A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

Slides:

Advertisements

Similar presentations

Observational Learning in Random Networks Julian Lorenz, Martin Marciniszyn, Angelika Steger Institute of Theoretical Computer Science, ETH.

Advertisements

1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.

Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.

Diffusion and Cascading Behavior in Random Networks Marc Lelarge (INRIA-ENS) Columbia University Joint CS/EE Networking Seminar June 2, 2011.

Communications Research Centre (CRC) Defence R&D Canada – Ottawa 1 Properties of Mobile Tactical Radio Networks on VHF Bands Li Li & Phil Vigneron Communications.

Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.

1 Weather covers Customized Contracts WMO meeting, Geneva, December 2007.

Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Where Do All the Attacks Go? Dinei Florencio and Cormac Herley Microsoft Research, Redmond.

Diffusion and Cascading Behavior in Random Networks Marc Lelarge (INRIA-ENS) WIDS MIT, May 31, 2011.

Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.

Regret Minimization and the Price of Total Anarchy Paper by A. Blum, M. Hajiaghayi, K. Ligett, A.Roth Presented by Michael Wunder.

Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST.

Efficient Control of Epidemics over Random Networks Marc Lelarge (INRIA-ENS) SIGMETRICS 09.

Software Diversity for Information Security Gaurav Kataria Carnegie Mellon University.

Sogang University ICC Lab Using Game Theory to Analyze Wireless Ad Hoc networks.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.

Network Security An Economics Perspective IS250 Spring 2010 John Chuang.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

Interdependent Security Games and Networks Networked Life CSE 112 Spring 2006 Prof. Michael Kearns.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyTRUST 2009 Presentation.

Protecting our Cyber Space Staying Ahead of the Game Basel Alomair National Center for Cybersecurity Technology (C4C) King Abdulaziz City for Science and.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

Chapter 9 THE ECONOMICS OF INFORMATION Copyright ©2002 by South-Western, a division of Thomson Learning. All rights reserved. MICROECONOMIC THEORY BASIC.

The Storm Worm. How It Spread It spread as an with a relevant news heading and attached a file related to the subject. Titles like: – "230 dead.

Models and Measures for Correlation in Cyber-Insurance Rainer Böhme Technische Universität Dresden Gaurav Kataria Carnegie.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Game Theory: Whirlwind Review Matrix (normal form) games, mixed strategies, Nash equil. –the basic objects of vanilla game theory –the power of private.

Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,

Lecture 11 Reliability and Security in IT infrastructure.

The 10 Deadly Sins of Information Security Management

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Creating Trust in Critical Network Infrastructures Canadian Case Study Michael Harrop.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

Allerton 2011 September 28 Mathias Humbert, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux EPFL - Laboratory for Communications and Applications (LCA1)

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Unit 2 - Hardware Computer Security.

Network Economics: two examples Marc Lelarge (INRIA-ENS) SIGMETRICS, London June 14, 2012.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

Lecture 12 Statistical Inference (Estimation) Point and Interval estimation By Aziza Munir.

1 Efficiency and Nash Equilibria in a Scrip System for P2P Networks Eric J. Friedman Joseph Y. Halpern Ian Kash.

Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.

A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.

Grid-based Sensor Network Service on Future Internet By Mohammad Mehedi Hassan Student ID:

Inoculation Strategies for Victims of Viruses and the Sum-of-Squares Partition Problem Kevin Chang Joint work with James Aspnes and Aleksandr Yampolskiy.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions Terrence August *Joint work with Tunay I. Tunca.

Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.

Inoculation Strategies for Victims of Viruses and the Sum-of-Squares Partition Problem James Apnes, Kevin Change, and Aleksandr Yampolskiy.

MIS An Economic Analysis of Software Market with Risk-Sharing Contract Byung Cho Kim Pei-Yu Chen Tridas Mukhopadhyay Tepper School of Business Carnegie.

Aemen Lodhi (Georgia Tech) Amogh Dhamdhere (CAIDA)

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Beyond selfish routing: Network Games. Network Games NGs model the various ways in which selfish agents strategically interact in using a network They.

Institute of Physics Wroclaw University of Technology 28/09/2005 How can statistical mechanics contribute to social sciences? Piotr Magnuszewski, Andrzej.

