Skip to main content
SpringerLink
Log in

Paying Firms to Share Cyber Threat Intelligence

  • Conference paper
  • First Online:
Book cover Decision and Game Theory for Security (GameSec 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13061))

Included in the following conference series:

Abstract

Effective cyber defense requires stakeholders to collaborate with each other and share cyber threat intelligence. Sharing such intelligence can improve the community’s cybersecurity posture, preventing others from being hacked or compromised. However, intelligence sharing is still relatively uncommon due in part to the associated costs as well as other legitimate concerns. In this paper, we ask how a central authority could employ monetary incentives to promote intelligence sharing among competitive firms. We propose a novel game-theoretic model of intelligence sharing and derive the minimal incentive payments which ensure that firms profitably share with their competitors. We investigate the value of being able to differentiate incentives among firms (i.e., paying a different amount to each firm), and show formally that the ability to differentiate is the most valuable when the network among firms is highly heterogeneous. Finally, we show that our results are sharp in an important sense: if the authority offers less than the minimal incentive to every firm, this can render no-sharing as the unique Nash equilibrium.

This work was supported in part by NSF Grants #2122631, #2115134 and #ECCS-2013779, ARO Grant #W911NF-17-1-0566, and Colorado State Bill 18-086.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Brown, S., Gommers, J., Serrano, O.S.: From cyber security information sharing to threat management. In: Proceedings of the 2nd ACM WISCS 2015, Denver, Colorado, USA, 12 October 2015, pp. 43–49 (2015)

    Google Scholar 

  2. Do, C.T., et al.: Game theory for cyber security and privacy. ACM Comput. Surv. 50(2), 30:1–30:37 (2017)

    Google Scholar 

  3. Ezhei, M., Ladani, B.T.: Information sharing vs. privacy: a game theoretic analysis. Expert Syst. Appl. 88, 327–337 (2017)

    Article  Google Scholar 

  4. Finin, T., et al.: Assured information sharing life cycle. In: IEEE ISI 2009, Dallas, Texas, USA, 8–11 June 2009, Proceedings, pp. 307–309 (2009)

    Google Scholar 

  5. Fischer, E., Liu, E., Rollins, J., Theohary, C.: The 2013 cybersecurity executive order: Overview and considerations for congress, 15 December 2014

    Google Scholar 

  6. Gao, X., Zhong, W.: A differential game approach to security investment and information sharing in a competitive environment. IIE Trans. 48(6), 511–526 (2016)

    Article  Google Scholar 

  7. Gao, X., Zhong, W., Mei, S.: A game-theoretic analysis of information sharing and security investment for complementary firms. J. Oper. Res. Soc. 65(11), 1682–1691 (2014)

    Article  Google Scholar 

  8. Garrido-Pelaz, R., González-Manzano, L., Pastrana, S.: Shall we collaborate?: a model to analyse the benefits of information sharing. In: Proceedings of WISCS 2016, Vienna, Austria, 24–28 October 2016, pp. 15–24 (2016)

    Google Scholar 

  9. Hausken, K.: Information sharing among firms and cyber attacks. J. Account. Pub. Policy 26(6), 639–688 (2007)

    Article  Google Scholar 

  10. Johnson, C., Badger, L., Waltermire, D., Snyder, J., Skorupka, C.: The NIST guide to cyber threat information sharing (NIST special publication 800–150), October 2016

    Google Scholar 

  11. Khouzani, M.H.R., Pham, V., Cid, C.: Strategic discovery and sharing of vulnerabilities in competitive environments. In: Poovendran, R., Saad, W. (eds.) Decision and Game Theory for Security. GameSec 2014, Los Angeles, CA, USA, 6–7 November 2014. Proceedings. LNCS, vol. 8840, pp. 59–78. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_4

  12. Kiennert, C., Ismail, Z., Debar, H., Leneutre, J.: A survey on game-theoretic approaches for intrusion detection and response optimization. ACM Comput. Surv. (CSUR) 51(5), 1–31 (2018)

    Article  Google Scholar 

  13. Layfield, R., Kantarcioglu, M., Thuraisingham, B.: Incentive and trust issues in assured information sharing. In: Bertino, E., Joshi, J.B.D. (eds.) Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom 2008. LNICST, vol. 10, pp. 113–125. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03354-4_10

