Wei Sun,Xiangwei Kong,Dequan He,Xingang You

DOI: https://doi.org/10.1109/ISECS.2008.147

2008-01-01

Abstract:The purpose of this paper is to resolve information security problem in the mobile electronic commerce industry chain. We analyze information security based on evolutionary game theory. In this paper, we set up the information security game model with penalty parameter, calculate replicator dynamics, and analyze the evolutionary stable strategy of the game model. The result reveals that reducing the investment cost is the key factor to promote information security investment. If this condition can not be satisfied, the regulation of penalty parameter will help to promote the investment. The research method in this paper provides a new thought for the solution of information security in the mobile electronic commerce chain.

Wei Sun,Xiangwei Kong,Dequan He,Xingang You

DOI: https://doi.org/10.1109/ICICIC.2008.319

2008-01-01

Abstract:The purpose of this paper is to analyze the strategy to promote the information security investment based on game theory. We use game theory to make the analysis and put forward the fruitful strategy suggestions for the defender organization to invest in information security. We set up the information security game model, and make the Nash Equilibrium analysis. The Nash Equilibrium analysis results of pure strategy and mixed strategy are consistent. By Nash Equilibrium analysis, we get the cost demand for information security investment. If this demand condition is not satisfied, we introduce the penalty parameter to the investment game. By regulating the value of the penalty parameter, we solve the hard problem of information security investment when it is difficult to reduce the investment cost. It is the first time to analyze information security investment by game theory. Our results provide fruitful strategy suggestions to promote information security investment.

孙薇,孔祥维,何德全,尤新刚

DOI: https://doi.org/10.3969/j.issn.1007-3221.2008.05.015

2008-01-01

Abstract:Based on Game theory,this paper analyzes the equilibrium of information security investment,and provides a new method to solve the investment quantity of information security.It sets up the information security investment game model of the organizations according to the strategy interdependence,and the relation parameter in the model reflects the game relationship of two organizations,so the equilibrium analysis is made based on reaction function method according to the deferent value of relation parameter.In particular,for the attacker-defender game relationship,it brings forward a proposition of information security investment and makes simulation analysis.The research result not only explains the information security investment in the world,but also provides a good direction of the information security investment quantity for organizations.

Qin Wang,Jianming Zhu

DOI: https://doi.org/10.1109/INFOMAN.2016.7477542

2016-01-01

Abstract:With the development of information security and the occurrence of endless security incidents, information security economics has become a new discipline and gained great attentions in academia. This paper analyzes the issue of optimal information security facing two classic types of attacks. With the consideration of business benefits bought by security investment, we identify the different characteristics compared to the previous studies, which can give meaningful inspirations to firms in reality. In addition, we innovatively use evolutionary game theory to study how firms choose the investment strategy in the long run. At last we give a conclusion and point out some fields for future researches.

Xiaofei Qian,Xinbao Liu,Jun Pei,Panos M. Pardalos,Lin Liu

DOI: https://doi.org/10.1057/s41274-016-0134-y

IF: 3.6

2017-10-01

Journal of the Operational Research Society

Abstract:The application of Internet of Things promotes the cooperation among firms, and it also introduces some information security issues. Due to the vulnerability of the communication network, firms need to invest in information security technologies to protect their confidential information. In this paper, considering the multiple-step propagation of a security breach in a fully connected network, an information security investment game among n firms is investigated. We make meticulous theoretic and experimental analyses on both the Nash equilibrium solution and the optimal solution. The results show that a larger network size (n) or a larger one-step propagation probability (q) has a negative effect on the Nash equilibrium investment. The optimal investment does not necessarily increase in n or q, and its variation trend depends on the concrete conditions. A compensation mechanism is proposed to encourage firms to coordinate their strategies and invest a higher amount equal to the optimal investment when they make decisions individually. At last, our model is extended by considering another direct breach probability function and another network structure, respectively. We find that a higher connection density of the network will result in a greater expected cost for each firm.

