Wanchun Dou,Wenda Tang,Xiaotong Wu,Lianyong Qi,Xiaolong Xu,Xuyun Zhang,Chunhua Hu

DOI: https://doi.org/10.1016/j.ins.2018.12.051

IF: 8.1

2020-01-01

Information Sciences

Abstract:As an important method of risk control in information systems and networks, cyber-insurance has attracted particular attention from both industry and academia. However, two prominent problems hamper the further growth of cyber-insurance. The correlated and interdependent properties of cyber-risks increase the economic risk of insurance companies considerably ; risk pooling can be impeded by these two properties. Further, this situation can be aggravated because cyber-insurance affects the investment for self-protection negatively. This phenomenon is regarded as the ex ante moral hazard. In this study, we establish a mathematical model based on a classic insurance theory to address the abovementioned problems, and propose an optimal cyber-insurance contract scheme that maximizes the expected utility of users. We also propose two personalized contract schemes to incentivize users to invest in self-protection under the no moral hazard and ex ante moral hazard conditions. Extensive experiments are conducted to evaluate the proposed approach, and the experimental results demonstrate the effectiveness and efficiency of the approach. (C) 2018 Published by Elsevier Inc.

Rui Zhang,Quanyan Zhu

DOI: https://doi.org/10.1109/tcss.2021.3117905

2021-01-01

IEEE Transactions on Computational Social Systems

Abstract:With the recent growing number of cyberattacks and the constant lack of effective defense methods, cyber risks have become ubiquitous in enterprise networks, manufacturing plants, and government computer systems. Cyber insurance provides a valuable approach to transfer the cyber risks to insurance companies and further improve the security status of the insured. The designation of effective cyber-insurance contracts requires considerations from both the insurance market and the dynamic properties of the cyber risks. To capture the interactions between the users and the insurers, we present a dynamic moral-hazard type of principal–agent model incorporated with Markov decision processes, which are used to capture the dynamics and correlations of the cyber risks as well as the user's decisions on the protections. We study and fully analyze a case with a two-state two-action user under linear coverage insurance and further show the risk compensation, Peltzman effect, linear insurance contract principle, and zero-operating profit principle in this case. Numerical experiments are provided to verify our conclusions and further extend to cases of a four-state three-action user under linear coverage insurance and threshold coverage insurance.

English Else

Andrew Fielder,Emmanouil Panaousis,Pasquale Malacaria,Chris Hankin,Fabrizio Smeraldi

DOI: https://doi.org/10.48550/arXiv.1502.05532

2015-02-19

Abstract:When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision-support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation and a hybrid of the two. Our modelling starts by building a framework where we can investigate the effectiveness of a cyber security control regarding the protection of different assets seen as targets in presence of commodity threats. In terms of game theory we consider a 2-person control game between the security manager who has to choose among different implementation levels of a cyber security control, and a commodity attacker who chooses among different targets to attack. The pure game theoretical methodology consists of a large game including all controls and all threats. In the hybrid methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are combined with a knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation technique consists of a multi-objective multiple choice knapsack based strategy. We compare these approaches on a case study that was built on SANS top critical controls. The main achievements of this work is to highlight the weaknesses and strengths of different investment methodologies for cyber security, the benefit of their interaction, and the impact that indirect costs have on cyber security investment.

Computer Science and Game Theory,Cryptography and Security

Ranjan Pal,Leana Golubchik

DOI: https://doi.org/10.48550/arXiv.1103.1552

2011-03-08

Cryptography and Security

Abstract:Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, such software does not completely eliminate risk. Recent works have considered the problem of residual risk elimination by proposing the idea of cyber-insurance. In this regard, an important research problem is the analysis of optimal user self-defense investments and cyber-insurance contracts under the Internet environment. In this paper, we investigate two problems and their relationship: 1) analyzing optimal self-defense investments in the Internet, under optimal cyber-insurance coverage, where optimality is an insurer objective and 2) designing optimal cyber-insurance contracts for Internet users, where a contract is a (premium, coverage) pair.

