Attack-Aware Cyber Insurance of Interdependent Computer Networks
نویسندگان
چکیده
Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among three types of players.
منابع مشابه
Attack-Aware Cooperative Spectrum Sensing in Cognitive Radio Networks under Byzantine Attack
Cooperative Spectrum Sensing (CSS) is an effective approach to overcome the impact of multi-path fading and shadowing issues. The reliability of CSS can be severely degraded under Byzantine attack, which may be caused by either malfunctioning sensing terminals or malicious nodes. Almost, the previous studies have not analyzed and considered the attack in their models. The present study introduc...
متن کاملModeling Cyber-Insurance: Towards a Unifying Framework
We propose a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between info...
متن کاملSecurity adoption and influence of cyber-insurance markets in heterogeneous networks
Hosts (or nodes) in the Internet often face epidemic risks such as virus and worm attack. Despite the awareness of these risks and the importance of network/system security, investment in security protection is still scare, and hence epidemic risk is still prevalent. Deciding whether to invest in security protection is an interdependent process: security investment decision made by one node can...
متن کاملSecurity Adoption and Influence of Cyber-insurance Market in Heterogeneous Networks
Hosts (or nodes) in the Internet often face epidemic risks such as virus and worms attack. Despite the awareness of these risks and the importance of network/system security, investment in security protection is still scare, and hence epidemic risk is still prevalent. Deciding whether to invest in security protection is an interdependent process: security investment decision made by one node ca...
متن کاملCyber Reconnaissance: An Alarm before Cyber Attack
Today’s cyber world is more than the internet. It is interdependent networks containing telecommunication network, embedded system and critical infrastructures. Malicious attacks on critical infrastructure become a major threat to business and government operations. An easy and fast access to network makes business successful and makes sensitive information more vulnerable to cyber thieves. Tod...
متن کامل