management,operations research & management science

Zhen Wang,Chaofan Li,Xing Jin,Hong Ding,Guanghai Cui,Lanping Yu

DOI: https://doi.org/10.1016/j.amc.2021.126051

IF: 4.397

2021-01-01

Applied Mathematics and Computation

Abstract:With the development of information technology, the infrastructure between enterprises and the connections between businesses show complex network characteristics. The security investment made by an enterprise in a network has an impact on its neighbors, but also bears the impact of its neighbors' security investments. Such individual interaction problems are often modeled as interdependent security games (IDS). In this paper, we study IDS models under three different attack scenarios: the total effort, the weakest link and the best shot. We use evolutionary game theory to explore the dynamics of social payoffs and the average social investments of these three models under different network topologies. The results show that under the total effort model, individuals are more inclined to increase their investments, while under the weakest link and best shot models, individuals choose to minimize their investments due to selfishness. Finally, we study the cluster effect under different network structures and find the threshold at which it exists. (C) 2021 Elsevier Inc. All rights reserved.

Shuting Liu,Yinghua Ma,Xiuzhen Chen

DOI: https://doi.org/10.1016/j.heliyon.2023.e16590

IF: 3.776

2023-05-31

Heliyon

Abstract:As nodes in Social Internet of Things (SIoT) become more intelligent, malicious information occurs more frequently and spreads more widely. This problem can severely affect the trustworthiness of services and applications in SIoT. Methods to effectively control malicious information spreading in SIoT are essential and necessary. Reputation mechanism provides a powerful tool to tackle this challenge. In this paper, we propose a reputation-based mechanism to activate the self-purification capacity of the SIoT network by balancing information conflicts triggered by reporters and supporters. In order to find the best rewarding and punishment strategy, a bilateral cumulative-prospect-based evolutionary game model of SIoT network information conflict is constructed. Using local stability analysis and numerical simulation, the evolutionary trends of the proposed game model under different theoretical application scenarios are analyzed. The findings indicate that the basic income and deposit of both sides, the popularity of information as well as the importance of the conformity effect all have a significant impact on the system's steady state and evolutionary path. The specific conditions that both participating sides of the game tend to treat conflicts relatively rationally are analyzed. Dynamic evolution analysis and sensitivity analysis of selected parameters show that basic income is positively related to smart object's feedback strategies, while deposit is negatively related to that. While weight of conformity effect or the information popularity goes up, the rising of feedback probability is observed. Based on the above results, suggestions on dynamic reward and punishment strategies are given. The proposed model is a helpful attempt to model the evolution of information spreading in SIoT networks, with the ability to simulate several well-known regularities of message dissemination. Proposed model and suggested quantitative strategies can be helpful to build feasible malicious information control facilities in SIoT networks.

Fang Liu,Li Pan,Lihong Yao

DOI: https://doi.org/10.1109/dsc.2018.00046

2018-01-01

Abstract:With the increasing development of online social networks, privacy protection attracts more and more concerns. Most research on privacy protection focus on specific techniques, and they assume users adopt security protection mechanisms for granted. The impact of user behaviors on the deployment of these mechanisms is usually neglected. In fact, the actual effect of privacy protection mechanisms depends heavily on user behaviors. Whether a user adopts the security mechanism is affected by incentives, interactions with friends and other factors. It is necessary to encourage users to take privacy protection settings in order to improve the security environment in social networks. Therefore, in this paper, a network evolutionary game model is proposed for studying the influence of user behaviors on the deployment of privacy protection mechanisms, where whether to take privacy settings is used as game strategies. Considering real interactions in social networks, games only happen between connected users in the model. Then the dynamic equation of user behaviors over time is derived. Based on the dynamic equation, evolutionary stability conditions are proven according to the benefit cost ratio of taking the protection. Experiments in real social networks verify the feasibility of the proposed model. The analysis results are helpful for guiding security services to promote the deployment of privacy protection mechanisms in social networks.

