Abstract
The external information security resource allocation method is proposed considering the non-cooperation of multiple cities. In this method, the effects of different influence factors, for example, city size, probability of intrusion by illegal users and propagation probability of one-time intrusion on resource allocation is explored. Through the simulation experiment, the proposed conclusions are conveniently and clearly verified.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
A modern smart city cannot be a closed system, and its communication will not be limited in the interior. In the actual operation, its external sharing and communication will sometimes be even more extensive than the internal communication. Therefore, it is necessary to strengthen studies on external resource allocation of the city on the premise of thorough research on internal resource allocation of the city [1,2,3].
With the rapid development and wide application of big data and artificial intelligence and the continuous integration and development of all walks of life [4, 5], information security has become a huge challenge for smart cities at present [6,7,8]. It is not an isolated and separate issue, but is ubiquitous and can easily develop into a public security problem [9,10,11,12,13]. The cooperation in information security and business contacts between cities make urban resources be complementary to a certain extent [14,15,16]. After illegal users intrude into a city, they need to intrude into another city linked to obtain the corresponding benefits.
2 Problem Description and Modelling
2.1 Problem Description
Because resources between cities are complementary, if illegal users intrude into a city, but fail to intrude into cities linked, complementarity of resources guarantees all or partial information security, so that it is difficult for illegal users to fully benefit, thus avoiding heavy loss of the cities. At present, most scholars mainly focus on the research of resource allocation to information security in cities under the condition of information sharing. In fact, cities will also consider input and output and if the disadvantages of cooperation outweigh the advantages, they tend to choose not to cooperate. Therefore, it is necessary to study the optimal resource allocation in the case of non-cooperation. This section mainly studied the problem that multiple cities with complementary external resources suffer from multiple propagation and intrusion by illegal users in the actual operation of smart cities. Firstly, the optimal resource allocation schemes were compared under non-cooperation and full cooperation situations and then government’s compensation mechanisms and information sharing mechanisms were introduced. Furthermore, a numerical analysis was carried out.
2.2 Problem Modeling
Any game problem can be described as \(\mathrm{GT}=\{\mathrm{P},\mathrm{ St},\mathrm{ Ut}\}\). For complementary external resources, cities are linked with each other and they may be attacked by illegal users. Even if cities are not attacked directly, they can also be attacked indirectly through propagation. Any problem of complementary external resource allocation can be transformed into a game problem through the propagation probability.
Assumption 1: When the propagation probability of one-time intrusion between cities is same and set as \(\mathrm{\upalpha }\), illegal users can attack another city directly linked thereto by using the probability.
Assumption 2: Illegal users do not have any prior information about the vulnerability for information security construction in cities. Therefore, the probabilities of illegal users intruding into all cities are same, and the value is \(\upbeta \).
Assumption 3: The losses borne by cities intruded by illegal users are same, namely L.
Assumption 4: When resources are not allocated to information security in cities, the probabilities of intrusion by illegal users are same across cities and value v.
It is assumed that there are n cities forming complementary external resources and the probability of intrusion by illegal users after allocating resources to information security in the \(\mathrm{j}\left(\mathrm{j}=\mathrm{1,2},\cdots \mathrm{n}\right)\) th city is \({\mathrm{p}}_{\mathrm{j}}\). Moreover, the volume of resource allocation to information security is \({\mathrm{e}}_{\mathrm{j}}\), loss rescued by amount of money per unit is \(\mathrm{E}\) and the expected loss after allocating resources to information security in cities is set as \({\mathrm{C}}_{\mathrm{j}}\). By improving the model proposed by Gordon [14], the probability \({\mathrm{p}}_{\mathrm{j}}\) of intrusion by illegal users in the jth city can be obtained.
Considering complementarity of resources between cities, that is, if illegal users intrude into one or several cities linked, but not all cities linked, it is acceptable to the whole information security system to a certain extent. Therefore, if illegal users want to maximize their profits, they have to intrude into all cities linked.
