Multi-rate Threshold FlipThem

Leslie, David S.; Sherfield, Chris; Smart, Nigel P.

doi:10.1007/978-3-319-66399-9_10

Cited by 5 publications

(3 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [26] FlipThem games have been proposed to extend the FlipIt games and study the interactions between one defender and on attacker over multiple resources [59]- [62]. In [59], Laszka et al, have proposed an AND control model where an attacker takes control of all resources to compromise the system and an OR model where an attacker only needs to take control of one resource to achieve that; in [60], Zhang et al, have considered a situation where a defender and an attacker have strict constraints on their actions across all the resources; in [61] and [62], Leslie et al, have investigated a scenario where an attacker compromises a defender's resources with a threshold. However, they have not considered situations where multiple defenders and attackers interact in the same network of resources.…”

Section: A Organization Of the Papermentioning

confidence: 99%

$\mathtt{FlipIn}$ : A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things

Zhang

Zhu

2020

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Internet of Things (IoT) is highly vulnerable to emerging Advanced Persistent Threats (APTs) that are often operated by well-resourced adversaries. Achieving perfect security for IoT networks is often cost-prohibitive if not impossible. Cyber insurance is a valuable mechanism to mitigate cyber risks for IoT systems. In this work, we propose a bi-level game-theoretic framework called FlipIn to design incentivecompatible and welfare-maximizing cyber insurance contracts. The framework captures the strategic interactions among APT attackers, IoT defenders, and cyber insurance insurers, and incorporates influence networks to assess the systemic cyber risks of interconnected IoT devices. The FlipIn framework formulates a game over networks within a principal-agent problem of moral-hazard type to design a cyber risk-aware insurance contract. We completely characterize the equilibrium solutions of the bi-level games for a network of distributed defenders and a semi-homogeneous centralized defender and show that the optimal insurance contracts cover half of the defenders' losses. Our framework predicts the risk compensation of defenders and the Peltzman effect of insurance. We study a centralized security management scenario and its decentralized counterpart, and leverage numerical experiments to show that network connectivity plays an important role in the security of the IoT devices and the insurability of both distributed and centralized defenders.

show abstract

Section: A Organization Of the Papermentioning

confidence: 99%

$\mathtt{FlipIn}$ : A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things

Zhang

Zhu

2020

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…However, only preliminary analytic results are provided. Leslie et al extend the "FlipThem" model in [19], [20] where the attacker can obtain partial benefits by compromising a certain number (larger than a threshold) of nodes. Further, an extended model with a networked system of multiple resources, called "FlipNet", is condisdered in [27].…”

Section: Related Workmentioning

confidence: 99%

“…Theorem V.1. Any pair of strategies (m, p) with F (p) = F and D(m, p) = D is an NE iff it is a solution to one of the following sets of constraints in addition to (20) to (25).…”

Section: Nash Equilibriamentioning

confidence: 99%

Defending Against Stealthy Attacks on Multiple Nodes with Limited Resources: A Game-Theoretic Analysis

Zhang¹,

Zheng²,

Shroff³

2015

Preprint

View full text Add to dashboard Cite

Stealthy attacks are a major cyber-security threat. In practice, both attackers and defenders have resource constraints that could limit their capabilities. Hence, to develop robust defense strategies, a promising approach is to utilize game theory to understand the fundamental trade-offs involved. Previous works in this direction, however, mainly focus on the single-node case without considering strict resource constraints. In this paper, a game-theoretic model for protecting a system of multiple nodes against stealthy attacks is proposed. We consider the practical setting where the frequencies of both attack and defense are constrained by limited resources, and an asymmetric feedback structure where the attacker can fully observe the states of nodes while largely hiding its actions from the defender. We characterize the best response strategies for both attacker and defender in the space of both non-adaptive and adaptive strategies, and study the Nash Equilibria of the game. We further study a sequential game where the defender first announces its strategy and the attacker then responds accordingly, and design an algorithm that finds a nearly optimal strategy for the defender to commit to.

show abstract