Becoming Cybercriminals: Incentives in Networks with Interdependent Security - Incentives in Networks with Interdependent Security

We study users' incentives to become cybercriminals when network security is interdependent. We present a game-theoretic model in which each player i.e., network user decides his type, honest or malicious. Honest users represent law-abiding network users, while malicious users represent cybercriminals. After deciding on their types, the users make their security choices. We will followi¾?[29], where breach probabilities for large-scale networks are obtained from a standard interdependent security IDS setup. In large-scale IDS networks, the breach probability of each player becomes a function of two variables: the player's own security action and network security, which is an aggregate characteristic of the network; network security is computed from the security actions of the individual nodes that comprise the network. This allows us to quantify user security choices in networks with IDS even when users have only very limited, aggregate information about security choices of other users of the network.

[1]  Asuman E. Ozdaglar,et al.  Network Security and Contagion , 2013, PERV.

[2]  Srinivasan Raghunathan,et al.  Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self‐Protection , 2011, Risk analysis : an official publication of the Society for Risk Analysis.

[3]  Howard Rush,et al.  The cybercrime ecosystem: Online innovation in the shadows? , 2013 .

[4]  Aron Laszka,et al.  Estimating Systematic Risk in Real-World Networks , 2014, Financial Cryptography.

[5]  Aron Laszka,et al.  The Complexity of Estimating Systematic Risk in Networks , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[6]  M. Olson,et al.  The Logic of Collective Action , 1965 .

[7]  G. Tullock THE WELFARE COSTS OF TARIFFS, MONOPOLIES, AND THEFT , 1967 .

[8]  Nicolas Christin,et al.  Uncertainty in Interdependent Security Games , 2010, GameSec.

[9]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[10]  S. Shankar Sastry,et al.  Cyber-insurance framework for large scale interdependent networks , 2014, HiCoNS.

[11]  K. Hausken Income, interdependence, and substitution effects affecting incentives for security investment , 2006 .

[12]  Howard Kunreuther,et al.  Modeling Interdependent Risks , 2007, Risk analysis : an official publication of the Society for Risk Analysis.

[13]  Jens Grossklags,et al.  Blue versus Red: Towards a Model of Distributed Security Attacks , 2009, Financial Cryptography.

[14]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[15]  Peter Honeyman,et al.  Interdependence of Reliability and Security , 2007, WEIS.

[16]  Brigitte Werners,et al.  Phishing: An economic analysis of cybercrime perpetrators , 2016, Comput. Secur..

[17]  David Hutchison,et al.  A survey of cyber security management in industrial control systems , 2015, Int. J. Crit. Infrastructure Prot..

[18]  Ness B. Shroff,et al.  An economic analysis of regulating security investments in the Internet , 2013, 2013 Proceedings IEEE INFOCOM.

[19]  Craig A. Knoblock,et al.  A Survey of Digital Map Processing Techniques , 2014, ACM Comput. Surv..

[20]  James Aspnes,et al.  Inoculation strategies for victims of viruses and the sum-of-squares partition problem , 2005, SODA '05.

[21]  Mancur Olson The Logic of Collective Action: Public Goods and the Theory of Groups, Second Printing with a New Preface and Appendix , 2009 .

[22]  Mancur Olson,et al.  The Rise and Decline of Nations: Economic Growth, Stagflation, and Social Rigidities. , 1983 .

[23]  Levente Buttyán,et al.  A Survey of Interdependent Information Security Games , 2014, ACM Comput. Surv..

[24]  Srinivasan Raghunathan,et al.  Cyber Insurance and IT Security Investment: Impact of Interdependence Risk , 2005, WEIS.

[25]  Tyler Moore,et al.  Measuring the Cost of Cybercrime , 2012, WEIS.

[26]  John Othick,et al.  The Rise and Decline of Nations: Economic Growth, Stagflation, and Social Rigidities. , 1983 .

[27]  Stefan Schmid,et al.  When selfish meets evil: byzantine players in a virus inoculation game , 2006, PODC '06.

[28]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[29]  Hadi Asghari,et al.  Security Economics in the HTTPS Value Chain , 2013 .

[30]  He Liu,et al.  Click Trajectories: End-to-End Analysis of the Spam Value Chain , 2011, 2011 IEEE Symposium on Security and Privacy.

[31]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.