3 Resource Allocation to Information Security in Cities Under Non-cooperation
This section mainly analyses strategies for allocation of complementary external resources under non-cooperation between smart cities. Based on the assumptions in the above section and Formula (1), it is known that the probability of intrusion by illegal users in the \(\mathrm{j}\left(\mathrm{j}=\mathrm{1,2},\cdots \mathrm{n}\right)\) th city is \(1-\left(1-{\mathrm{p}}_{\mathrm{j}}\right)\prod_{\mathrm{k}=1,\mathrm{k}\ne \mathrm{j}}^{\mathrm{n}}\left(1-{\mathrm{\upalpha }}^{\mathrm{k}-1}{\mathrm{p}}_{\mathrm{k}}\right)\), so the minimum expected loss \({\mathrm{C}}_{\mathrm{j}}\) of the city is taken as a loss function.
By substituting Formula (1) into Formula (2), the following formula can be obtained.
Because \(\prod_{\mathrm{k}=1,\mathrm{k}\ne \mathrm{j}}^{\mathrm{n}}\left(1-{\mathrm{\upalpha }}^{\mathrm{k}-1}\upbeta {\mathrm{v}}^{{\mathrm{Ee}}_{\mathrm{k}}+1}\right)\) in Formula (3) is independent of \({\mathrm{e}}_{\mathrm{j}}\), let \(\Phi =\prod_{\mathrm{k}=1,\mathrm{k}\ne \mathrm{j}}^{\mathrm{n}}\left(1-{\mathrm{\upalpha }}^{\mathrm{k}-1}\upbeta {\mathrm{v}}^{{\mathrm{Ee}}_{\mathrm{k}}+1}\right)\), the following formula can be obtained by solving the partial derivative of Formula (3):
By further solving the partial derivative of Formula (4), the second-order derivative of Formula (5) can be obtained.
It can be seen from Formula (5) that \(\frac{{{\partial }^{2}\mathrm{C}}_{\mathrm{j}}}{\partial {\mathrm{e}}_{\mathrm{j}}^{2}}\ge 0\) is always established. Therefore, when \(\frac{\partial {\mathrm{C}}_{\mathrm{j}}}{\partial {\mathrm{e}}_{\mathrm{j}}}=0\), the minimum value of the loss function \({\mathrm{C}}_{\mathrm{j}}\) can be obtained, thus obtaining the following Conclusion 1.
Conclusion 1:
Under non-cooperation between smart cities with complementary external resources, the Nash equilibrium solution can be obtained through games when the optimal volume of resource allocation in each city is \({\mathrm{y}}^{*}=\left({\mathrm{e}}_{1}^{*}, {\mathrm{e}}_{1}^{*},\cdots , {\mathrm{e}}_{1}^{*}\right)\), in which \({\mathrm{e}}_{1}^{*}\) meets Formula (6).
In accordance with Formula (6), the effects of factors, such as size of linked cities, probability of intrusion by illegal users and propagation probability of one-time intrusion on resource allocation to information security in cities can be further analysed. Based on Conclusion 1, \({\mathrm{e}}_{1}^{*}\) meets \(\upbeta\mathrm{EL\Phi }{\mathrm{v}}_{\mathrm{j}}^{{\mathrm{Ee}}_{1}^{*}+1}{\mathrm{lnv}}_{\mathrm{j}}+1=0\). Furthermore, \(\frac{\prod_{\mathrm{k}=1,\mathrm{k}\ne \mathrm{j}}^{\mathrm{n}}\left(1-{\mathrm{\upalpha }}^{\mathrm{k}}\upbeta {\mathrm{v}}^{{\mathrm{Ee}}_{\mathrm{k}+1}+1}\right)}{\prod_{\mathrm{k}=1,\mathrm{k}\ne \mathrm{j}}^{\mathrm{n}}\left(1-{\mathrm{\upalpha }}^{\mathrm{k}-1}\upbeta {\mathrm{v}}^{{\mathrm{Ee}}_{\mathrm{k}}+1}\right)}=1-{\mathrm{\upalpha }}^{\mathrm{n}}\upbeta {\mathrm{v}}^{{\mathrm{Ee}}_{\mathrm{k}+1}+1}<1\) is always established. For this reason, the relationship between size of linked cities and resource allocation to information security in cities is analysed by combining with characteristics of complementary resources and considering the same volume of resource allocation between smart cities under non-cooperation based on relevant assumptions in Sect. 2.2. On this basis, the following Conclusion 2 can be made.
Conclusion 2:
Under non-cooperation, with the increase of size of cities linked in complementary external resources of information security, the optimal volume \({\mathrm{e}}_{1}^{*}\) of resource allocation to information security in cities reduces correspondingly, that is, \({\mathrm{e}}_{1}^{*}\) is negatively correlated with \(\mathrm{n}\).
The reason is that with the increase of \(\mathrm{n}\), \(\prod_{\mathrm{k}=1,\mathrm{k}\ne \mathrm{j}}^{\mathrm{n}}\left(1-{\mathrm{\upalpha }}^{\mathrm{k}-1}\upbeta {\mathrm{v}}^{{\mathrm{Ee}}_{\mathrm{k}}+1}\right)\) decreases, which raises \({\mathrm{p}}_{\mathrm{j}}=\upbeta {\mathrm{v}}^{{\mathrm{Ee}}_{\mathrm{j}}+1}\). In addition, because \(\mathrm{v}\in \left[0, 1\right]\), \({\mathrm{e}}_{1}^{*}\) is bound to decrease accordingly. This suggests that the volume of resource allocation in each city reduces correspondingly with the increase of size of cities with complementary resources. However, this can greatly increase the probability of illegal users to intrude into a single city, so that the information security level of all smart cities significantly reduces. Although more linked cities can share the risks, such a behaviour of reducing the volume of resource allocation decreases the information security level. If the size of linked cities reaches to a certain critical value, it is not necessary for smart cities to allocate resources to information security, which is unrealistic in practice. Therefore, it is necessary for the government to coordinate the relevant departments in each city and allocate resources to information security after weighing the advantages and disadvantages.
By analyzing the relationship between the probability of intrusion by illegal users and resource allocation to information security in cities, Conclusion 3 can be made as follows:
Conclusion 3:
Under non-cooperation, for any probability \(\upbeta \in \left[0, 1\right]\) of intrusion by illegal users, the optimal volume \({\mathrm{e}}_{1}^{*}\) of resource allocation to information security in cities monotonically rises, namely \(\frac{\partial {\mathrm{e}}_{1}^{*}}{\partial\upbeta }>0\) is always established.
Conclusion 3 indicates that the volume of resource allocation to information security in cities increases with the probability of intrusion by illegal users in the model of complementary external resource allocation in smart cities, which confirms with the common sense. When the probability of intrusion by illegal users rises, cities will invest more to prevent illegal intrusion, thus raising their information security level.
By analysing the relationship between the propagation probability of one-time intrusion between cities and resource allocation to information security in cities, Conclusion 4 can be made as follows:
Conclusion 4:
Under non-cooperation, for any propagation probability \(\mathrm{\upalpha }\in \left[0, 1\right]\) of one-time intrusion between cities, the optimal volume of resource allocation to information security in cities monotonically reduces, that is, \(\frac{\partial {\mathrm{e}}_{1}^{*}}{\partial \mathrm{\upalpha }}<0\) is always established.
Conclusion 4 indicates that with the increase of the propagation probability of one-time intrusion between cities, the optimal volume of resource allocation to information security in cities decreases correspondingly. This verifies the conclusion proposed in the existing study [x] that network communication has a negative impact on the optimal strategy of resource allocation. This implies that the power of cities to resource allocation to information security can be reduced with the increase of the propagation probability of one-time intrusion between cities. In the case of non-cooperation, it needs to adjust the network structure between cities and try to avoid indirect intrusion by illegal users due to network connection with other cities.