  14. Luiijf, E., Klaver, M.: On the sharing of cyber security information. In: Rice, M., Shenoi, S. (eds.) Critical Infrastructure Protection IX, pp. 29–46. Springer International Publishing, Cham (2015). https://doi.org/10.1007/978-3-319-26567-4_3

    Chapter  Google Scholar 

  15. Manshaei, M.H., Zhu, Q., Alpcan, T., Basar, T., Hubaux, J.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 25:1–25:39 (2013)

    Google Scholar 

  16. Mermoud, A., Keupp, M.M., Huguenin, K., Palmié, M., David, D.P.: To share or not to share: a behavioral perspective on human participation in security information sharing. J. Cybersecurity 5(1), tyz006 (2019)

    Article  Google Scholar 

  17. Pawlick, J., Zhu, Q.: Game Theory for Cyber Deception: From Theory to Applications. Springer Nature (2021)

    Google Scholar 

  18. Solak, S., Zhuo, Y.: Optimal policies for information sharing in information system security. Eur. J. Oper. Res. 284(3), 934–950 (2020)

    Article  MathSciNet  Google Scholar 

  19. Thakkar, A., Badsha, S., Sengupta, S.: Game theoretic approach applied in cybersecurity information exchange framework. In: IEEE CCNC 2020, Las Vegas, NV, USA, 10–13 January 2020, pp. 1–7 (2020)

    Google Scholar 

  20. Tosh, D.K., Sengupta, S., Kamhoua, C.A., Kwiat, K.A., Martin, A.P.: An evolutionary game-theoretic framework for cyber-threat information sharing. In: 2015 IEEE ICC 2015, London, United Kingdom, 8–12 June 2015, pp. 7341–7346 (2015)

    Google Scholar 

  21. Vakilinia, I., Sengupta, S.: A coalitional game theory approach for cybersecurity information sharing. In: 2017 IEEE MILCOM 2017, Baltimore, MD, USA, 23–25 October 2017, pp. 237–242 (2017)

    Google Scholar 

  22. Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput. Secur. 87, 101589 (2019)

    Article  Google Scholar 

  23. Webster, G.D., Harris, R.L., Hanif, Z.D., Hembree, B.A., Grossklags, J., Eckert, C.: Sharing is caring: collaborative analysis and real-time enquiry for security analytics. In: 2018 iThings, IEEE GreenCom, IEEE Cyber, CPSCom and IEEE SmartData, pp. 1402–1409. IEEE (2018)

    Google Scholar 

  24. Xu, S., Sandhu, R., Bertino, E.: TIUPAM: a framework for trustworthiness-centric information sharing. In: Ferrari, E., Li, N., Bertino, E., Karabulut, Y. (eds.) Trust Management III , IFIPTM 2009. IAICT, vol. 300, pp. 164–175. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02056-8_11

Download references

Acknowledgement

We thank the reviewers for their useful comments.

Author information

Authors and Affiliations

  1. University of Colorado Colorado Springs, Colorado Springs, CO, 80918, USA

    Brandon Collins, Shouhuai Xu & Philip N. Brown

Authors
  1. Brandon Collins
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shouhuai Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Philip N. Brown
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Brandon Collins .

Editor information

Editors and Affiliations

  1. Czech Technical University, Prague, Czech Republic

    Branislav Bošanský

  2. Carnegie Mellon University, Pittsburgh, PA, USA

    Cleotilde Gonzalez

  3. Johannes Kepler University Linz, Linz, Austria

    Stefan Rass

  4. Singapore Management University, Singapore, Singapore

    Arunesh Sinha

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Collins, B., Xu, S., Brown, P.N. (2021). Paying Firms to Share Cyber Threat Intelligence. In: Bošanský, B., Gonzalez, C., Rass, S., Sinha, A. (eds) Decision and Game Theory for Security. GameSec 2021. Lecture Notes in Computer Science(), vol 13061. Springer, Cham. https://doi.org/10.1007/978-3-030-90370-1_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90370-1_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90369-5

  • Online ISBN: 978-3-030-90370-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation