{"title":"计算机网络攻击感知网络保险的双层博弈方法","authors":"Rui Zhang, Quanyan Zhu, Y. Hayel","doi":"10.1109/JSAC.2017.2672378","DOIUrl":null,"url":null,"abstract":"Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions, such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among the three types of players.","PeriodicalId":13243,"journal":{"name":"IEEE Journal on Selected Areas in Communications","volume":"35 1","pages":"779-794"},"PeriodicalIF":13.8000,"publicationDate":"2017-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1109/JSAC.2017.2672378","citationCount":"56","resultStr":"{\"title\":\"A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks\",\"authors\":\"Rui Zhang, Quanyan Zhu, Y. Hayel\",\"doi\":\"10.1109/JSAC.2017.2672378\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions, such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among the three types of players.\",\"PeriodicalId\":13243,\"journal\":{\"name\":\"IEEE Journal on Selected Areas in Communications\",\"volume\":\"35 1\",\"pages\":\"779-794\"},\"PeriodicalIF\":13.8000,\"publicationDate\":\"2017-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1109/JSAC.2017.2672378\",\"citationCount\":\"56\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Journal on Selected Areas in Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1109/JSAC.2017.2672378\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Journal on Selected Areas in Communications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/JSAC.2017.2672378","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks
Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions, such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among the three types of players.
期刊介绍:
The IEEE Journal on Selected Areas in Communications (JSAC) is a prestigious journal that covers various topics related to Computer Networks and Communications (Q1) as well as Electrical and Electronic Engineering (Q1). Each issue of JSAC is dedicated to a specific technical topic, providing readers with an up-to-date collection of papers in that area. The journal is highly regarded within the research community and serves as a valuable reference.
The topics covered by JSAC issues span the entire field of communications and networking, with recent issue themes including Network Coding for Wireless Communication Networks, Wireless and Pervasive Communications for Healthcare, Network Infrastructure Configuration, Broadband Access Networks: Architectures and Protocols, Body Area Networking: Technology and Applications, Underwater Wireless Communication Networks, Game Theory in Communication Systems, and Exploiting Limited Feedback in Tomorrow’s Communication Networks.