Based on Conclusions 2 and 4, with the increase of city size and propagation probability of one-time intrusion be-tween cities, the probability of intrusion by illegal users in cities rises. However, through the above analysis, instead of increasing resource allocation, cities reduce investment, which leads to a vicious circle of information security in cities. The main reason is that some cities have free-riding behaviours in the construction of information security in other cities, because the resource allocation in these cities not only has an effect on information security of them-selves, but also exerts a positive influence on cities linked thereto. Due to the free-riding behaviours, marginal benefits of cities with resource allocation to information security decrease.
4 Experimental Results and Analysis
Through a simulation experiment, the above conclusions can be conveniently and clearly verified. This section mainly deeply discusses the following problems.
-
(1)
Based on the numerical simulation, the optimal volumes of resource allocation and expected costs under non-cooperation and full cooperation of cities are compared. The influence trends of city size \(\mathrm{n}\), probability \(\upbeta \) of intrusion by illegal users and propagation probability \(\mathrm{\upalpha }\) of one-time intrusion on the optimal volume of resource allocation and expected cost are numerically studied and analysed, that is, numerical analysis under different conditions.
-
(2)
The influences of the compensation coefficient \(\upgamma \) and sharing rate \(\updelta \) of information in cities on the optimal volume of resource allocation and expected cost are discussed, that is, numerical analysis of incentive mechanisms.
According to the actual conditions, there cannot be too many cities that are linked together and have complementary external resources, generally no more than four, so the city sizes are set as \(\mathrm{n}=3\) and \(\mathrm{n}=4\) in the numerical simulation in this section. Because it is impossible and unnecessary to consider all values of some experimental parameters in the actual numerical simulation, this section only takes several representative values into account. It is supposed that \(\mathrm{L}=400\), \(\mathrm{v}=0.5\) and \(\mathrm{E}=0.1\).
When \(\mathrm{n}=3\), the propagation probability \(\mathrm{\upalpha }\) of one-time intrusion between cities and the probability \(\upbeta \) of intrusion by illegal users are set to be 0.1–0.9, with an increase amplitude of 0.1, to analyze the influences of \(\mathrm{\upalpha }\) and \(\upbeta \) on resource allocation. The volume of resource allocation and the expected loss are listed in Tables 1 and 2. By further analysing Tables 1 and 2, when \(\mathrm{\upalpha }\) is 0.1 and \(\upbeta \) values \(\left[0.1, 0.9\right]\) as well as \(\upbeta \) is 0.1 and \(\mathrm{\upalpha }\) is \(\left[0.1, 0.9\right]\), the results in Figs. 1 and 2 can be obtained.
It can be obviously observed from the above figures that with the constant increase of \(\upbeta \), the volume \({\mathrm{e}}_{1}^{*}\) of resource allocation continuously rises, which verifies the correctness of Conclusion 3; as \(\mathrm{\upalpha }\) constantly rises, the volume \({\mathrm{e}}_{1}^{*}\) of resource allocation continuously decreases, verifying that Conclusion 4 is correct.
When \(\mathrm{n}=4\), by setting the propagation probability \(\mathrm{\upalpha }\) of one-time intrusion between cities as 0.1–0.9, with an increase amplitude of 0.1 and the probability \(\upbeta \) of intrusion by illegal users as 0.1, the volume of resource allocation and the expected loss are attained, as shown in Table 3.
By comparing results in Table 3 with Tables 1 and 2, it can be seen that with the increase of \(\mathrm{n}\), the volume \({\mathrm{e}}_{1}^{*}\) of resource allocation reduces, while the expected loss increases, verifying that Conclusion 2 is correct. By comparing results in Table 3 with Tables 1 and 2, with the increase of \(\mathrm{n}\), the volume \({\mathrm{e}}_{1}^{*}\) of resource allocation decreases, while the expected loss rises, proving that Conclusion 2 is correct.
5 Conclusions
This research mainly discussed the methods for resource allocation in the cases of non-cooperation of multiple cities. In addition, the effects of different influence factors, such as city size, propagation probability of one-time intrusion and probability of intrusion by illegal users on resource allocation was also explored.
