Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.

Slides:

Advertisements

Similar presentations

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

Advertisements

Information Technology

Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.

Diffusion and Cascading Behavior in Random Networks Marc Lelarge (INRIA-ENS) Columbia University Joint CS/EE Networking Seminar June 2, 2011.

Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.

Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Where Do All the Attacks Go? Dinei Florencio and Cormac Herley Microsoft Research, Redmond.

1 Strategic choice of financing systems in regulated and interconnected industries Anna BassaniniJerome Pouyet Rome & IDEICREST-LEI & CERAS-ENPC

Diffusion and Cascading Behavior in Random Networks Marc Lelarge (INRIA-ENS) WIDS MIT, May 31, 2011.

Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.

1 © Aberdeen Group 2013 – Not For Distribution ™ Meeting the Rising Challenge of Modern Networks.

Social Networks 101 P ROF. J ASON H ARTLINE AND P ROF. N ICOLE I MMORLICA.

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST.

Efficient Control of Epidemics over Random Networks Marc Lelarge (INRIA-ENS) SIGMETRICS 09.

Software Diversity for Information Security Gaurav Kataria Carnegie Mellon University.

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.

Network Security An Economics Perspective IS250 Spring 2010 John Chuang.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

Interdependent Security Games and Networks Networked Life CSE 112 Spring 2006 Prof. Michael Kearns.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

The Storm Worm. How It Spread It spread as an with a relevant news heading and attached a file related to the subject. Titles like: – "230 dead.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,

Lecture 11 Reliability and Security in IT infrastructure.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

2006 Palisade User ConferenceNovember 14 th, 2006 Inventory Optimization of Seasonal Products with.

Allerton 2011 September 28 Mathias Humbert, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux EPFL - Laboratory for Communications and Applications (LCA1)

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Unit 2 - Hardware Computer Security.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

08 Network Effects 5 Aaron Schiff ECON Reading: Cabral, Ch 17.

Yitzchak Rosenthal P2P Mechanism Design: Incentives in Peer-to-Peer Systems Paper By: Moshe Babaioff, John Chuang and Michal Feldman.

Network Economics: two examples Marc Lelarge (INRIA-ENS) SIGMETRICS, London June 14, 2012.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

 a crime committed on a computer network, esp. the Internet.

1 Efficiency and Nash Equilibria in a Scrip System for P2P Networks Eric J. Friedman Joseph Y. Halpern Ian Kash.

Modeling Botnets and Epidemic Malware Marco Ajelli, Renato Lo Cigno, Alberto Montresor DISI – University of Trento, Italy disi.unitn.it

Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.

Grid-based Sensor Network Service on Future Internet By Mohammad Mehedi Hassan Student ID:

Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions Terrence August *Joint work with Tunay I. Tunca.

Inoculation Strategies for Victims of Viruses and the Sum-of-Squares Partition Problem James Apnes, Kevin Change, and Aleksandr Yampolskiy.

MIS An Economic Analysis of Software Market with Risk-Sharing Contract Byung Cho Kim Pei-Yu Chen Tridas Mukhopadhyay Tepper School of Business Carnegie.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Chapter 24: Network Issues1 Network Issues. Chapter 24: Network Issues2 Introduction Some products are popular with individual consumers precisely because.

Walowdac:Analysis of a Peer-to-Peer Botnet 林佳宜 NTOU CSIE 11/19/

Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.

Guard Sets for Onion Routing JOSHUA FREE. Tor Most popular low-latency distributed anonymity network Controversial decisions of guard selection strategies.

Beyond selfish routing: Network Games. Network Games NGs model the various ways in which selfish agents strategically interact in using a network They.

REDUNDANCY VS. PROTECTION VS. FALSE TARGETS FOR SYSTEMS UNDER ATTACK Gregory Levitin, Senior Member, IEEE, and Kjell Hausken IEEE Transactions on Reliability.

Networked Games: Coloring, Consensus and Voting Prof. Michael Kearns Networked Life NETS 112 Fall 2013.

Complex Systems in Industrial Mathematics Dr Robert Leese Smith Institute Bath Institute for Complex Systems 31 January 2005.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

networks and the spread of computer viruses Authors:M. E. J. Newman, S. Forrest, and J. Balthrop. Published:September 10, Physical Review.

Novell iFolder Novell Academy QuickTrain. What is iFolder? Novell iFolder lets users’ files follow them anywhere A simple and secure way to access, organize.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Chapter 40 Internet Security.

Botnets A collection of compromised machines

Internet Quarantine: Requirements for Containing Self-Propagating Code

Trusted Routing in IoT Dr Ivana Tomić In collaboration with:

An Investigation of Market Dynamics and Wealth Distributions

Botnets A collection of compromised machines

Risk of the Internet At Home

For modeling conflict and cooperation Schwartz/Teneketzis

Oliver Schulte Petra Berenbrink Simon Fraser University

Introduction to Internet Worm

Presentation transcript:

Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.

