Uncertainty in the weakest-link security game

Jens Grossklags, Benjamin Johnson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Scopus citations

Abstract

Individuals in computer networks not only have to invest to secure their private resources from potential attackers, but have to be aware of the existing interdependencies that exist with other network participants. Indeed, a user's security is frequently negatively impacted by protection failures of even just one other individual, the weakest link. In this paper, we are interested in the impact of bounded rationality and limited information on user payoffs and strategies in the presence of strong weakest-link externalities. As a first contribution, we address the problem of bounded rationality by proposing a simple but novel modeling approach. We anticipate the vast majority of users to be unsophisticated and to apply approximate decision-rules that fail to accurately appreciate the impact of their decisions on others. Expert agents, on the other hand, fully comprehend to which extent their own and others' security choices affect the network as a whole, and respond rationally. The second contribution of this paper is to address how the security choices by users are mediated by the information available on the severity of the threats the network faces. We assume that each individual faces a randomly drawn probability of being subject to a direct attack. We study how the decisions of the expert user differ if all draws are common knowledge, compared to a scenario where this information is only privately known. We further propose a metric to quantify the value of information available: the payoff difference between complete and incomplete information conditions, divided by the payoff under the incomplete information condition. We study this ratio metric graphically and isolate parameter regions where being more informed creates a payoff advantage for the expert agent.

Original languageEnglish (US)
Title of host publicationProceedings of the 2009 International Conference on Game Theory for Networks, GameNets '09
Pages673-682
Number of pages10
DOIs
StatePublished - 2009
Event2009 International Conference on Game Theory for Networks, GameNets '09 - Istanbul, Turkey
Duration: May 13 2009May 15 2009

Publication series

NameProceedings of the 2009 International Conference on Game Theory for Networks, GameNets '09

Other

Other2009 International Conference on Game Theory for Networks, GameNets '09
Country/TerritoryTurkey
CityIstanbul
Period5/13/095/15/09

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition

Fingerprint

Dive into the research topics of 'Uncertainty in the weakest-link security game'. Together they form a unique fingerprint.

Cite this