The application of cyber-insurance in computer networks
Due to the increasing complexity in the network attacks, perfectly securing the computer networks by relying solely on the security techniques might no longer be a sufficient and suitable solution. In this thesis, we adopt the cyber-insurance, i.e., an alternative means of cyber risk management, to...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/143006 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-143006 |
|---|---|
| record_format |
dspace |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Feng, Shaohan The application of cyber-insurance in computer networks |
| description |
Due to the increasing complexity in the network attacks, perfectly securing the computer networks by relying solely on the security techniques might no longer be a sufficient and suitable solution. In this thesis, we adopt the cyber-insurance, i.e., an alternative means of cyber risk management, to manage the cyber risks due to the cyber attacks in computer networks. By enabling the transfer of the cyber risks from the computer networks to a third party, i.e., cyber insurer, cyber-insurance has been recognized as a promising and efficient approach to manage the cyber risks. Specifically, our three major research issues focus on three application scenarios of the cyber-insurance in computer networks, which are summarized as follows.
For the first research issue, considering the highly virtualized environment of the fog computing, which may lead to vulnerability to the cyber attacks, we adopt the cyber-insurance to transfer cyber risks from the fog computing platform to a third party, i.e., an insurer, so as to defend against the advanced persistent threat attacks. In particular, the system model under consideration consists of three main entities, i.e., the fog computing provider working as the service provider to secure its provisioned fog computing service by jointly allocating its defense computing resources and purchasing the cyber-insurance, the attacker optimizing its attack computing resources allocation to increase the probability of successful attack, and the cyber-insurer. We model the interaction among these three entities as a dynamic Stackelberg game. In the lower level of the game, we formulate an evolutionary subgame to analyze the provider's defense and cyber-insurance subscription strategies as well as the attacker's attack strategy. In the upper level of the game, the cyber-insurer optimizes its premium pricing strategy by taking into account the evolutionary equilibrium of the lower-level evolutionary subgame. We analytically prove that the evolutionary equilibrium is unique and stable, and study the Stackelberg equilibrium based on the optimal control theory. Moreover, we provide a series of insightful analytical and numerical results on the equilibrium of the dynamic Stackelberg game.
For the second research issue, as the open-access blockchains based on the proof-of-work consensus protocols are vulnerable to cyber-attacks, we adopt the cyber-insurance as an economic tool for neutralizing the cyber risks. Specifically, we consider a blockchain service market, which is composed of the infrastructure provider, the blockchain provider, the cyber-insurer, and the users. The blockchain provider purchases from the infrastructure provider, e.g., a cloud, the computing resources to maintain the blockchain consensus, and then offers the blockchain services to the users. The blockchain provider strategizes its investment in the infrastructure and the service price charging to the users in order to improve the security of the blockchain and thus optimize its profit. Meanwhile, the blockchain provider also purchases a cyber-insurance from the cyber-insurer to protect itself from the potential damage due to the attacks. In return, the cyber-insurer adjusts the insurance premium according to the perceived risk level of the blockchain service. Based on the assumption of rationality for the market entities, we model the interaction among the blockchain provider, the users, and the cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider and the cyber-insurer lead to set their pricing/investment strategies, and then the users follow to determine their demand of the blockchain service. Specifically, we consider the scenario of double-spending attacks and provide a series of analytical results about the Stackelberg equilibrium in the market game.
For the third research issue, we study a cloud security service market, which is composed of cloud users and cloud security service vendors (CSSVs). The CSSVs work as the insurers for selling the cloud security plan, which is consisted of cloud security service and cloud-insurance. The users in the cloud platform can purchase the cloud security plan from the CSSVs to secure their cloud service. If the cloud service is attacked and loss happens, the users will receive the claim from the CSSVs. To lower the successful attack probability, the CSSV has an incentive to invest in improving its cloud security service. Specifically, we model and study the cloud security service market in the framework of a two-stage Stackelberg game. On the upper stage, the CSSVs lead to decide on their own strategies, i.e., the price of the cloud security plan and the security investment to improve their offered cloud security service. On the lower stage, the users follow to decide on the purchase of the cloud security plan according to the prices of the cloud security plan and the perceived cyber breach probability of the cloud security service. We analytically verify that the Stackelberg equilibrium exists and is unique. Extensive simulations have been conducted to evaluate the performance of the Stackelberg game.