Investments in Network Security System security often depends on the effort of many individuals, making security a public good. Hirshleifer (83), Varian (02). Total effort: security depends on the sum of the efforts. Weakest link: security depends on the minimum effort. Best shot: security depends on the maximum effort. Free-rider problem: individuals tend to shirk, resulting in an inefficient level of security.

Bot Networks A bot is an end-user machine containing software that allows it to be controlled by a remote administrator, the bot herder. What are botnets used for? Access your online banking information Route illegal activities through your computer so that it looks like it is coming from you Store illegal files on your computer systems Send vast amounts of spam to other users See what you are doing on your computer Attack other computer systems in conjunction with other compromised systems…

An example: Storm Botnet The Storm Worm began infecting thousands of (mostly private) computers on Friday, January 19, 2007, using an message with a subject line about a recent weather disaster, "230 dead as storm batters Europe". 5,000 to 6,000 computers are dedicated to propagating the spread of the worm through the use of s with infected attachments. The compromised machine becomes merged into a botnet that acts in a similar way to a peer-to-peer network, with no centralized control. On 7 September 2007, estimates of the size of the Storm botnet ranged from 1 to 10 million computers. Source F-Secure

Symantec Internet Security Threat Report “Between July 1 and December 31, 2007, Symantec observed an average of 61,940 active bot-infected computers per day, a 17 percent increase from the previous reporting period. An active bot-infected computer is one that carries out an average of at least one attack per day. (...) Symantec also observed 5,060,187 distinct bot-infected computers during this period, a one percent increase from the first six months of A distinct bot-infected computer is a distinct computer that was active at least once during the period.”

Contribution (1) Micro model -Large population -Parameters of the epidemic depend on the strategic behavior of agents. (2) Fulfilled expectation equilibrium with two types of network externalities: private and public. (3) Macro analysis of the model: tipping phenomenon, free-rider problem, interaction with security supplier.

(1) Economic Model for the agents Each agent faces a potential loss. Investment in security has a fixed cost and reduces the probability of loss. Binary choice: – in state N, the probability of loss is. – in state S, the probability of loss is. Optimal strategy is S if

Bot herder directly infects an agent N with prob. p. Each neighbor is contaminated with prob. q if in S or if in N. (1) Epidemic Model Bot herder N S

(1) Connecting the 2 models Epidemic model – Random graph with fixed degree distribution – p probability of being directly attacked if in state N – probabilities of contagion Output: probabilities of loss when a fraction of the population is in state S. Economic model – Fixed cost c, type of agent i: – Strategic choice:

(2) Information available to the agents The decision for an agent to invest (S) or not (N) in self-protection depends on the probabilities and … … but the computation of these probabilities with the epidemic model depends on the decision of each agent. Expected fraction of agents investing in security:. Each agent is able to compute and.

(2) Fulfilled expectations equilibrium Concept introduced by Katz & Shapiro (85) Willingness to pay for the agent of type : multiplicative specification of network externalities as in Economides & Himmelberg (95). Willingness to pay for the ‘last’ agent:

(2) Fulfilled expectations equilibrium In equilibrium, expectation are fulfilled: The fulfilled expectations demand is: Extension of Interdependent Security 2 players game introduced by Kunreuther & Heal (03).

(3) Price of Anarchy The social welfare function: Corollary: Because of the public and private externalities, agent under-invest in security (in all cases). Public externalities Private externalities

(3) Network externalities function For Erdös-Rényi random graphs with asymptotic mean degree λ. The network externalities function h is given by: where is the unique solution of: M.Lelarge, J. Bolot, (SIGMETRICS 08)

(3) Strong protection An agent investing in S cannot be harmed by the actions of others:. in previous equation. Decreasing private externalities function and increasing public externalities function.

(3) Weak protection If, the network externalities function is: Impact of a new adopter on the loss probabilities

(3) Macro analysis Strong protection: contagion is possible only if agent is in state N,. – An agent in state S creates positive externalities: as increases, the incentive to invest in security decreases. Free rider problem. Weak protection: contagion is possible with probability in N and q>0 in S. – Two equilibria (+ one unstable) are possible. Critical mass/Coordination problem.

(3)Tipping phenomenon In the weak protection case, cascade possible:

(3)Adoption vs. quality of protection Fraction of population investing in security for various probabilities of contagion in state S. Improving technical defenses is not enough! We need to find the proper economic incentives to deploy them.

(3) Monopoly No incentive to produce high quality software! Marginal cost of production = zero. iso-profit line

(3)Multiple equilibria with strong protection With two types of agents

Conclusions Epidemic risks model on random networks with strategic players shows a non-trivial relation between the fraction of population investing in security and the demand for security: free rider problem / critical mass - coordination game Need to distinguish between private and public externalities in security problem. Technology is not enough! There is a need to design economic incentives to ensure the deployment of security technologies.