Sakshyam Panda,Emmanouil Panaousis,George Loukas,Christos Laoudias

DOI: https://doi.org/10.48550/arXiv.2001.03782

2020-01-11

Cryptography and Security

Abstract:Cyber hygiene measures are often recommended for strengthening an organization's security posture, especially for protecting against social engineering attacks that target the human element. However, the related recommendations are typically the same for all organizations and their employees, regardless of the nature and the level of risk for different groups of users. Building upon an existing cybersecurity investment model, this paper presents a tool for optimal selection of cyber hygiene safeguards, which we refer as the Optimal Safeguards Tool. The model combines game theory and combinatorial optimization taking into account the probability of each user group to being attacked, the value of assets accessible by each group, and the efficacy of each control for a particular group. The model considers indirect cost as the time employees could require for learning and training against an implemented control. Utilizing a game-theoretic framework to support the Knapsack optimization problem permits us to optimally select safeguards' application levels minimizing the aggregated expected damage within a security investment budget. We evaluate OST in a healthcare domain use case. The Critical Internet Security Control group 17 for implementing security awareness and training programs for employees belonging to the ICT, clinical and administration personnel of a hospital. We compare the strategies implemented by OST against alternative common-sense defending approaches for three different types of attackers: Nash, Weighted and Opportunistic. Nash defending strategies are consistently better than the competing strategies for all attacker types with a minor exception where the Nash defending strategy performs at least as good as other common-sense approaches.

Anuradha M. Annaswamy,Vineet Jagadeesan Nair

DOI: https://doi.org/10.48550/arXiv.2210.07322

2022-10-13

General Economics

Abstract:Several examples of Cyber-physical human systems (CPHS) include real-time decisions from humans as a necessary building block for the successful performance of the overall system. Many of these decision-making problems necessitate an appropriate model of human behavior. Tools from Utility Theory have been used successfully in several problems in transportation for resource allocation and balance of supply and demand \citep{ben1985discrete}. More recently, Prospect Theory has been demonstrated as a useful tool in behavioral economics and cognitive psychology for deriving human behavioral models that characterize their subjective decision-making in the presence of stochastic uncertainties and risks, as an alternative to conventional Utility Theory \citep{kahneman_prospect_2012}. These models will be described in this article. Theoretical implications of Prospect Theory are also discussed. Examples will be drawn from transportation use cases such as shared mobility to illustrate these models as well as the distinctions between Utility Theory and Prospect Theory.

Jean C. Bolot,Marc Lelarge,J. C. Bolot,M. Lelarge

DOI: https://doi.org/10.1109/infocom.2008.259

2008-04-01

Abstract:Managing security risks in the Internet has so far mostly involved methods to reduce the risks and the severity of the damages. Those methods (such as firewalls, intrusion detection and prevention, etc) reduce but do not eliminate risk, and the question remains on how to handle the residual risk. In this paper, we take a new approach to the problem of Internet security and advocate managing this residual risk by buying insurance against it. Using insurance in the Internet raises several questions because entities in the Internet face correlated risks, which means that insurance claims will likely be correlated, making those entities less attractive to insurance companies. Furthermore, risks are interdependent, meaning that the decision by an entity to invest in security and self-protect affects the risk faced by others. We analyze the impact of these externalities on the security investments of users using a simple 2-agent model. Our key results are that there are sound economic reasons for agents to not invest much in self-protection, and that insurance is a desirable incentive mechanism which pushes agents over a threshold into a desirable state where they all invest in self-protection. In other words, insurance increases the level of self-protection, and therefore the level of security, in the Internet. Therefore, we believe that insurance should become an important component of risk management in the Internet.

