Modeling bluffing behavior in signaling security games

Chen, Ling; Li, Mingchu; Liu, Jia

doi:10.1111/itor.12812

Cited by 2 publications

(1 citation statement)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Solak and Zhuo (2020) analyze the information sharing decisions of a firm in the context of information system security. Some other references concerning security investment are listed in the literature (Gal‐Or and Ghose, 2005; Lye and Wing, 2005; Feng and Li, 2011; Shirtz and Elovici, 2011; Wang et al., 2011; Hua and Bapna, 2013; Huang et al., 2014; Gao et al., 2015; Gao and Zhong, 2015; Wu et al., 2017; Liu et al., 2018; Weishäupl et al., 2018; Wu et al., 2018, 2020; Chen et al., 2022; Li and Xu, 2021). What makes the above‐mentioned studies differ from ours is that they do not consider information security insurance.…”

Section: Literature Reviewmentioning

confidence: 99%

A game of information security investment considering security insurance and complementary information assets

Qian

Yang

Pei

et al. 2021

Int Trans Operational Res

View full text Add to dashboard Cite

Considering information security insurance, this paper investigates an information security investment game between two firms with complementary information assets. Each firm's information security investment and expected profit in Nash equilibrium (i.e., firms make decisions individually) and social optimum (i.e., firms make decisions jointly) are analyzed through rigorous theoretical analyses and numerical examples. We find that making decisions jointly will make the two firms as a whole obtain more profits than when they make decisions alone, whereas this does not mean that each firm will benefit from the joint decision-making process. Our results show that a firm yields a smaller expected profit in the joint decision game than the individual decision game under some conditions. In addition, the impacts of a higher insurance price and a higher investment efficiency on a firm's information security investment and expected profit are explored. The results indicate that, for a single firm, a higher insurance price does not necessarily result in smaller profit, and a higher investment efficiency does not always lead to larger profit. Then we design a compensation-based contract to coordinate the two firms' information security investments when they make decisions individually. The contract will make the two firms achieve social optimum and ensure that each firm yields more profits than firms without the contract. Finally, we extend our research by setting the insurance amount as a decision variable to verify the above analyses.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A game of information security investment considering security insurance and complementary information assets

Qian

Yang

Pei

et al. 2021

Int Trans Operational Res

View full text Add to dashboard Cite

show abstract

Signaling Security Games with Attack Planner Deception

He,

Li,

Zhang

2024

Mathematics

View full text Add to dashboard Cite

This paper studies a class of attack behavior in which adversaries assume the role of initiators, orchestrating and implementing attacks by hiring executors. We examine the dynamics of strategic attacks, modeling the initiator as an attack planner and constructing the interaction with the defender within a defender–attack planner framework. The individuals tasked with executing the attacks are identified as attackers. To ensure the attackers’ adherence to the planner’s directives, we concurrently consider the interests of each attacker by formulating a multi-objective problem. Furthermore, acknowledging the information asymmetry where defenders have incomplete knowledge of the planners’ payments and the attackers’ profiles, and recognizing the planner’s potential to exploit this for strategic deception, we develop a defender–attack planner model with deception based on signaling games. Subsequently, through the analysis of the interaction between the defender and planner, we refine the model into a tri-level programming problem. To address this, we introduce an effective decomposition algorithm leveraging genetic algorithms. Ultimately, our numerical experiments substantiate that the attack planner’s deceptive strategy indeed yield greater benefits.

show abstract

Modeling bluffing behavior in signaling security games

Cited by 2 publications

References 28 publications

A game of information security investment considering security insurance and complementary information assets

A game of information security investment considering security insurance and complementary information assets

Signaling Security Games with Attack Planner Deception

Contact Info

Product

Resources

About