In summary, this thesis investigates and demonstrates a few application scenarios of cyber-insurance in computer networks. Due to the inevitability of cyber attacks, defending against cyber attacks through economic means, i.e., cyber-insurance, introduces a novel approach of cyber risk management for the computer networks. Compared with the conventional defense mechanisms, i.e., security techniques, in the computer networks, the cyber-insurance enables the security to be provided as a service such that the computer networks can be secured from the economic perspective as well. In the application scenarios, game theoretical approaches have been adopted to obtain the optimal policies in computer networks, the optimality of which has been demonstrated by comparing with the policies obtained by the baselines. |
| author2 |
Dusit Niyato |
| author_facet |
Dusit Niyato Feng, Shaohan |
| format |
Thesis-Doctor of Philosophy |
| author |
Feng, Shaohan |
| author_sort |
Feng, Shaohan |
| title |
The application of cyber-insurance in computer networks |
| title_short |
The application of cyber-insurance in computer networks |
| title_full |
The application of cyber-insurance in computer networks |
| title_fullStr |
The application of cyber-insurance in computer networks |
| title_full_unstemmed |
The application of cyber-insurance in computer networks |
| title_sort |
application of cyber-insurance in computer networks |
| publisher |
Nanyang Technological University |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/143006 |
| _version_ |
1683494365632135168 |
| spelling |
sg-ntu-dr.10356-1430062020-10-28T08:40:55Z The application of cyber-insurance in computer networks Feng, Shaohan Dusit Niyato School of Computer Science and Engineering DNIYATO@ntu.edu.sg Engineering::Computer science and engineering Due to the increasing complexity in the network attacks, perfectly securing the computer networks by relying solely on the security techniques might no longer be a sufficient and suitable solution. In this thesis, we adopt the cyber-insurance, i.e., an alternative means of cyber risk management, to manage the cyber risks due to the cyber attacks in computer networks. By enabling the transfer of the cyber risks from the computer networks to a third party, i.e., cyber insurer, cyber-insurance has been recognized as a promising and efficient approach to manage the cyber risks. Specifically, our three major research issues focus on three application scenarios of the cyber-insurance in computer networks, which are summarized as follows. For the first research issue, considering the highly virtualized environment of the fog computing, which may lead to vulnerability to the cyber attacks, we adopt the cyber-insurance to transfer cyber risks from the fog computing platform to a third party, i.e., an insurer, so as to defend against the advanced persistent threat attacks. In particular, the system model under consideration consists of three main entities, i.e., the fog computing provider working as the service provider to secure its provisioned fog computing service by jointly allocating its defense computing resources and purchasing the cyber-insurance, the attacker optimizing its attack computing resources allocation to increase the probability of successful attack, and the cyber-insurer. We model the interaction among these three entities as a dynamic Stackelberg game. In the lower level of the game, we formulate an evolutionary subgame to analyze the provider's defense and cyber-insurance subscription strategies as well as the attacker's attack strategy. In the upper level of the game, the cyber-insurer optimizes its premium pricing strategy by taking into account the evolutionary equilibrium of the lower-level evolutionary subgame. We analytically prove that the evolutionary equilibrium is unique and stable, and study the Stackelberg equilibrium based on the optimal control theory. Moreover, we provide a series of insightful analytical and numerical results on the equilibrium of the dynamic Stackelberg game. For the second research issue, as the open-access blockchains based on the proof-of-work consensus protocols are vulnerable to cyber-attacks, we adopt the cyber-insurance as an economic tool for neutralizing the cyber risks. Specifically, we consider a blockchain service market, which is composed of the infrastructure provider, the blockchain provider, the cyber-insurer, and the users. The blockchain provider purchases from the infrastructure provider, e.g., a cloud, the computing resources to maintain the blockchain consensus, and then offers the blockchain services to the users. The blockchain provider strategizes its investment in the infrastructure and the service price charging to the users in order to improve the security of the blockchain and thus optimize its profit. Meanwhile, the blockchain provider also purchases a cyber-insurance from the cyber-insurer to protect itself from the potential damage due to the attacks. In return, the cyber-insurer adjusts the insurance premium according to the perceived risk level of the blockchain service. Based on the assumption of rationality for the market entities, we model the interaction among the blockchain provider, the users, and the cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider and the cyber-insurer lead to set their pricing/investment strategies, and then the users follow to determine their demand of the blockchain service. Specifically, we consider the scenario of double-spending attacks and provide a series of analytical results about the Stackelberg equilibrium in the market game. For the third research issue, we study a cloud security service market, which is composed of cloud users and cloud security service vendors (CSSVs). The CSSVs work as the insurers for selling the cloud security plan, which is consisted of cloud security service and cloud-insurance. The users in the cloud platform can purchase the cloud security plan from the CSSVs to secure their cloud service. If the cloud service is attacked and loss happens, the users will receive the claim from the CSSVs. To lower the successful attack probability, the CSSV has an incentive to invest in improving its cloud security service. Specifically, we model and study the cloud security service market in the framework of a two-stage Stackelberg game. On the upper stage, the CSSVs lead to decide on their own strategies, i.e., the price of the cloud security plan and the security investment to improve their offered cloud security service. On the lower stage, the users follow to decide on the purchase of the cloud security plan according to the prices of the cloud security plan and the perceived cyber breach probability of the cloud security service. We analytically verify that the Stackelberg equilibrium exists and is unique. Extensive simulations have been conducted to evaluate the performance of the Stackelberg game. In summary, this thesis investigates and demonstrates a few application scenarios of cyber-insurance in computer networks. Due to the inevitability of cyber attacks, defending against cyber attacks through economic means, i.e., cyber-insurance, introduces a novel approach of cyber risk management for the computer networks. Compared with the conventional defense mechanisms, i.e., security techniques, in the computer networks, the cyber-insurance enables the security to be provided as a service such that the computer networks can be secured from the economic perspective as well. In the application scenarios, game theoretical approaches have been adopted to obtain the optimal policies in computer networks, the optimality of which has been demonstrated by comparing with the policies obtained by the baselines. Doctor of Philosophy 2020-07-21T02:50:18Z 2020-07-21T02:50:18Z 2020 Thesis-Doctor of Philosophy Feng, S. (2020). The application of cyber-insurance in computer networks. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/143006 10.32657/10356/143006 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University |