Security investment under cognitive constraints: A Gestalt Nash equilibrium approach

With the increasing connectivity enabled by the Internet of Things (IoT), security becomes a critical concern, and the users should invest to secure their IoT applications. Due to the massive devices in the IoT network, users cannot be aware of the security policies taken by all its connected neighbors. Instead, a user makes security decisions based on the cyber risks he perceives by observing a selected number of nodes. To this end, we propose a model which incorporates the limited attention or bounded rationality nature of players in the IoT. Specifically, each individual builds a sparse cognitive network which includes the users to respond to. Based on this simplified cognitive network representation, each user then determines his security investment policy by minimizing his own real-world security cost. The bounded rational decision-makings of players and their cognitive network formations are interdependent, and thus should be addressed in a holistic manner. We propose a Gestalt Nash equilibrium (GNE) solution concept to characterize the decisions of agents. Then, we design a proximal-based iterative algorithm to compute the GNE and show its convergence. With case studies to smart home communities, the designed algorithm can successfully identify the critical users whose decisions need to be taken into account by the other users during the security investment.

[1]  Richard G. Baraniuk,et al.  Compressive Sensing , 2008, Computer Vision, A Reference Guide.

[2]  Quanyan Zhu,et al.  A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks , 2017, IEEE Journal on Selected Areas in Communications.

[3]  M. Jackson,et al.  Games on Networks , 2012 .

[4]  Quanyan Zhu,et al.  Optimal Contract Design Under Asymmetric Information for Cloud-Enabled Internet of Controlled Things , 2016, GameSec.

[5]  Quanyan Zhu,et al.  A Dynamic Game Analysis and Design of Infrastructure Network Protection and Recovery: 125 , 2017, PERV.

[6]  Heinz H. Bauschke,et al.  Convex Analysis and Monotone Operator Theory in Hilbert Spaces , 2011, CMS Books in Mathematics.

[7]  Quanyan Zhu,et al.  A Large-Scale Markov Game Approach to Dynamic Protection of Interdependent Infrastructure Networks , 2017, GameSec.

[8]  Quanyan Zhu,et al.  Interdependent network formation games with an application to critical infrastructures , 2016, 2016 American Control Conference (ACC).

[9]  Yousef Saad,et al.  Iterative methods for sparse linear systems , 2003 .

[10]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[11]  Quanyan Zhu,et al.  Resilient and decentralized control of multi-level cooperative mobile networks to maintain connectivity under adversarial environment , 2015, 2016 IEEE 55th Conference on Decision and Control (CDC).

[12]  Quanyan Zhu,et al.  A factored MDP approach to optimal mechanism design for resihent large-scale interdependent critical infrastructures , 2017, 2017 Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES).

[13]  Stephen P. Boyd,et al.  Proximal Algorithms , 2013, Found. Trends Optim..

[14]  Quanyan Zhu,et al.  Secure and reconfigurable network design for critical information dissemination in the Internet of battlefield things (IoBT) , 2017, 2017 15th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt).

[15]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[16]  Bruce Schneier,et al.  The psychology of security , 2007, CACM.

[17]  Hédy Attouch,et al.  Proximal Alternating Minimization and Projection Methods for Nonconvex Problems: An Approach Based on the Kurdyka-Lojasiewicz Inequality , 2008, Math. Oper. Res..

[18]  Quanyan Zhu,et al.  Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach , 2017, IEEE Transactions on Information Forensics and Security.

[19]  Xavier Gabaix,et al.  A Sparsity-Based Model of Bounded Rationality , 2011 .