Joshua Letchford,Yevgeniy Vorobeychik

DOI: https://doi.org/10.48550/arXiv.1210.4873

2012-10-17

Abstract:We introduce a novel framework for computing optimal randomized security policies in networked domains which extends previous approaches in several ways. First, we extend previous linear programming techniques for Stackelberg security games to incorporate benefits and costs of arbitrary security configurations on individual assets. Second, we offer a principled model of failure cascades that allows us to capture both the direct and indirect value of assets, and extend this model to capture uncertainty about the structure of the interdependency network. Third, we extend the linear programming formulation to account for exogenous (random) failures in addition to targeted attacks. The goal of our work is two-fold. First, we aim to develop techniques for computing optimal security strategies in realistic settings involving interdependent security. To this end, we evaluate the value of our technical contributions in comparison with previous approaches, and show that our approach yields much better defense policies and scales to realistic graphs. Second, our computational framework enables us to attain theoretical insights about security on networks. As an example, we study how allowing security to be endogenous impacts the relative resilience of different network topologies.

Computer Science and Game Theory,Cryptography and Security

Chen Wang,Vicki M. Bier

2012-01-01

Abstract:INTRODUCTIONAllocating a limited budget to protect potential targets against terrorist attackers is an important but difficult task. In doing so, we must take into account both the strategic nature of the attackers, and also the defender's uncertain knowledge about attacker preferences. A variety of game-theoretic models in the face of defender uncertainty have been studied and applied.1This study is based on the sequential game with incomplete information developed by Bier et al.2 In that model, the defender moves first to allocate her defensive resources among the potential targets under uncertain knowledge about attacker preferences; the attacker then selects the target with the highest payoff to attack, in light of any defensive investments.3 Knowing or assuming that the attacker would play his best response to any given defensive allocation, the defender wishes to choose her allocation so as to effectively protect against attacks, deter attacks, or deflect attacks to less important targets. However, with uncertainty about the attacker's utility function, the defender cannot predict the attacker's best response for sure; therefore, the defender is assumed to minimize her expected total loss (where the defender objectives may in general be different from the attacker objectives).This paper extends the above game-theoretic model for determining optimal defensive resource allocations to the case of more realistic multi-attribute terrorist objective functions. In particular, we compare the optimal defensive resource allocations in the face of uncertain terrorist preferences with and without transportation-related attributes. The defender's uncertainty about terrorist preferences is represented both by probability distributions over the attacker's attribute weights, and by allowing for attributes that are important to the attacker but not known to the defender.One closely related task is to elicit the attacker attribute weights in the terrorist multi-attribute objective from the judgments of intelligence experts. However, direct estimation of attribute weights can be difficult, since intelligence analysts are usually not familiar with utility theory, and historical data about terrorist attacks are relatively sparse. In such cases, indirect elicitation may be preferable. In particular, this paper uses an approach in which experts are asked to give (partial) rank orderings of attack strategies or targets, and the attribute weights in the attacker objective function are then inferred from those partial rankings using probabilistic inversion.4 We believe that this approach will increase the acceptance of quantitative methods by intelligence experts, and also make it possible to elicit the opinions of a large number of experts in an automated (e.g., online) manner.ModelAs in Wang and Bier, 5 we assume that the defender's objective is to minimize the total expected loss, as given bywhere:* n = number of targets* ci= defender's resource allocation to target i* B = defender's total budget* vi = defender's valuation of target i* hi(c1,...,cn) = probability of an attack on target i* p(ci) = = success probability of an attack on target i, as a function of the budget allocated to target i, where ? is the cost effectiveness of defensive investment.6The attacker is then assumed to observe the defender's resource allocations ci and then choose the target with the highest payoff in light of any defensive investment:p(ci)Uiwhere:* Ui = uj(Aij)xj + eixm = attacker's utility of target i* xj= attacker weight on attribute j(xj ? 0, j=1, ... , m, and =1)* Aij = attacker rating of target i on attribute j(j=1, ... , m - 1)* uj= single-attribute utility function for attribute , taking on values in [0, 1].* ? …

Erick Galinkin,Emmanouil Pountourakis,Spiros Mancoridis

2024-09-28

Abstract:The well-worn George Box aphorism ``all models are wrong, but some are useful'' is particularly salient in the cybersecurity domain, where the assumptions built into a model can have substantial financial or even national security impacts. Computer scientists are often asked to optimize for worst-case outcomes, and since security is largely focused on risk mitigation, preparing for the worst-case scenario appears rational. In this work, we demonstrate that preparing for the worst case rather than the most probable case may yield suboptimal outcomes for learning agents. Through the lens of stochastic Bayesian games, we first explore different attacker knowledge modeling assumptions that impact the usefulness of models to cybersecurity practitioners. By considering different models of attacker knowledge about the state of the game and a defender's hidden information, we find that there is a cost to the defender for optimizing against the worst case.

