How many down?: toward understanding systematic risk in networks

The systematic risk of a networked system depends to a large extent on its topology. In this paper, we explore this dependency using a model of risk propagation from the literature on interdependent security games. Our main area of focus is on the number of nodes that go down after an attack takes place. We develop a simulation algorithm to study the effects of such attacks on arbitrary topologies, and apply this simulation to scale-free networks. We investigate by graphical illustration how the outcome distribution of such networks exhibits correlation effects that increase the likelihood of losing more nodes at once -- an effect having direct applications to cyber-insurance.

[1]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[2]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[3]  Lawrence A. Gordon,et al.  Sharing Information on Computer Systems Security: An Economic Analysis , 2003 .

[4]  Luis E. Ortiz,et al.  Algorithms for Interdependent Security Games , 2003, NIPS.

[5]  Aron Laszka,et al.  A Survey of Interdependent Security Games Working paper , 2012 .

[6]  S. Lakshmivarahan,et al.  On the number and the distribution of the nash equilibria in supermodular games and their impact on the tipping set , 2009, 2009 International Conference on Game Theory for Networks.

[7]  Aron Laszka,et al.  Estimating Systematic Risk in Real-World Networks , 2014, Financial Cryptography.

[8]  Ramayya Krishnan,et al.  Correlated Failures, Diversification, and Information Security Risk Management , 2011, MIS Q..

[9]  Albert-László Barabási,et al.  Scale-Free Networks: A Decade and Beyond , 2009, Science.

[10]  Aron Laszka,et al.  The Complexity of Estimating Systematic Risk in Networks , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[11]  Quanyan Zhu,et al.  Decision and Game Theory for Security , 2016, Lecture Notes in Computer Science.

[12]  Rainer Böhme,et al.  Models and Measures for Correlation in Cyber-Insurance , 2006, WEIS.

[13]  Rainer Böhme Towards Insurable Network Architectures , 2010, it Inf. Technol..

[14]  Kenneth P. Birman,et al.  The Monoculture Risk Put into Context , 2009, IEEE Security & Privacy Magazine.

[15]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[16]  Rainer Böhme,et al.  Security Games with Market Insurance , 2011, GameSec.

[17]  Carsten Wiuf,et al.  Subnets of scale-free networks are not scale-free: sampling properties of networks. , 2005, Proceedings of the National Academy of Sciences of the United States of America.

[18]  Nicolas Christin,et al.  Uncertainty in Interdependent Security Games , 2010, GameSec.

[19]  Minas Gjoka,et al.  Practical Recommendations on Crawling Online Social Networks , 2011, IEEE Journal on Selected Areas in Communications.

[20]  Srinivasan Raghunathan,et al.  Cyber Insurance and IT Security Investment: Impact of Interdependence Risk , 2005, WEIS.

[21]  Ross J. Anderson Liability and Computer Security: Nine Principles , 1994, ESORICS.

[22]  Rainer Böhme,et al.  Modeling Cyber-Insurance: Towards a Unifying Framework , 2010, WEIS.

[23]  James Aspnes,et al.  Inoculation strategies for victims of viruses and the sum-of-squares partition problem , 2005, SODA '05.

[24]  Walter Willinger,et al.  Towards a Theory of Scale-Free Graphs: Definition, Properties, and Implications , 2005, Internet Math..

[25]  Stefan Schmid,et al.  When selfish meets evil: byzantine players in a virus inoculation game , 2006, PODC '06.

[26]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[27]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[28]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[29]  Luis E. Ortiz,et al.  Interdependent Defense Games: Modeling Interdependent Security under Deliberate Attacks , 2012, UAI.