Abstract
Motivated attackers cannot always be blocked or deterred. In the physical-world security context, examples include suicide bombers and sexual predators. In computer networks, zero-day exploits unpredictably threaten the information economy and end users. In this paper, we study the conflicting incentives of individuals to act in the light of such threats.
More specifically, in the weakest target game an attacker will always be able to compromise the agent (or agents) with the lowest protection level, but will leave all others unscathed. We find the game to exhibit a number of complex phenomena. It does not admit pure Nash equilibria, and when players are heterogeneous in some cases the game does not even admit mixed-strategy equilibria.
Most outcomes from the weakest-target game are far from ideal. In fact, payoffs for most players in any Nash equilibrium are far worse than in the game’s social optimum. However, under the rule of a social planner, average security investments are extremely low. The game thus leads to a conflict between pure economic interests, and common social norms that imply that higher levels of security are always desirable.
This research was partially supported by CyLab at Carnegie Mellon under grant DAAD19-02-1-0389 from the Army Research Office, and by the National Science Foundation under ITR award CCF-0424422 (TRUST).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)
Böhme, R., Schwartz, G.: Modeling cyber-insurance: Towards a unifying framework. In: Proceedings of the Ninth Workshop on the Economics of Information Security (WEIS 2010), Cambridge, MA (June 2010)
Christin, N., Grossklags, J., Chuang, J.: Near rationality and competitive equilibria in networked systems. In: Proceedings of ACM SIGCOMM 2004 Workshop on Practice and Theory of Incentives in Networked Systems (PINS), Portland, OR, pp. 213–219 (August 2004)
Cornes, R., Sandler, T.: The theory of externalities, public goods, and club goods. Cambridge University Press, Cambridge (1986)
Dixit, A., Skeath, S.: Games of Strategy. Norton & Company, New York (1999)
Fultz, N., Grossklags, J.: Blue versus Red: Towards a Model of Distributed Security Attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)
Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 2008 World Wide Web Conference (WWW 2008), Beijing, China, pp. 209–218 (April 2008)
Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the 9th ACM Conference on Electronic Commerce (EC 2008), Chicago, IL, pp. 160–169 (July 2008)
Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G., Paxson, V., Savage, S.: Spamalytics: An empirical analysis of spam marketing conversion. In: Proceedings of the Conference on Computer and Communications Security (CCS), Alexandria, VA, pp. 3–14 (October 2008)
Kearns, M., Ortiz, L.: Algorithms for interdependent security games. In: Thrun, S., Saul, L., Schölkopf, B. (eds.) Advances in Neural Information Processing Systems 16, pp. 561–568. MIT Press, Cambridge (2004)
Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2-3), 231–249 (2003)
Lelarge, M., Bolot, J.: Network externalities and the deployment of security features and protocols in the Internet. In: Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS 2008), Annapolis, MA, pp. 37–48 (June 2008)
Miura-Ko, A., Yolken, B., Mitchell, J., Bambos, N.: Security decision-making among interdependent organizations. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), Pittsburgh, PA, pp. 66–80 (June 2008)
Nguyen, K., Alpcan, T., Basar, T.: Stochastic games for security in networks with interdependent nodes. In: Proceedings of the International Conference on Game Theory for Networks (GameNets 2009), Istanbul, Turkey, pp. 697–703 (May 2009)
Rapoport, A., Chammah, A.: Prisoner’s Dilemma: A Study in Conflict and Cooperation. Ann Arbor Paperbacks, University of Michigan Press (1965)
Rapoport, A., Chammah, A.: The game of chicken. American Behavioral Scientist 10(3), 10–28 (1966)
Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS 2010), Koloa, HI, pp. 1–10 (January 2010)
Skoudis, E.: Malware: Fighting malicious code. Prentice Hall, Upper Saddle River (2004)
Varian, H.: System reliability and free riding. In: Camp, J., Lewis, S. (eds.) Economics of Information Security. Advances in Information Security, vol. 12, pp. 1–15. Kluwer Academic Publishers, Dordrecht (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Johnson, B., Grossklags, J., Christin, N., Chuang, J. (2012). Nash Equilibria for Weakest Target Security Games with Heterogeneous Agents. In: Jain, R., Kannan, R. (eds) Game Theory for Networks. GameNets 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 75. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30373-9_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-30373-9_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30372-2
Online ISBN: 978-3-642-30373-9
eBook Packages: Computer ScienceComputer Science (R0)