A local mean field analysis of security investments in networks

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A local mean field analysis of security investments in networks

Full text

Pdf (188 KB)

Source

Applications, Technologies, Architectures, and Protocols for Computer Communication archive
Proceedings of the 3rd international workshop on Economics of networked systems table of contents

Seattle, WA, USA

SESSION: Session 2 table of contents

Pages 25-30

Year of Publication: 2008

ISBN:978-1-60558-179-8

Authors

Marc Lelarge	INRIA-ENS, Paris, France
Jean Bolot	SPRINT, Burlingame, USA

Sponsors

ACM: Association for Computing Machinery
SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 66, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1403027.1403034 What is a DOI?

ABSTRACT

Getting agents in the Internet, and in networks in general, to invest in and deploy security features and protocols is a challenge, in particular because of economic reasons arising from the presence of network externalities. Our goal in this paper is to model and investigate the impact of such externalities on security investments in a network.

Specifically, we study a network of interconnected agents subject to epidemic risks such as viruses and worms where agents can decide whether or not to invest some amount to deploy security solutions. We consider both cases when the security solutions are strong (they perfectly protect the agents deploying them) and when they are weak. We make three contributions in the paper. First, we introduce a general model which combines an epidemic propagation model with an economic model for agents which captures network effects and externalities. Second, borrowing ideas and techniques used in statistical physics, we introduce a Local Mean Field (LMF) model, which extends the standard mean-field approximation to take into account the correlation structure on local neighborhoods. Third, we solve the LMF model in a network with externalities, and we derive analytic solutions for sparse random graphs of agents, for which we obtain asymptotic results. We find known phenomena such as free riders and tipping points. We also observe counter-intuitive phenomena, such as increasing the quality of the security technology can result in a decreased adoption of that technology in the network. In general, we find that both situations with strong and weak protection exhibit externalities and that the equilibrium is not socially optimal - therefore there is a market failure. Insurance is one mechanism to address this market failure. In related work, we have shown that insurance is a very effective mechanism [3,4], and argue that using insurance would increase the security in a network such as the Internet.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	D. Aldous and A. Bandyopadhyay. A survey of max-type recursive distributional equations. The Annals of Applied Probability, vol. 15, pp. 1047--1110, 2005.
	2	D. Aldous and J. M. Steeele. The objective method: probabilistic combinatorial optimization and local weak convergence. Probability on discrete structures, Springer, vol. 110, pp. 1--72, 2004.
	3	J. Bolot and M. Lelarge. A New Perspective on Internet Security using Insurance. Proc. IEEE Infocom 2008.
	4	J. Bolot and M. Lelarge. Cyber-insurance as an incentive for IT security. Proc. Workshop Economics of Information Security (WEIS), 2008.
	5	E. G. Coffman Jr., Z. Ge, V. Misra. Network resilience: exploring cascading failures within BGP. Proc. 40th Annual Allerton Conference on Communications, Computing and Control, October 2002.
	6	Rick Durrett, Random Graph Dynamics (Cambridge Series in Statistical and Probabilistic Mathematics), Cambridge University Press, New York, NY, 2006
	7	A. Ganesh, L. Massoulie, D. Towsley. The effect of network topology on the spread of epidemics. Proc. IEEE Infocom 2005, Miami, FL, March 2005.
	8	C. Gollier. The Economics of Risk and Time. MIT Press, 2004.
	9	H. Kunreuther and G. Heal. Interdependent security: the case of identical agents. Journal of Risk and Uncertainty, 26(2):231--249, 2003.
	10	Marc Lelarge , Jean Bolot, Network externalities and the deployment of security features and protocols in the internet, Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 02-06, 2008, Annapolis, MD, USA
	11	M. Lelarge and J. Bolot. A Local Mean Field Analysis of Security Investments in Networks. arXiv:0803.3455, 2008.
	12	Thomas Moscibroda , Stefan Schmid , Roger Wattenhofer, When selfish meets evil: byzantine players in a virus inoculation game, Proceedings of the twenty-fifth annual ACM symposium on Principles of distributed computing, July 23-26, 2006, Denver, Colorado, USA [doi>10.1145/1146381.1146391]
	13	N. Nisan, T. Roughgarden, E. Tardos and V. V. Vazirani (eds). Algorithmic game theory. Cambridge University Press, 2007.
	14	Milan VojnoviĆ , Ayalvadi Ganesh, On the effectiveness of automatic patching, Proceedings of the 2005 ACM workshop on Rapid malcode, November 11-11, 2005, Fairfax, VA, USA [doi>10.1145/1103626.1103634]
	15	White House. "National Strategy to Secure Cyberspace", 2003. Available at whitehouse.gov/pcipb.
	16	Cliff Changchun Zou , Weibo Gong , Don Towsley, Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586130]