Guang Zhu,Hu Liu,Mining Feng

DOI: https://doi.org/10.3390/ijerph15102196

2018-01-01

Abstract:With the rapid deployment of mobile technologies and their applications in the healthcare domain, privacy concerns have emerged as one of the most critical issues. Traditional technical and organizational approaches used to address privacy issues ignore economic factors, which are increasingly important in the investment strategy of those responsible for ensuring privacy protection. Taking the mHealth system as the context, this article builds an evolutionary game to model three types of entities (including system providers, hospitals and governments) under the conditions of incomplete information and bounded rationality. Given that the various participating entities are often unable to accurately estimate their own profits or costs, we propose a quantified approach to analyzing the optimal strategy of privacy investment and regulation. Numerical examples are provided for illustration and simulation purpose. Based upon these examples, several countermeasures and suggestions for privacy protection are proposed. Our analytical results show that governmental regulation and auditing has a significant impact on the strategic choice of the other two entities involved. In addition, the strategic choices of system providers and hospitals are not only correlated with profits and investment costs, but they are also significantly affected by free riding. If the profit growth coefficients increase to a critical level, mHealth system providers and hospitals will invest in privacy protection even without the imposition of regulations. However, the critical level is dependent on the values of the parameters (variables) in each case of investment and profits.

Jun Du,Chunxiao Jiang,Kwang-Cheng Chen,Yong Ren,H. Vincent Poor

DOI: https://doi.org/10.1109/tifs.2017.2758756

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Social networks have attracted billions of users and supported a wide range of interests and practices. Users of social networks can be connected with each other by different communities according to professions, living locations, and personal interests. With the development of diverse social network applications, academic researchers, and practicing engineers pay increasing attention to the related technology. As each user on the social network platforms typically stores and shares a large amount of personal data, the privacy of such user-related information raises serious concerns. Most research on privacy protection relies on specific information security techniques such as anonymization or access control. However, the protection of privacy depends heavily on the incentive mechanisms of social networks, like users' psychological decisions on security execution and socio-economic considerations. For example, the desire to influence the behaviors of other people may change a user's choice of security setting. In this paper, a game theoretic framework is established to model users' interactions that influence users' decisions as to whether to undertake privacy protection or not. To model the relationship of user communities, community-structured evolutionary dynamics are introduced, in which interactions of users can only happen among those users who have at least one community in common. Then the dynamics of the users' strategies to take a specific privacy protection or not is analyzed based on the proposed community structured evolutionary game theoretic framework. Experiments show that the proposed framework is effective in modeling the users' relationships and privacy protection behaviors. Moreover, results can also help social network managers to design appropriate security service and payment mechanisms to encourage their users to take the privacy protection, which can promote the spreading of privacy behavior throughout the network.

Jun-jie L(U),Wan-hua QIU,Yuan-zhuo WANG

DOI: https://doi.org/10.3321/j.issn:1003-207X.2006.03.002

2006-01-01

Abstract:Based on the interdependence,which is an important characteristic of information security and the diversity of invasions,an investment game model is presented in this paper.The paper investigates the investment risk exerted by the contagion between firms in the network.With externality representing the risk,the relationship between investment risks and the interdependent extension and the amount of firms in the network is illustrated.By use of the model,the investment risk and decision are analyzed quantitatively and then several Nash equilibrium solutions are provided further.

Xiufeng Li,Zhen Zhang

DOI: https://doi.org/10.1007/s12599-024-00864-9

2024-04-24

Business & Information Systems Engineering

Abstract:At present, businesses can reap impressive benefits from the Internet of Things (IoT). However, with the increasing number of IoT devices and the complexity of the IoT ecosystem, there is a growing concern about security vulnerabilities. This study aims to address the network security investment problem in an IoT environment by developing a game-theoretical model. It examines the impact of IoT service level and customer characteristics on the incentives for both the IoT platform and the manufacturer to invest in security, as well as the platform's profitability. Through analytical analysis, several noteworthy findings are obtained. Firstly, it is found that a higher IoT platform service level corresponds to a higher security responsibility. As a result, the platform needs to carefully consider the costs and benefits associated with security investment and service provision. Additionally, the research demonstrates that both the platform and the manufacturer's efforts to enhance security do not diminish, even when faced with increasing customer losses due to security breaches. This is because the IoT platform indirectly benefits a larger number of consumers who purchase smart devices, thus motivating the platform to prioritize network security efforts. Furthermore, the study reveals the influence of the unit security cost and the amount of highly sensitive customers on the security efforts undertaken by both the IoT platform and the smart device manufacturer. These results have important practical implications for firms operating within an IoT-based supply chain. Specifically, the findings can provide valuable decision-making guidance for enterprises seeking digital transformation and trying to make informed choices regarding platform operations.