Cryptography and Security,Artificial Intelligence

Piotr Żebrowski,Aitor Couce-Vieira,Alessandro Mancuso

DOI: https://doi.org/10.1111/risa.13900

Abstract:Critical infrastructures are increasingly reliant on information and communications technology (ICT) for more efficient operations, which, at the same time, exposes them to cyber threats. As the frequency and severity of cyberattacks are increasing, so are the costs of critical infrastructure security. Efficient allocation of resources is thus a crucial issue for cybersecurity. A common practice in managing cyber threats is to conduct a qualitative analysis of individual attack scenarios through risk matrices, prioritizing the scenarios according to their perceived urgency and addressing them in order until all the resources available for cybersecurity are spent. Apart from methodological caveats, this approach may lead to suboptimal resource allocations, given that potential synergies between different attack scenarios and among available security measures are not taken into consideration. To overcome this shortcoming, we propose a quantitative framework that features: (1) a more holistic picture of the cybersecurity landscape, represented as a Bayesian network (BN) that encompasses multiple attack scenarios and thus allows for a better appreciation of vulnerabilities; and (2) a multiobjective optimization model built on top of the said BN that explicitly represents multiple dimensions of the potential impacts of successful cyberattacks. Our framework adopts a broader perspective than the standard cost-benefit analysis and allows the formulation of more nuanced security objectives. We also propose a computationally efficient algorithm that identifies the set of Pareto-optimal portfolios of security measures that simultaneously minimize various types of expected cyberattack impacts, while satisfying budgetary and other constraints. We illustrate our framework with a case study of electric power grids.

Jason Hughes,Juntao Chen

DOI: https://doi.org/10.48550/arXiv.2211.17072

2023-02-18

Abstract:This paper considers the security investment problem over a network in which the resource owners aim to allocate their constrained security resources to heterogeneous targets strategically. Investing in each target makes it less vulnerable, and thus lowering its probability of a successful attack. However, humans tend to perceive such probabilities inaccurately yielding bounded rational behaviors; a phenomenon frequently observed in their decision-making when facing uncertainties. We capture this human nature through the lens of cumulative prospect theory and establish a behavioral resource allocation framework to account for the human's misperception in security investment. We analyze how this misperception behavior affects the resource allocation plan by comparing it with the accurate perception counterpart. The network can become highly complex with a large number of participating agents. To this end, we further develop a fully distributed algorithm to compute the behavioral security investment strategy efficiently. Finally, we corroborate our results and illustrate the impacts of human's bounded rationality on the resource allocation scheme using cases studies.

Social and Information Networks

Ranjan Pal

DOI: https://doi.org/10.48550/arXiv.1202.0884

2012-02-04

Cryptography and Security

Abstract:Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as \emph{self-defense} mechanisms. However, according to security experts, such software (and their subsequent advancements) will not completely eliminate risk. Recent research efforts have considered the problem of residual risk elimination by proposing the idea of \emph{cyber-insurance}. In this regard, an important research problem is resolving information asymmetry issues associated with cyber-insurance contracts. In this paper we propose \emph{three} mechanisms to resolve information asymmetry in cyber-insurance. Our mechanisms are based on the \emph{Principal-Agent} (PA) model in microeconomic theory. We show that (1) optimal cyber-insurance contracts induced by our mechanisms only provide partial coverage to the insureds. This ensures greater self-defense efforts on the part of the latter to protect their computing systems, which in turn increases overall network security, (2) the level of deductible per network user contract increases in a concave manner with the topological degree of the user, and (3) a market for cyber-insurance can be made to exist in the presence of monopolistic insurers under effective mechanism design. Our methodology is applicable to any distributed network scenario in which a framework for cyber-insurance can be implemented.

