Estimating Systematic Risk in Real-World Networks

Social, technical and business connections can all give rise to security risks. These risks can be substantial when individual compromises occur in combinations, and difficult to predict when some connections are not easily observed. A significant and relevant challenge is to predict these risks using only locally-derivable information.

[1]  Walter Willinger,et al.  Towards a Theory of Scale-Free Graphs: Definition, Properties, and Implications , 2005, Internet Math..

[2]  Alessandro Vespignani,et al.  Epidemic spreading in scale-free networks. , 2000, Physical review letters.

[3]  Simon French,et al.  Encyclopedia of quantitative risk analysis and assessment , 2008 .

[4]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[5]  W. Härdle,et al.  Statistical Tools for Finance and Insurance , 2003 .

[6]  Stefan Schmid,et al.  When selfish meets evil: byzantine players in a virus inoculation game , 2006, PODC '06.

[7]  Rainer Böhme,et al.  Security Games with Market Insurance , 2011, GameSec.

[8]  Rainer Böhme,et al.  Models and Measures for Correlation in Cyber-Insurance , 2006, WEIS.

[9]  John S. Baras,et al.  Decision and Game Theory for Security , 2010, Lecture Notes in Computer Science.

[10]  Rainer Böhme Towards Insurable Network Architectures , 2010, it Inf. Technol..

[11]  Víctor M Eguíluz,et al.  Epidemic threshold in structured scale-free networks. , 2002, Physical review letters.

[12]  Roger J. A. Laeven,et al.  Premium Calculation and Insurance Pricing , 2008 .

[13]  Srinivasan Raghunathan,et al.  Cyber Insurance and IT Security Investment: Impact of Interdependence Risk , 2005, WEIS.

[14]  Aron Laszka,et al.  How many down?: toward understanding systematic risk in networks , 2014, AsiaCCS.

[15]  Aron Laszka,et al.  A Survey of Interdependent Security Games , 2012 .

[16]  Quanyan Zhu,et al.  Decision and Game Theory for Security , 2016, Lecture Notes in Computer Science.

[17]  Luis E. Ortiz,et al.  Interdependent Defense Games: Modeling Interdependent Security under Deliberate Attacks , 2012, UAI.

[18]  Nicolas Christin,et al.  When Information Improves Information Security , 2010, Financial Cryptography.

[19]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[20]  Ross J. Anderson Liability and Computer Security: Nine Principles , 1994, ESORICS.

[21]  Kenneth P. Birman,et al.  The Monoculture Risk Put into Context , 2009, IEEE Security & Privacy Magazine.

[22]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[23]  Jens Grossklags,et al.  Blue versus Red: Towards a Model of Distributed Security Attacks , 2009, Financial Cryptography.

[24]  Levente Buttyán,et al.  A Survey of Interdependent Information Security Games , 2014, ACM Comput. Surv..

[25]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[27]  Alessandro Vespignani,et al.  Epidemic dynamics in finite size scale-free networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[28]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[29]  Luis E. Ortiz,et al.  Algorithms for Interdependent Security Games , 2003, NIPS.

[30]  Nicolas Christin,et al.  Uncertainty in Interdependent Security Games , 2010, GameSec.

[31]  Minas Gjoka,et al.  Practical Recommendations on Crawling Online Social Networks , 2011, IEEE Journal on Selected Areas in Communications.

[32]  Aron Laszka,et al.  The Complexity of Estimating Systematic Risk in Networks , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[33]  Minas Gjoka,et al.  Walking in Facebook: A Case Study of Unbiased Sampling of OSNs , 2010, 2010 Proceedings IEEE INFOCOM.

[34]  L. Camp Economics of Information Security , 2006 .

[35]  Ramayya Krishnan,et al.  Correlated Failures, Diversification, and Information Security Risk Management , 2011, MIS Q..

[36]  KrishnanRamayya,et al.  Correlated failures, diversification, and information security risk management , 2011 .

[37]  Rainer Böhme,et al.  Modeling Cyber-Insurance: Towards a Unifying Framework , 2010, WEIS.

[38]  James Aspnes,et al.  Inoculation strategies for victims of viruses and the sum-of-squares partition problem , 2005, SODA '05.

[39]  W. Sharpe CAPITAL ASSET PRICES: A THEORY OF MARKET EQUILIBRIUM UNDER CONDITIONS OF RISK* , 1964 .

[40]  Carsten Wiuf,et al.  Subnets of scale-free networks are not scale-free: sampling properties of networks. , 2005, Proceedings of the National Academy of Sciences of the United States of America.

[41]  Albert-László Barabási,et al.  Scale-Free Networks: A Decade and Beyond , 2009, Science.