Effects of Degree Distributions on Network Security Investments and Internalization of Externalities

We study the following three questions: (1) How do the node degrees in a network affect security investments when nodes are strategic and have different security investment choices? (2) How can we provide an incentive to selfish nodes to increase their security investments in order to improve the overall security and reduce the social cost? (3) How much inefficiency does the selfish nature of nodes cause? Making use of a population game model based on the well-known Chung-Lu random graph model, we first examine how the degree distribution of nodes influences their security investments at Nash equilibria (NEs) and overall network security measured by risk exposure from a neighbor. Here, the risk exposure quantifies the average risk or threat posed by a neighbor. We demonstrate several structural properties exhibited by both the NEs of population games and social optima that minimize the overall social cost. We show that, under some mild assumption, as the degrees of neighbors become (stochastically) larger, somewhat surprisingly, the risk exposure decreases at both NEs and social optima even though the security investments by a node of a fixed degree diminish. Secondly, we illustrate the relation between the NEs of population games and social optima. This relation offers a possible means of internalizing the externalities so as to enhance overall network security and reduce the social cost. Finally, we derive an upper bound on the price of anarchy, which is an affine function of the average degree of nodes.