|
|
|
PDF
|
|
Type:
|
Conference Paper |
|
Author:
|
Alexeev, Alexander; Krutilla, Kerry |
|
Conference:
|
Colloquium on Cybersecurity and Internet Governance |
|
Location:
|
Ostrom Workshop, Indiana Univeristy |
|
Conf. Date:
|
April 27-28 |
|
Date:
|
2017 |
|
URI:
|
https://hdl.handle.net/10535/10289
|
|
Sector:
|
Information & Knowledge
Theory |
|
Region:
|
|
|
Subject(s):
|
game theory
cybersecurity
|
|
Abstract:
|
A presentation of this paper can be found here: https://tinyurl.com/y8lznwpg
"A game theoretic framework is used to model the competitive interaction of two state actors in which the first devotes resources in an attempt to breach the cyber network of the second. A contest success function is used to express the probability of a successful attack as a function of investments by the two actors. This function has technical efficiency and noise parameters that influence the outcomes of the investment strategies. Payoffs are the utility losses for the defending state, which are approximated as economic losses, and utility gains for the attacking state, which are parametrized as some fraction (which can be greater or less than 1) of these losses. The players move simultaneously, reflecting the constant and frequent attempts by state actors to penetrate cyber security networks. Reduced-form Nash equilibria in pure strategies are derived for a one-shot game, giving the optimal investments for the two contestants as a function of the magnitude of potential economic losses on the part of the defender, and the model’s other parameters. A differential game is then formulated which treats cyber security as an infrastructure stock variable. This framework is used to model a competitive interaction by the two actors in making investments to enlarge the stock of defensive cyber infrastructure over a long time horizon, while attempting to penetrate this infrastructure each period. The model is solved for an open loop Nash equilibrium in pure strategies. The evolution of optimal investment behaviour over time is evaluated as a function of the magnitude of the defender’s losses and the model’s other parameters. The policy implications for U.S. investment in cyber security infrastructures are evaluated."
|