computer science, information systems

Jun Du,Chunxiao Jiang,Shui Yu,Kwang-Cheng Chen,Yong Ren

DOI: https://doi.org/10.1109/globalsip.2016.7905993

2016-01-01

Abstract:Users of social networks can be connected with each other by different communities according to professions, living locations and personal interests. As each user on the social network platforms stores and shows a large amount of personal data, the privacy protection raises as a major concern. This paper establishes a game theoretic framework to model users' interactions to influence users' strategies to take the privacy protection or not. To model the relationship of user communities, we introduce the community-structured evolutionary dynamics. Users' interactions can only happen among those who have at least one common community. Then we analyze the dynamics of users' privacy protection behavior based on the proposed community structured evolutionary game theoretic framework. Results show that social network managers need to provide appropriate security service b and payment mechanism c to ensure that cost performance b/c is larger than the critical cost performance, which can promote the spread of the privacy security behavior over the network. Moreover, results can help to design appropriate structure of the social network and control the convergence speed that all users take the privacy protection.

Yong Wu,Gengzhong Feng,Nengmin Wang,Huigang Liang

DOI: https://doi.org/10.1016/j.eswa.2015.03.033

IF: 8.5

2015-01-01

Expert Systems with Applications

Abstract:The level of firms' information security investment has recently become a critical issue in the management of IT infrastructure. Prior studies have not considered attack types and firms interconnection simultaneously when investigating the optimisation of such investment. Using game theory, we demonstrate that the optimal security investment level of an interconnected firm against targeted attacks is different from that against opportunistic attacks. Our model shows that not all information security risks are worth fighting against. As the potential loss increases, it is unadvisable to increase the security investment proportionately. Firms should increase investments with intrinsic vulnerability when facing target attacks, but focus on those systems that fall into the midrange of intrinsic vulnerability when facing opportunistic attacks. Firms are unwilling to invest in security and often offload reliability problems onto others when the trusted interdependence relationship becomes tighter in the absence of economic incentives. Thus we also discuss two economic incentives to motivate firms: liability and security information sharing. We find-that if the rules are set properly, both economic incentives are effective to not only internalise the negative externality and improve a firm's security level, but also reduce the total expected cost. We show that firms' optimal investments of liability always increase with the increasing number of firms, but the optimal investments on security information sharing increase only when the number of firms is large enough. These insights draw attention to many trade-offs firms often face and the importance of accurate assessment of firms' security environment. Future research directions are discussed based on the limitations and possible extensions of this study. (C) 2015 Elsevier Ltd. All rights reserved.

Rong Pan,Changxin Xu

DOI: https://doi.org/10.1109/MINES.2010.110

2010-01-01

Abstract:During the cyber security construction process, how to set proper security standard and investment quota in accordance with the important degree of its information is a universal problem of enterprises. We propose a dynamic Invest-Attack Model based on Information Asymmetry between the protectors and attackers of cyber security and make RD analysis to the proposed model with Evolutionary Game Theory. Finally, we analyze motivation of decision making of players of both sides from microcosmic perspective and put forward conclusion as well as policy suggestions.

Xiao-tong XU,Gao-cai WANG,Jin-tian HU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2020.01.020

2020-01-01

Abstract:With the increasing complexity of network information system,people attach great importance to network security and user privacy. It is especially important to find new technologies that can maintain network security,analyze and predict the form of network attack and defense. Because the characteristics of evolutionary game theory are similar to those of network attack and defense,this pa-per analyses the network environment,constructs the network attack and defense scenarios,and introduces incentive mechanism on the basis of punishment mechanism,and proposes an evolutionary game model of attack and defense based on incentive mechanism. By giving the different problem situations of the group,the replication dynamic equation is used to analyze the evolution of the strategy se-lection of the player. In addition,on the basis of the management of players in the third-party supervision department,the evolution law of attack groups in different attack time is analyzed,which proves that the attack is time-sensitive. The feasibility of the incentive mechanism is further proved by the impact of incentive mechanisms on the selection of defense group strategies and the introduction of defense investment returns. According to the experimental verification,the attack and defense evolutionary game model proposed in this paper can achieve the steady state and obtain the optimal defense strategy under different problem situations,thus effectively reducing the loss of the defender and curbing the attack behavior of the attacker.

