Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity
Due to the recent cyber attacks, cybersecurity is becoming more critical in modern society. A single attack (e.g., WannaCry ransomware attack) can cause as much as $4 billion in damage. However, the cybersecurity investment by companies is far from satisfactory. Therefore, governments (e.g., in the...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2019
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9151 https://ink.library.smu.edu.sg/context/sis_research/article/10154/viewcontent/0834_pvoa.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10154 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-101542024-08-01T09:16:42Z Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity WANG, Xinrun AN, Bo CHAN, Hau Due to the recent cyber attacks, cybersecurity is becoming more critical in modern society. A single attack (e.g., WannaCry ransomware attack) can cause as much as $4 billion in damage. However, the cybersecurity investment by companies is far from satisfactory. Therefore, governments (e.g., in the UK) launch grants and subsidies to help companies to boost their cybersecurity to create a safer national cyber environment. The allocation problem is hard due to limited subsidies and the interdependence between self-interested companies and the presence of a strategic cyber attacker. To tackle the government's allocation problem, we introduce a Stackelberg game-theoretic model where the government first commits to an allocation and the companies/users and attacker simultaneously determine their protection and attack (pure or mixed) strategies, respectively. For the pure-strategy case, while there may not be a feasible allocation in general, we prove that computing an optimal allocation is NP-hard and propose a linear reverse convex program when the attacker can attack all users. For the mixed-strategy case, we show that there is a polynomial time algorithm to find an optimal allocation when the attacker has a single-attack capability. We then provide a heuristic algorithm, based on best-response-gradient dynamics, to find an effective allocation in the general setting. Experimentally, we show that our heuristic is effective and outperforms other baselines on synthetic and real data. 2019-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9151 info:doi/10.24963/ijcai.2019/834 https://ink.library.smu.edu.sg/context/sis_research/article/10154/viewcontent/0834_pvoa.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Artificial Intelligence and Robotics Information Security Theory and Algorithms |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Artificial Intelligence and Robotics Information Security Theory and Algorithms |
| spellingShingle |
Artificial Intelligence and Robotics Information Security Theory and Algorithms WANG, Xinrun AN, Bo CHAN, Hau Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity |
| description |
Due to the recent cyber attacks, cybersecurity is becoming more critical in modern society. A single attack (e.g., WannaCry ransomware attack) can cause as much as $4 billion in damage. However, the cybersecurity investment by companies is far from satisfactory. Therefore, governments (e.g., in the UK) launch grants and subsidies to help companies to boost their cybersecurity to create a safer national cyber environment. The allocation problem is hard due to limited subsidies and the interdependence between self-interested companies and the presence of a strategic cyber attacker. To tackle the government's allocation problem, we introduce a Stackelberg game-theoretic model where the government first commits to an allocation and the companies/users and attacker simultaneously determine their protection and attack (pure or mixed) strategies, respectively. For the pure-strategy case, while there may not be a feasible allocation in general, we prove that computing an optimal allocation is NP-hard and propose a linear reverse convex program when the attacker can attack all users. For the mixed-strategy case, we show that there is a polynomial time algorithm to find an optimal allocation when the attacker has a single-attack capability. We then provide a heuristic algorithm, based on best-response-gradient dynamics, to find an effective allocation in the general setting. Experimentally, we show that our heuristic is effective and outperforms other baselines on synthetic and real data. |
| format |
text |
| author |
WANG, Xinrun AN, Bo CHAN, Hau |
| author_facet |
WANG, Xinrun AN, Bo CHAN, Hau |
| author_sort |
WANG, Xinrun |
| title |
Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity |
| title_short |
Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity |
| title_full |
Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity |
| title_fullStr |
Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity |
| title_full_unstemmed |
Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity |
| title_sort |
who should pay the cost: a game-theoretic model for government subsidized investments to improve national cybersecurity |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2019 |
| url |
https://ink.library.smu.edu.sg/sis_research/9151 https://ink.library.smu.edu.sg/context/sis_research/article/10154/viewcontent/0834_pvoa.pdf |
| _version_ |
1814047756801540096 |