Interdependent Strategic Security Risk Management With Bounded Rationality in the Internet of Things

With the increasing connectivity enabled by the Internet of Things (IoT), security becomes a critical concern, and users should invest to secure their IoT applications. Due to the massive devices in the IoT network, users cannot be aware of the security policies taken by all its connected neighbors. Instead, a user makes security decisions based on the cyber risks that he perceives by observing a selected number of nodes. To this end, we propose a model which incorporates the limited attention or bounded rationality nature of players in the IoT. Specifically, each individual builds a sparse cognitive network of nodes to respond to. Based on this simplified cognitive network representation, each user then determines his security management policy by minimizing his own real-world security cost. The bounded rational decision-makings of players and their cognitive network formations are interdependent and thus should be addressed in a holistic manner. We establish a games-in-games framework and propose a Gestalt Nash equilibrium (GNE) solution concept to characterize the decisions of agents and quantify their risk of bounded perception due to the limited attention. In addition, we design a proximal-based iterative algorithm to compute the GNE. With case studies of smart communities, the designed algorithm can successfully identify the critical users whose decisions need to be taken into account by the other users during the security management.

[1]  Stephen J. Wright,et al.  Numerical Optimization , 2018, Fundamental Statistical Inference.

[2]  Quanyan Zhu,et al.  A cyber-physical game framework for secure and resilient multi-agent autonomous systems , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[3]  Quanyan Zhu,et al.  Interdependent network formation games with an application to critical infrastructures , 2016, 2016 American Control Conference (ACC).

[4]  Bruce Schneier,et al.  The psychology of security , 2007, CACM.

[5]  Hédy Attouch,et al.  Proximal Alternating Minimization and Projection Methods for Nonconvex Problems: An Approach Based on the Kurdyka-Lojasiewicz Inequality , 2008, Math. Oper. Res..

[6]  Quanyan Zhu,et al.  A Large-Scale Markov Game Approach to Dynamic Protection of Interdependent Infrastructure Networks , 2017, GameSec.

[7]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[8]  Quanyan Zhu,et al.  iSTRICT: An Interdependent Strategic Trust Mechanism for the Cloud-Enabled Internet of Controlled Things , 2018, IEEE Transactions on Information Forensics and Security.

[9]  Quanyan Zhu,et al.  Heterogeneous Multi-Layer Adversarial Network Design for the IoT-Enabled Infrastructures , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[10]  Quanyan Zhu,et al.  GUIDEX: A Game-Theoretic Incentive-Based Mechanism for Intrusion Detection Networks , 2012, IEEE Journal on Selected Areas in Communications.

[11]  Quanyan Zhu,et al.  A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks , 2017, IEEE Journal on Selected Areas in Communications.

[12]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[13]  M. Jackson,et al.  Games on Networks , 2012 .

[14]  Quanyan Zhu,et al.  Interference Aware Routing Game for Cognitive Radio Multi-Hop Networks , 2012, IEEE Journal on Selected Areas in Communications.

[15]  Marc Teboulle,et al.  Fast Gradient-Based Algorithms for Constrained Total Variation Image Denoising and Deblurring Problems , 2009, IEEE Transactions on Image Processing.

[16]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[17]  Ilangko Balasingham,et al.  Risk-based adaptive security for smart IoT in eHealth , 2012, BODYNETS.

[18]  R. Selten,et al.  Bounded rationality: The adaptive toolbox , 2000 .

[19]  Quanyan Zhu,et al.  A Linear Quadratic Differential Game Approach to Dynamic Contract Design for Systemic Cyber Risk Management under Asymmetric Information , 2018, 2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[20]  Quanyan Zhu,et al.  Optimal Secure Two-Layer IoT Network Design , 2017, IEEE Transactions on Control of Network Systems.

[21]  Quanyan Zhu,et al.  Interdependent strategic cyber defense and robust switching control design for wind energy systems , 2017, 2017 IEEE Power & Energy Society General Meeting.

[22]  Xavier Gabaix,et al.  A Sparsity-Based Model of Bounded Rationality , 2011 .

[23]  Quanyan Zhu,et al.  Optimal Contract Design Under Asymmetric Information for Cloud-Enabled Internet of Controlled Things , 2016, GameSec.

[24]  Quanyan Zhu,et al.  Factored markov game theory for secure interdependent infrastructure networks , 2018 .

[25]  Oliver Baetz,et al.  Social Activity and Network Formation , 2015 .

[26]  Quanyan Zhu,et al.  DISTRIBUTED AND OPTIMAL RESILIENT PLANNING OF LARGE-SCALE INTERDEPENDENT CRITICAL INFRASTRUCTURES , 2018, 2018 Winter Simulation Conference (WSC).

[27]  Quanyan Zhu,et al.  A Dynamic Game Analysis and Design of Infrastructure Network Protection and Recovery: 125 , 2017, PERV.

[28]  Heinz H. Bauschke,et al.  Convex Analysis and Monotone Operator Theory in Hilbert Spaces , 2011, CMS Books in Mathematics.

[29]  Quanyan Zhu,et al.  Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach , 2017, IEEE Transactions on Information Forensics and Security.

[30]  Wei Wang,et al.  A Game Theory Based Collaborative Security Detection Method for Internet of Things Systems , 2018, IEEE Transactions on Information Forensics and Security.

[31]  Quanyan Zhu,et al.  Resilient and decentralized control of multi-level cooperative mobile networks to maintain connectivity under adversarial environment , 2015, 2016 IEEE 55th Conference on Decision and Control (CDC).

[32]  Quanyan Zhu,et al.  A factored MDP approach to optimal mechanism design for resihent large-scale interdependent critical infrastructures , 2017, 2017 Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES).

[33]  Stephen P. Boyd,et al.  Proximal Algorithms , 2013, Found. Trends Optim..

[34]  Quanyan Zhu,et al.  Security investment under cognitive constraints: A Gestalt Nash equilibrium approach , 2018, 2018 52nd Annual Conference on Information Sciences and Systems (CISS).

[35]  Emmanuel J. Candès,et al.  Near-Optimal Signal Recovery From Random Projections: Universal Encoding Strategies? , 2004, IEEE Transactions on Information Theory.

[36]  Yousef Saad,et al.  Iterative methods for sparse linear systems , 2003 .

[37]  Richard G. Baraniuk,et al.  Compressive Sensing , 2008, Computer Vision, A Reference Guide.

[38]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[39]  Marc Teboulle,et al.  Proximal alternating linearized minimization for nonconvex and nonsmooth problems , 2013, Mathematical Programming.

[40]  Juan Peypouquet,et al.  Splitting Methods with Variable Metric for Kurdyka–Łojasiewicz Functions and General Convergence Rates , 2015, J. Optim. Theory Appl..

[41]  Yves Zenou,et al.  Nestedness in Networks: A Theoretical Model and Someapplications , 2012 .

[42]  Andrew Ellis,et al.  Foundations for optimal inattention , 2018, J. Econ. Theory.