WANG Qin,ZHU Jianming

DOI: https://doi.org/10.11959/j.issn.1000-436x.2018027

2018-01-01

Abstract:In order to study the impacts of externalities of information security investment, the Gordon-Loeb model was extended to a multi-organization game environment. The relationships of the optimal information security investment with vulnerability, potential loss and investment effectiveness when confronted with different attack types under the posi-tive and negative externalities were obtained respectively, and the difference with the optimal information security in-vestment under the social optimum condition was compared. The results show that there were some similarities in the varying pattern of information security investment between the condition of the positive externality and a single organi-zation, but information security investment under the negative externality changes greatly and was generally more cau-tious, and attack types also have important impacts on information security investment.

Xing Gao,Manting Qiu,Ying Wang,Xifan Wang

DOI: https://doi.org/10.1080/01605682.2022.2096506

IF: 3.6

2022-08-04

Journal of the Operational Research Society

Abstract:Nowadays, business connection between firms becomes rather common so that one firm stores not only its information asset but also some of other firms' information asset. The management of information security is vital for these resource-sharing firms. This paper constructs a game-theoretic model between two resource-sharing firms and one hacker to examine their strategic interaction when the firms face budget constraint on security investment. We consider security information sharing between the firms, which can improve their overall security effort but meantime facilitate the hacker's learning to reduce attack costs. We find that although a tight budget constraint can help save investment cost, the firms always suffer from a poorly secure environment. It shows that although security information sharing is usually encouraged, the firms may be hurt when security information sharing is excessive so that fierce cyber-attacks are induced. We finally design an optimal compensation mechanism, in which the compensation fund is shown to increase with the degree of resource sharing.

management,operations research & management science

Ranjan Pal,Pan Hui

DOI: https://doi.org/10.48550/arXiv.1104.0594

2011-04-04

Cryptography and Security

Abstract:Modern distributed communication networks like the Internet and censorship-resistant networks (also a part of the Internet) are characterized by nodes (users) interconnected with one another via communication links. In this regard, the security of individual nodes depend not only on their own efforts, but also on the efforts and underlying connectivity structure of neighboring network nodes. By the term 'effort', we imply the amount of investments made by a user in security mechanisms like antivirus softwares, firewalls, etc., to improve its security. However, often due to the large magnitude of such networks, it is not always possible for nodes to have complete effort and connectivity structure information about all their neighbor nodes. Added to this is the fact that in many applications, the Internet users are selfish and are not willing to co-operate with other users on sharing effort information. In this paper, we adopt a non-cooperative game-theoretic approach to analyze individual user security in a communication network by accounting for both, the partial information that a network node possess about its underlying neighborhood connectivity structure, as well as the presence of positive externalities arising from efforts exerted by neighboring nodes. We investigate the equilibrium behavior of nodes and show 1) the existence of symmetric Bayesian Nash equilibria of efforts and 2) better connected nodes choose lower efforts to exert but earn higher utilities with respect to security improvement irrespective of the nature of node degree correlations amongst the neighboring nodes. Our results provide ways for Internet users to appropriately invest in security mechanisms under realistic environments of information uncertainty.

Libin Jiang,Venkat Anantharam,Jean Walrand

DOI: https://doi.org/10.1109/TNET.2010.2071397

2011-04-01

IEEE/ACM Transactions on Networking

Abstract:We study a network security game where strategic players choose their investments in security. Since a player's investment can reduce the propagation of computer viruses, a key feature of the game is the positive externality exerted by the investment. With selfish players, unfortunately, the overall network security can be far from optimum. The contributions of this paper are as follows. 1) We first characterize the price of anarchy (POA) in the strategic-form game under an "Effective-investment" model and a "Bad-traffic" model, and give insight on how the POA depends on individual players' cost functions and their mutual influence. We also introduce the concept of "weighted POA" to bound the region of payoff vectors. 2) In a repeated game, players have more incentive to cooperate for their long term interests. We consider the socially best outcome that can be supported by the repeated game, as compared to the social optimum. 3) Next, we compare the benefits of improving security technology and improving incentives, and show that improving technology alone may not offset the price of anarchy. 4) Finally, we characterize the performance of correlated equilibrium (CE). Although the paper focuses on network security, many results are generally applicable to games with positive externalities.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture