security adoption.
Keywords
- heterogeneous network
- security adoption
- cyber-insurance
- Bayesian network game
Download conference paper PDF
References
Aldous, D., Bandyopadhyay, A.: Survey of max-type recursive distributional equations. The Annals of Applied Prob. 15(2), 1047–1110 (2005)
Anderson, R.: Why information security is hard-an economic perspective. In: IEEE Computer Security Applications Conference 2001, pp. 358–365 (2001)
Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610 (2006)
Böhme, R., Schwartz, G.: Modeling cyber-insurance: Towards a unifying framework. In: Workshop on the Economics of Information Security. Harvard University, Cambridge (2010)
Bu, T., Towsley, D.: On distinguishing between internet power law topology generators. In: INFOCOM, pp. 638–647. IEEE (2002)
Easley, D., Kleinberg, J.: Networks, crowds, and markets: Reasoning about a highly connected world. Cambridge Univ. Pr. (2010)
Ehrlich, I., Becker, G.S.: Market insurance, self-insurance, and self-protection. The Journal of Political Economy 80(4), 623–648 (1972)
Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the internet topology. In: ACM SIGCOMM, pp. 251–262 (1999)
Grossklags, J., Christin, N., Chuang, J.: Secure or insecure? a game-theoretic analysis of information security games. In: WWW 2008 (2008)
Heal, G., Kunreuther, H.: The vaccination game. Center for Risk Management and Decision Process Working Paper (2005)
Hillier, B.: The economics of asymmetric information. Palgrave Macmillan (1997)
Jiang, L., Anantharam, V., Walrand, J.: Efficiency of selfish investments in network security. In: Proc. of the 3rd International Workshop on Economics of Networked Systems, pp. 31–36. ACM (2008)
Kesan, J., Majuca, R., Yurcik, W.: Cyberinsurance as a market-based solution to the problem of cybersecurity: a case study. In: Proc. WEIS. Citeseer (2005)
Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2), 231–249 (2003)
Lelarge, M., Bolot, J.: A local mean field analysis of security investments in networks. In: Proc. of the 3rd International Workshop on Economics of Networked Systems, pp. 25–30. ACM (2008)
Lelarge, M., Bolot, J.: Network externalities and the deployment of security features and protocols in the internet. In: ACM SIGMETRICS (2008)
Lelarge, M., Bolot, J.: Economic incentives to increase security in the internet: The case for insurance. In: INFOCOM, pp. 1494–1502 (2009)
Medvinsky, G., Lai, C., Neuman, B.: Endorsements, licensing, and insurance for distributed system services. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 170–175. ACM (1994)
Melnik, S., Hackett, A., Porter, M.A., Mucha, P.J., Gleeson, J.P.: The unreasonable effectiveness of tree-based theory for networks with clustering. Physical Review E 83(3), 036112 (2011)
Miura-Ko, R., Yolken, B., Bambos, N., Mitchell, J.: Security investment games of interdependent organizations. In: 2008 46th Annual Allerton Conference on Communication, Control, and Computing, pp. 252–260. IEEE (2008)
Moore, D., Shannon, C., et al.: Code-red: a case study on the spread and victims of an internet worm. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, pp. 273–284. ACM (2002)
Newman, M.: Networks: an introduction. Oxford Univ. Pr. (2010)
Nisan, N.: Algorithmic game theory. Cambridge Univ. Pr. (2007)
Omic, J., Orda, A., Van Mieghem, P.: Protecting against network infections: A game theoretic perspective. In: INFOCOM 2009. IEEE (2009)
Shavell, S.: On moral hazard and insurance. The Quarterly Journal of Economics 93(4), 541 (1979)
Shetty, N., Schwartz, G., Felegyhazi, M., Walrand, J.: Competitive cyber-insurance and internet security. Economics of Information Security and Privacy, 229–247 (2010)
Yang, Z., Lui, J.: Security adoption in heterogeneous networks: the influence of cyber-insurance market (2011), http://www.cse.cuhk.edu.hk/%7ecslui/TR1.pdf
Yang, Z., Lui, J.: Investigating the effect of node heterogeneity and network externality on security adoption. In: Thirteenth ACM Sigmetrics Workshop on Mathematical Performance Modeling and Analysis, MAMA (June 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Yang, Z., Lui, J.C.S. (2012). Security Adoption in Heterogeneous Networks: the Influence of Cyber-Insurance Market. In: Bestak, R., Kencl, L., Li, L.E., Widmer, J., Yin, H. (eds) NETWORKING 2012. NETWORKING 2012. Lecture Notes in Computer Science, vol 7290. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30054-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-30054-7_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30053-0
Online ISBN: 978-3-642-30054-7
eBook Packages: Computer ScienceComputer Science (R0)
