Incentive Mechanism Design Based on Repeated Game Theory in Security Information Sharing

Xiong, Qiang; Chen, Xiaoyan

doi:10.2991/icssr-13.2013.90

Cited by 6 publications

(2 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is surmised that members increase their contribution in expectation to be rewarded for it in form of reciprocity [20]. The work in [44] suggested a punishment model which inclines isolation from the threat sharing community. If an entity decides not to share, and only consume, CTI, then the punishment process will revoke permission rights.…”

Section: Industry Sector Sharingmentioning

confidence: 99%

Cyber threat intelligence sharing: Survey and research directions

Wagner

Mahbub

Palomar

et al. 2019

Computers & Security

184

View full text Add to dashboard Cite

Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence. The motivation for this research stems from the recent emergence of sharing cyber threat intelligence and the involved challenges of automating its processes. This work comprises a considerable amount of articles from academic and gray literature, and focuses on technical and non-technical challenges. Moreover, the findings reveal which topics were widely discussed, and hence considered relevant by the authors and cyber threat intelligence sharing communities.

show abstract

Section: Industry Sector Sharingmentioning

confidence: 99%

Cyber threat intelligence sharing: Survey and research directions

Wagner

Mahbub

Palomar

et al. 2019

Computers & Security

184

View full text Add to dashboard Cite

show abstract

“…The researches in [12][13] [14][15][2] [16] analyze information sharing in the context of cybersecurity. Those papers show that multiple factors impact cyber threat information sharing including competition [14], free riding [2], interconnection [17], and the possibility to exploit vulnerabilities for cyber war [16].…”

Section: Background On Cloud Computing Security and Information Smentioning

confidence: 99%

Cyber-Threats Information Sharing in Cloud Computing: A Game Theoretic Approach

Kamhoua

Martin

Tosh

et al. 2015

2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing

View full text Add to dashboard Cite

Cybersecurity is among the highest priorities in industries, academia and governments. Cyber-threats information sharing among different organizations has the potential to maximize vulnerabilities discovery at a minimum cost. Cyberthreats information sharing has several advantages. First, it diminishes the chance that an attacker exploits the same vulnerability to launch multiple attacks in different organizations. Second, it reduces the likelihood an attacker can compromise an organization and collect data that will help him launch an attack on other organizations. Cyberspace has numerous interconnections and critical infrastructure owners are dependent on each other's service. This well-known problem of cyber interdependency is aggravated in a public cloud computing platform. The collaborative effort of organizations in developing a countermeasure for a cyber-breach reduces each firm's cost of investment in cyber defense.Despite its multiple advantages, there are costs and risks associated with cyber-threats information sharing. When a firm shares its vulnerabilities with others there is a risk that these vulnerabilities are leaked to the public (or to attackers) resulting in loss of reputation, market share and revenue. Therefore, in this strategic environment the firms committed to share cyberthreats information might not truthfully share information due to their own self-interests. Moreover, some firms acting selfishly may rationally limit their cybersecurity investment and rely on information shared by others to protect themselves. This can result in under investment in cybersecurity if all participants adopt the same strategy. This paper will use game theory to investigate when multiple self-interested firms can invest in vulnerability discovery and share their cyber-threat information. We will apply our algorithm to a public cloud computing platform as one of the fastest growing segments of the cyberspace.

show abstract

Strategic Discovery and Sharing of Vulnerabilities in Competitive Environments

Khouzani

Pham

Cid

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We investigate the incentives behind investments by competing companies in discovery of their security vulnerabilities and sharing of their findings. Specifically, we consider a game between competing firms that utilise a common platform in their systems. The game consists of two stages: firms must decide how much to invest in researching vulnerabilities, and thereafter, how much of their findings to share with their competitors. We fully characterise the Perfect Bayesian Equilibria (PBE) of this game, and translate them into realistic insights about firms' strategies. Further, we develop a monetary-free sharing mechanism that encourages both investment and sharing, a missing feature when sharing is arbitrary or opportunistic. This is achieved via a lighthanded mediator: it receives a set of discovered bugs from each firm and moderate the sharing in a way that eliminates firms' concerns on losing competitive advantages. This research provides an understanding of the origins of inefficiency and paves the path towards more efficient sharing of cyber-intelligence among competing entities.

show abstract

Incentive Mechanism Design Based on Repeated Game Theory in Security Information Sharing

Cited by 6 publications

References 5 publications

Cyber threat intelligence sharing: Survey and research directions

Cyber threat intelligence sharing: Survey and research directions

Cyber-Threats Information Sharing in Cloud Computing: A Game Theoretic Approach

Strategic Discovery and Sharing of Vulnerabilities in Competitive Environments

Contact Info

Product

Resources

About