Double Coordination in Small Groups Luigi Mittone, Matteo Ploner, Ivan Soraperra Computable and Experimental Economics Laboratory – University of Trento,

Complex Systems in Industrial Mathematics Dr Robert Leese Smith Institute Bath Institute for Complex Systems 31 January 2005.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

networks and the spread of computer viruses Authors:M. E. J. Newman, S. Forrest, and J. Balthrop. Published:September 10, Physical Review.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Trusted Routing in IoT Dr Ivana Tomić In collaboration with:

Risk of the Internet At Home

For modeling conflict and cooperation Schwartz/Teneketzis

Diffusion in Networks Dr. Henry Hexmoor Department of Computer Science Southern Illinois University Carbondale 1/17/2019.

Introduction to Internet Worm

Presentation transcript:

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

Investments in Network Security System security often depends on the effort of many individuals, making security a public good. Hirshleifer (83), Varian (02). Total effort: security depends on the sum of the efforts. Weakest link: security depends on the minimum effort. Best shot: security depends on the maximum effort. Free-rider problem: individuals tend to shirk, resulting in an inefficient level of security.

Bot Networks A bot is an end-user machine containing software that allows it to be controlled by a remote administrator, the bot herder. What are botnets used for? Access your online banking information Route illegal activities through your computer so that it looks like it is coming from you Store illegal files on your computer systems Send vast amounts of spam to other users See what you are doing on your computer Attack other computer systems in conjunction with other compromised systems…

An example: Storm Botnet The Storm Worm began infecting thousands of (mostly private) computers on Friday, January 19, 2007, using an message with a subject line about a recent weather disaster, "230 dead as storm batters Europe". 5,000 to 6,000 computers are dedicated to propagating the spread of the worm through the use of s with infected attachments. The compromised machine becomes merged into a botnet that acts in a similar way to a peer-to-peer network, with no centralized control. On 7 September 2007, estimates of the size of the Storm botnet ranged from 1 to 10 million computers. Source F-Secure

Symantec Internet Security Threat Report Between July 1 and December 31, 2007, Symantec observed an average of 61,940 active bot-infected computers per day, a 17 percent increase from the previous reporting period. An active bot-infected computer is one that carries out an average of at least one attack per day. (...) Symantec also observed 5,060,187 distinct bot-infected computers during this period, a one percent increase from the first six months of A distinct bot-infected computer is a distinct computer that was active at least once during the period.

Motivation Belief: in 2003, the President's National Strategy to Secure Cyberspace stated that government action is required where "market failures result in under-investment in cybersecurity. No appropriate model (restricted to 2 players). Our contributions: – a micro-model which explains network externalities and scales to the Internet. – we are able to compute the Price of anarchy but it is not enough… – we show that security is an economic problem and requires proper incentives for technology to be deployed.

Economic Model for the agents Each agent faces a potential loss. Investment in security has a fixed cost and reduces the probability of loss. Binary choice: – in state N, the probability of loss is. – in state S, the probability of loss is. Optimal strategy is S if

Bot herder directly infects an agent N with prob. p. Each neighbor is contaminated with prob. q if in S or if in N. Epidemic Model Bot herder N S

A self-referential model The decision for an agent to invest (S) or not (N) in self-protection depends on the probabilities and … … but the computation of these probabilities with the epidemic model depends on the decision of each agent. Pb. of information available to the agent: we assume that the perceived probabilities are the averaged (over the population) probabilities given the state S/N.

Epidemic risks on a random network Underlying graph is a sparse random graph (specified by its degree distribution). is the fraction of the population investing in self-protection (S). is the probability of loss for an agent not investing/ investing in self-protection. Extension of Interdependent Security (2 players) by Kunreuther & Heal (03).

Results Strong protection: contagion is possible only if agent is in state N. – An agent in state S creates positive externalities: as increases, the incentive to invest in security decreases. Free rider problem. Weak protection: contagion does not depend on the state N/S. – Two Nash equilibria involving everyone or no one investing in security. Coordination problem.

Price of Anarchy The price of anarchy is the ratio of the largest (among all equilibria) cost incurred to the population divided by the optimal cost. In the case of weak protection: 1 c S N Inefficiency

Tipping phenomenon Fraction of the population needed to switch?

Adoption vs. quality of protection Fraction of population investing in security for various probabilities of contagion in state S. Improving technical defenses is not enough! We need to find the proper economic incentives to deploy them.

Conclusions Local Mean Field model for epidemic risks on random networks with strategic players. Rigorous solution capturing network externalities arising in security problem: free rider problem / coordination game. Towards solution for this market failure: Cyber-insurance is an incentive if moral hazard problem is taken into account (2 players game: INFOCOM08, multi-players game: WEIS08).

Thank you!