skip to main content
10.1145/2590296.2590308acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
short-paper

How many down?: toward understanding systematic risk in networks

Published: 04 June 2014 Publication History

Abstract

The systematic risk of a networked system depends to a large extent on its topology. In this paper, we explore this dependency using a model of risk propagation from the literature on interdependent security games. Our main area of focus is on the number of nodes that go down after an attack takes place. We develop a simulation algorithm to study the effects of such attacks on arbitrary topologies, and apply this simulation to scale-free networks. We investigate by graphical illustration how the outcome distribution of such networks exhibits correlation effects that increase the likelihood of losing more nodes at once -- an effect having direct applications to cyber-insurance.

References

[1]
R. Anderson. Liability and computer security: Nine principles. In Proceedings of the Third European Symposium on Research in Computer Security (ESORICS), pages 231--245, Nov. 1994.
[2]
J. Aspnes, K. Chang, and A. Yampolskiy. Inoculation strategies for victims of viruses and the sum-of-squares partition problem. Journal of Computer and System Sciences, 72(6):1077--1093, Sept. 2006.
[3]
A.-L. Barabási. Scale-free networks: A decade and beyond. Science, 325(5939):412--413, July 2009.
[4]
A.-L. Barabási and R. Albert. Emergence of scaling in random networks. Science, 286(5439):509--512, Oct. 1999.
[5]
K. Birman and F. Schneider. The monoculture risk put into context. IEEE Security and Privacy, 7(1):14--17, Jan. 2009.
[6]
R. Bohme. Towards insurable network architectures. it - Information Technology, 52(5):290--293, Sept. 2010.
[7]
R. Bohme and G. Kataria. Models and measures for correlation in cyber-insurance. In Workshop on the Economics of Information Security, June 2006.
[8]
R. Bohme and G. Schwartz. Modeling cyber-insurance: Towards a unifying framework. In Workshop on the Economics of Information Security, June 2010.
[9]
H. Chan, M. Ceyko, and L. Ortiz. Interdependent defense games: Modeling interdependent security under deliberate attacks. In Proceedings of the Twenty-Eighth Conference on Uncertainty in Artificial Intelligence (UAI), pages 152--162, Aug. 2012.
[10]
P.-Y. Chen, G. Kataria, and R. Krishnan. Correlated failures, diversification, and information security risk management. MIS Quarterly, 35(2):397--422, June 2011.
[11]
S. Dhall, S. Lakshmivarahan, and P. Verma. On the number and the distribution of the Nash equilibria in supermodular games and their impact on the tipping set. In Proceedings of the International Conference on Game Theory for Networks (GameNets), pages 691--696, May 2009.
[12]
M. Gjoka, M. Kurant, C. Butts, and A. Markopoulou. Practical recommendations on crawling online social networks. IEEE Journal on Selected Areas in Communications, 29(9):1872--1892, Oct. 2011.
[13]
L. Gordon, M. Loeb, and W. Lucyshyn. Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22(6):461--485, November--December 2003.
[14]
J. Grossklags, N. Christin, and J. Chuang. Secure or insure?: A game-theoretic analysis of information security games. In Proceedings of the 17th International World Wide Web Conference (WWW), pages 209--218, Apr. 2008.
[15]
G. Heal and H. Kunreuther. Interdependent security: A general model. Working Paper No. 10706, NBER, August 2004.
[16]
B. Johnson, R. Bohme, and J. Grossklags. Security games with market insurance. Decision and Game Theory for Security, pages 117--130, 2011.
[17]
B. Johnson, J. Grossklags, N. Christin, and J. Chuang. Uncertainty in interdependent security games. Decision and Game Theory for Security, pages 234--244, 2010.
[18]
B. Johnson, A. Laszka, and J. Grossklags. The complexity of estimating systematic risk in networks. Working paper, Feb. 2014.
[19]
M. Kearns and L. Ortiz. Algorithms for interdependent security games. In S. Thrun, L. Saul, and B. Scholkopf, editors, Advances in Neural Information Processing Systems 16, pages 561--568. MIT Press, 2004.
[20]
J. Kephart and S. White. Directed-graph epidemiological models of computer viruses. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pages 343--359, May 1991.
[21]
H. Kunreuther and G. Heal. Interdependent security. Journal of Risk and Uncertainty, 26(2):231--249, 2003.
[22]
A. Laszka, M. Felegyhazi, and L. Buttyán. A survey of interdependent security games. Technical Report CRYSYS-TR-2012-11-15, CrySyS Lab, Budapest University of Technology and Economics, Nov 2012.
[23]
A. Laszka, B. Johnson, J. Grossklags, and M. Felegyhazi. Estimating systematic risk in real-world networks. In Proceedings of the 18th International Conference on Financial Cryptography and Data Security (FC), 2014.
[24]
L. Li, D. Alderson, J. Doyle, and W. Willinger. Towards a theory of scale-free graphs: Definition, properties, and implications. Internet Mathematics, 2(4):431--523, 2005.
[25]
A. Mislove, M. Marcon, K. Gummadi, P. Druschel, and B. Bhattacharjee. Measurement and analysis of online social networks. In Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pages 29--42, 2007.
[26]
T. Moscibroda, S. Schmid, and R. Wattenhofer. When selfish meets evil: Byzantine players in a virus inoculation game. In Proceedings of the ACM Symposium on Principles of Distributed Computing, pages 35--44, 2006.
[27]
H. Ogut, N. Menon, and S. Raghunathan. Cyber insurance and IT security investment: Impact of interdependent risk. In Workshop on the Economics of Information Security, 2005.
[28]
M. Stumpf, C. Wiuf, and R. May. Subnets of scale-free networks are not scale-free: Sampling properties of networks. Proceedings of the National Academy of Sciences of the United States of America, 102(12):4221--4224, 2005.
[29]
H. Varian. System reliability and free riding. In J. Camp and S. Lewis, editors, Economics of Information Security, pages 1--15. Kluwer Academic Publishers, Dordrecht, The Netherlands, 2004.