Ranjan Pal,Pan Hui

DOI: https://doi.org/10.48550/arXiv.1202.0885

2012-02-04

Cryptography and Security

Abstract:In recent years, researchers have proposed \emph{cyber-insurance} as a suitable risk-management technique for enhancing security in Internet-like distributed systems. However, amongst other factors, information asymmetry between the insurer and the insured, and the inter-dependent and correlated nature of cyber risks have contributed in a big way to the failure of cyber-insurance markets. Security experts have argued in favor of operating system (OS) platform switching (ex., from Windows to Unix-based OSs) or secure OS adoption as being one of the techniques that can potentially mitigate the problems posing a challenge to successful cyber-insurance markets. In this regard we model OS platform switching dynamics using a \emph{social gossip} mechanism and study three important questions related to the nature of the dynamics, for Internet-like distributed systems: (i) which type of networks should cyber-insurers target for insuring?, (ii) what are the bounds on the asymptotic performance level of a network, where the performance parameter is an average function of the long-run individual user willingness to adopt secure OSs?, and (iii) how can cyber-insurers use the topological information of their clients to incentivize/reward them during offering contracts? Our analysis is important to a profit-minded cyber-insurer, who wants to target the right network, design optimal contracts to resolve information asymmetry problems, and at the same time promote the increase of overall network security through increasing secure OS adoption amongst users.

Caroline Hillairet,Thibaut Mastrolia,Wissal Sabbagh

2024-10-23

Abstract:We explore an optimal impulse control problem wherein an electronic device owner strategically calibrates protection levels against cyber attacks. Utilizing epidemiological compartment models, we qualitatively characterize the dynamics of cyber attacks within the network. We determine the optimal protective measures against effective hacking by formulating and solving a stochastic control problem with optimal switching. We demonstrate that the value function for the cluster owner constitutes a viscosity solution to a system of coupled variational inequalities associated with a fully coupled reflected backward stochastic differential equation (BSDE). Furthermore, we devise a comprehensive algorithm alongside a verification procedure to ascertain the optimal timing for network protection across various cyber attack scenarios. Our findings are illustrated through numerical approximations employing deep Galerkin methods for partial differential equations (PDEs). We visualize the optimal protection strategies in the context of two distinct attack scenarios: (1) a constant cyber attack, (2) an exogenous cyber attack strategy modeled with a Poisson process.

Optimization and Control,Probability

Lampis Alevizos,Vinh-Thong Ta

2024-09-06

Abstract:In the dynamic cyber threat landscape, effective decision-making under uncertainty is crucial for maintaining robust information security. This paper introduces the Cyber Resilience Index (CRI), a threat-informed probabilistic approach to quantifying an organisation's defence effectiveness against cyber-attacks (campaigns). Building upon the Threat-Intelligence Based Security Assessment (TIBSA) methodology, we present a mathematical model that translates complex threat intelligence into an actionable, unified metric similar to a stock market index, that executives can understand and interact with while teams can act upon. Our method leverages Partially Observable Markov Decision Processes (POMDPs) to simulate attacker behaviour considering real-world uncertainties and the latest threat actor tactics, techniques, and procedures (TTPs). This allows for dynamic, context-aware evaluation of an organization's security posture, moving beyond static compliance-based assessments. As a result, decision-makers are equipped with a single metric of cyber resilience that bridges the gap between quantitative and qualitative assessments, enabling data-driven resource allocation and strategic planning. This can ultimately lead to more informed decision-making, mitigate under or overspending, and assist in resource allocation.