References
Nazareth, D.L., Choi, J.: A system dynamics model for information security management. Inf. Manage. 52(1), 123–134 (2015)
Houmb, S.H., Franqueira, V.N.L., Engum, E.A.: Quantifying security risk level from CVSS estimates of frequency and impact. J. Syst. Softw. 83(9), 1622–1634 (2010)
Feng, N., Li, M.: An information systems security risk assessment model under uncertain environment. Appl. Soft Comput. J. 11(7), 4332–4340 (2011)
Kong, H.K., Kim, T.S., Kim, J.: An analysis on effects of information security investments: a BSC perspective. J. Intell. Manuf. 23(4), 941–953 (2012)
Li, S., Bi, F., Chen, W., et al.: An improved information security risk assessments method for cyber-physical-social computing and networking. IEEE Access 6(99), 10311–10319 (2018)
Basallo, Y.A., Senti, V.E., Sanchez, N.M.: Artificial intelligence techniques for information security risk assessment. IEEE Lat. Am. Trans. 16(3), 897–901 (2018)
Grunske, L., Joyce, D.: Quantitative risk-based security prediction for component-based systems with explicitly modelled attack profiles. J. Syst. Softw. 81(8), 1327–1345 (2008)
Gusm, O.A., Silval, C.E., Silva, M.M., et al.: Information security risk analysis model using fuzzy decision theory. Int. J. Inf. Manage. 36(1), 25–34 (2016)
Baskerville, R.: Integration of information systems and cybersecurity countermeasures: an exposure to risk perspective. Data Base Adv. Inf. Syst. 49(1), 69–87 (2017)
Huang, C.D., Hu, Q., Behara, R.S.: An economic analysis of the optimal information security investment in the case of a risk-averse firm. Int. J. Prod. Econ. 114(2), 793–804 (2008)
Yong, J.L., Kauffman, R.J., Sougstad, R.: Profit-maximizing firm investments in customer information security. Decis. Support Syst. 51(4), 904–920 (2011)
Li, J., Li, M., Wu, D., et al.: An integrated risk measurement and optimization model for trustworthy software process management. Inf. Sci. 191(9), 47–60 (2012)
Benaroch, M.: Real options models for proactive uncertainty-reducing mitigations and applications in cybersecurity investment decision-making. Soc. Sci. Electron. Publ. 4, 11–30 (2017)
Gao, X., Zhong, W., Mei, S.: Security investment and information sharing under an alternative security breach probability function. Inf. Syst. Front. 17(2), 423–438 (2015)
Liu, D., Ji, Y., Mookerjee, V.: Knowledge sharing and investment decisions in information security. Decis. Support Syst. 52(1), 95–107 (2012)
Gao, X., Zhong, W., Mei, S.: A game-theoretic analysis of information sharing and security investment for complementary firms. J. Oper. Res. Soc. 65(11), 1682–1691 (2014)
Acknowledgements
This research work is supported by the National Social Science Fund of China (18BTQ055), the Youth Fund of Hu-nan Natural Science Foundation (2020JJ5149, 2020JJ5150) and the Innovation Team of Guangdong Provincial Department of Education (2018KCXTD031). It is also supported by the Program of Guangdong Innovative Research Team (2020KCXTD040), the Pengcheng Scholar Funded Scheme, and the Basic Research Project of Science and Technology Plan of Shenzhen (SZIITWDZC2021A02, JCYJ20200109141218676).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
The authors declare that they have no conflict of interest.
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this paper
Cite this paper
Li, J., Cheng, D., Xing, L., Tan, X. (2022). External Information Security Resource Allocation with the Non-cooperation of Multiple Cities. In: Qian, Z., Jabbar, M., Li, X. (eds) Proceeding of 2021 International Conference on Wireless Communications, Networking and Applications. WCNA 2021. Lecture Notes in Electrical Engineering. Springer, Singapore. https://doi.org/10.1007/978-981-19-2456-9_33
Download citation
DOI: https://doi.org/10.1007/978-981-19-2456-9_33
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-2455-2
Online ISBN: 978-981-19-2456-9
eBook Packages: EngineeringEngineering (R0)