Cited By

View all
  • (2024)A Method for Rapid Risk Assessment of a Computer Network with a Star-Shaped Topology2024 8th International Conference on Information, Control, and Communication Technologies (ICCT)10.1109/ICCT62929.2024.10874943(1-4)Online publication date: 1-Oct-2024
  • (2023)Modeling and pricing cyber insuranceEuropean Actuarial Journal10.1007/s13385-023-00341-913:1(1-53)Online publication date: 23-Jan-2023
  • (2018)On the Assessment of Systematic Risk in Networked SystemsACM Transactions on Internet Technology10.1145/316606918:4(1-28)Online publication date: 7-Aug-2018
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security
June 2014
556 pages
ISBN:9781450328005
DOI:10.1145/2590296
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 June 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cyber-insurance
  2. economics of security
  3. networks
  4. risk mitigation
  5. scale-free networks
  6. security
  7. topology

Qualifiers

  • Short-paper

Funding Sources

Conference

ASIA CCS '14
Sponsor:

Acceptance Rates

ASIA CCS '14 Paper Acceptance Rate 50 of 255 submissions, 20%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)7
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)A Method for Rapid Risk Assessment of a Computer Network with a Star-Shaped Topology2024 8th International Conference on Information, Control, and Communication Technologies (ICCT)10.1109/ICCT62929.2024.10874943(1-4)Online publication date: 1-Oct-2024
  • (2023)Modeling and pricing cyber insuranceEuropean Actuarial Journal10.1007/s13385-023-00341-913:1(1-53)Online publication date: 23-Jan-2023
  • (2018)On the Assessment of Systematic Risk in Networked SystemsACM Transactions on Internet Technology10.1145/316606918:4(1-28)Online publication date: 7-Aug-2018
  • (2016)Should Cyber-Insurance Providers Invest in Software Security?Computer Security -- ESORICS 201510.1007/978-3-319-24174-6_25(483-502)Online publication date: 13-Jan-2016
  • (2014)A New Perspective to Information SecurityProceedings of the 7th International Conference on Security of Information and Networks10.1145/2659651.2659666(56-60)Online publication date: 9-Sep-2014
  • (2014)A Survey of Interdependent Information Security GamesACM Computing Surveys10.1145/263567347:2(1-38)Online publication date: 29-Aug-2014
  • (2014)The Complexity of Estimating Systematic Risk in Networks2014 IEEE 27th Computer Security Foundations Symposium10.1109/CSF.2014.30(325-336)Online publication date: Jul-2014
  • (2014)Estimating Systematic Risk in Real-World NetworksFinancial Cryptography and Data Security10.1007/978-3-662-45472-5_27(417-435)Online publication date: 9-Nov-2014

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media