Attacking and Defending Multiple Valuable Secrets in a Big Data World

Abstract This paper studies the attack-and-defence game between a web user and a whole set of players over this user’s ‘valuable secrets.’ The number and type of these valuable secrets are the user’s private information. Attempts to tap information as well as privacy protection are costly. The multiplicity of secrets is of strategic value for the holders of these secrets. Users with few secrets keep their secrets private with some probability, even though they do not protect them. Users with many secrets protect their secrets at a cost that is smaller than the value of the secrets protected. The analysis also accounts for multiple redundant information channels with cost asymmetries, relating the analysis to attack-and-defence games with a weakest link.

[1]  Kjell Hausken,et al.  Defense and attack for interdependent systems , 2017, Eur. J. Oper. Res..

[2]  Subhasish M. Chowdhury,et al.  The Attack‐And‐Defense Group Contests: Best Shot Versus Weakest Link , 2016 .

[3]  Subhasish M. Chowdhury,et al.  Group Contests with Internal Conflict and Power Asymmetry , 2014, SSRN Electronic Journal.

[4]  Stefan Fenz,et al.  A taxonomy for privacy enhancing technologies , 2015, Comput. Secur..

[5]  Kjell Hausken,et al.  Choosing what to protect when attacker resources and asset valuations are uncertain , 2014 .

[6]  Kai A. Konrad,et al.  Strategy and Dynamics in Contests , 2009 .

[7]  G. Tullock THE WELFARE COSTS OF TARIFFS, MONOPOLIES, AND THEFT , 1967 .

[8]  Paul Belleflamme Monopoly Price Discrimination and Privacy: The Hidden Cost of Hiding , 2015, SSRN Electronic Journal.

[9]  Roman M. Sheremeta,et al.  Fight or Flight? Defending Against Sequential Attacks in the Game of Siege , 2010 .

[10]  S. Gritzalis,et al.  Privacy Enhancing Technologies: A Review , 2003, EGOV.

[11]  Gregory Levitin,et al.  Optimal defense with variable number of overarching and individual protections , 2014, Reliab. Eng. Syst. Saf..

[12]  Dennis Broeders,et al.  Big Data and security policies: Towards a framework for regulating the phases of analytics and use of Big Data , 2017, Comput. Law Secur. Rev..

[13]  S. Nitzan Rent-seeking with non-identical sharing rules , 1991 .

[14]  S. Goyal,et al.  How do you defend a network , 2017 .

[15]  Derek J. Clark,et al.  Asymmetric Conflict , 2007 .

[16]  Subhasish M. Chowdhury,et al.  The Max-Min Group Contest: Weakest-link (Group) All-pay Auction , 2016 .

[17]  Yongxi Chen,et al.  The Transparent Self Under Big Data Profiling: Privacy and Chinese Legislation on the Social Credit System , 2017 .

[18]  G. Tullock Efficient Rent Seeking , 2001 .

[19]  Ian Goldberg,et al.  Privacy-Enhancing Technologies for the Internet, II: Five Years Later , 2002, Privacy Enhancing Technologies.

[20]  Arun Vishwanath,et al.  How people protect their privacy on facebook: A cost‐benefit view , 2018, J. Assoc. Inf. Sci. Technol..

[21]  Tommaso M. Valletti,et al.  The Value of Personal Information in Online Markets with Endogenous Privacy , 2019, Manag. Sci..

[22]  Marcin Dziubinski,et al.  Network Design and Defence , 2012, Games Econ. Behav..

[23]  Douglas D. Davis,et al.  Rent-seeking with non-identical sharing rules: An equilibrium rescued , 1999 .

[24]  Larry Samuelson,et al.  Choosing What to Protect: Strategic Defensive Allocation Against an Unknown Attacker , 2005 .

[25]  Gregory Levitin,et al.  False Targets in Defending Systems against Two Sequential Attacks , 2014 .

[26]  Leigh Anne Clark,et al.  Employer’s Use of Social Networking Sites: A Socially Irresponsible Practice , 2010 .

[27]  S. Nitzan Collective Rent Dissipation , 1991 .

[28]  Vicki M. Bier,et al.  Protection of simple series and parallel systems with components of different values , 2005, Reliab. Eng. Syst. Saf..

[29]  J. Riley,et al.  Politically Contestable Rents And Transfers , 1989 .

[30]  Burkhard C. Schipper,et al.  Political Awareness, Microtargeting of Voters, and Negative Electoral Campaigning , 2018 .

[31]  Michael R. Baye,et al.  The all-pay auction with complete information , 1990 .

[32]  Qinghua Zheng,et al.  Mining Suspicious Tax Evasion Groups in Big Data , 2016, IEEE Transactions on Knowledge and Data Engineering.

[33]  Kai A. Konrad,et al.  Endogenous Group Formation in Experimental Contests , 2012 .

[34]  Curtis R. Taylor,et al.  The Economics of Privacy , 2016 .

[35]  M. N. Ravishankar,et al.  The Perils and Promises of Self-Disclosure on Social Media , 2017, Information Systems Frontiers.

[36]  P. Bobko,et al.  Social Media in Employee-Selection-Related Decisions , 2016 .

[37]  Dan Kovenock,et al.  Weakest‐link attacker‐defender games with multiple attack technologies , 2012 .

[38]  Does microtargeting matter? Campaign contact strategies and young voters , 2018 .

[39]  Daniel A. Miller,et al.  Why do people lie online? "Because everyone lies on the internet" , 2016, Comput. Hum. Behav..

[40]  Kjell Hausken,et al.  Defending against multiple different attackers , 2011, Eur. J. Oper. Res..

[41]  Manolis Maragoudakis,et al.  Automated pool detection from satellite images using data mining techniques , 2016 .