Cryptography and Security

Jingyi Lu,Xiaofei Xie,Mei Wang,Xin Tang

DOI: https://doi.org/10.1002/bdm.1862

2015-01-01

Journal of Behavioral Decision Making

Abstract:The existing literature is inconsistent about how social comparison affects risk attitudes. We propose a framework where the total utility is composed of the social and financial utilities. The financial utility is consistent with prospect theory (i.e., an S-shaped utility function with a financial reference point), whereas the social utility is affected by both social and financial reference points. Therefore, social risk attitudes are determined by interaction between gains/losses in both social and financial contexts. On the basis of safety-first principle, we propose that when experiencing financial gains, individuals tend to seek upside potential and take social risks (i.e., a convex social utility function). In contrast, when facing financial losses, people would be more risk seeking in social gains but more risk averse in social losses to maximize security (i.e., an inverse S-shaped utility function). We also propose that the relative importance of financial and social utilities depends on the saliency of the reference points and size of stakes. Studies 1 and 2 showed that individuals were risk seeking in both social gains and losses with social reference points alone. Studies 3 and 4 demonstrated that when both financial and social reference points were salient, participants were risk averse in both social gains and losses when facing financial gains, but risk seeking in social gains and risk averse in social losses when facing financial losses. The hypotheses derived from the theoretical framework were in general supported by our experiments. Copyright (c) 2015 John Wiley & Sons, Ltd.

Pranjal Sharma

2024-09-15

Abstract:Day by day, the frequency of ransomware attacks on organizations is experiencing a significant surge. High-profile incidents involving major entities like Las Vegas giants MGM Resorts, Caesar Entertainment, and Boeing underscore the profound impact, posing substantial business barriers. When a sudden cyberattack occurs, organizations often find themselves at a loss, with a looming countdown to pay the ransom, leading to a cascade of impromptu and unfavourable decisions. This paper adopts a novel approach, leveraging Prospect Theory, to elucidate the tactics employed by cyber attackers to entice organizations into paying the ransom. Furthermore, it introduces an algorithm based on Prospect Theory and an Attack Recovery Plan, enabling organizations to make informed decisions on whether to consent to the ransom demands or resist. This algorithm Ransomware Risk Analysis and Decision Support (RADS) uses Prospect Theory to re-instantiate the shifted reference manipulated as perceived gains by attackers and adjusts for the framing effect created due to time urgency. Additionally, leveraging application criticality and incorporating Prospect Theory's insights into under/over weighing probabilities, RADS facilitates informed decision-making that transcends the simplistic framework of "consent" or "resistance," enabling organizations to achieve optimal decisions.

Cryptography and Security

Xu Liu,Xiaoqiang Di,Jinqing Li,Huan Wang,Jianping Zhao,Huamin Yang,Ligang Cong,Yuming Jiang

DOI: https://doi.org/10.1155/2019/5475341

IF: 1.43

2019-03-13

Mathematical Problems in Engineering

Abstract:Resource allocation is the process of optimizing the rare resources. In the area of security, how to allocate limited resources to protect a massive number of targets is especially challenging. This paper addresses this resource allocation issue by constructing a game theoretic model. A defender and an attacker are players and the interaction is formulated as a trade-off between protecting targets and consuming resources. The action cost which is a necessary role of consuming resource is considered in the proposed model. Additionally, a bounded rational behavior model (quantal response: QR), which simulates a human attacker of the adversarial nature, is introduced to improve the proposed model. To validate the proposed model, we compare the different utility functions and resource allocation strategies. The comparison results suggest that the proposed resource allocation strategy performs better than others in the perspective of utility and resource effectiveness.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Dylan Léveillé,Jason Jaskolka

DOI: https://doi.org/10.4204/EPTCS.409.11

2024-10-30

Abstract:Selecting the combination of security controls that will most effectively protect a system's assets is a difficult task. If the wrong controls are selected, the system may be left vulnerable to cyber-attacks that can impact the confidentiality, integrity and availability of critical data and services. In practical settings, it is not possible to select and implement every control possible. Instead considerations, such as budget, effectiveness, and dependencies among various controls, must be considered to choose a combination of security controls that best achieve a set of system security objectives. In this paper, we propose a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid control combinations for selection are generated using an algebraic formalism to account for dependencies among selected controls. We demonstrate the proposed approach on an illustrative financial system used in government departments under four different scenarios. The results illustrate how a security analyst can use the proposed approach to guide and support decision-making in the control selection activity when developing secure systems.

Cryptography and Security,Computer Science and Game Theory