IDEAS home Printed from https://ideas.repec.org/a/wly/riskan/v38y2018i8p1559-1575.html
   My bibliography  Save this article

Security Investment in Contagious Networks

Author

Listed:
  • Seyed Alireza Hasheminasab
  • Behrouz Tork Ladani

Abstract

Security of the systems is normally interdependent in such a way that security risks of one part affect other parts and threats spread through the vulnerable links in the network. So, the risks of the systems can be mitigated through investments in the security of interconnecting links. This article takes an innovative look at the problem of security investment of nodes on their vulnerable links in a given contagious network as a game‐theoretic model that can be applied to a variety of applications including information systems. In the proposed game model, each node computes its corresponding risk based on the value of its assets, vulnerabilities, and threats to determine the optimum level of security investments on its external links respecting its limited budget. Furthermore, direct and indirect nonlinear influences of a node's security investment on the risks of other nodes are considered. The existence and uniqueness of the game's Nash equilibrium in the proposed game are also proved. Further analysis of the model in a practical case revealed that taking advantage of the investment effects of other players, perfectly rational players (i.e., those who use the utility function of the proposed game model) make more cost‐effective decisions than selfish nonrational or semirational players.

Suggested Citation

  • Seyed Alireza Hasheminasab & Behrouz Tork Ladani, 2018. "Security Investment in Contagious Networks," Risk Analysis, John Wiley & Sons, vol. 38(8), pages 1559-1575, August.
  • Handle: RePEc:wly:riskan:v:38:y:2018:i:8:p:1559-1575
    DOI: 10.1111/risa.12966
    as

    Download full text from publisher

    File URL: https://doi.org/10.1111/risa.12966
    Download Restriction: no

    File URL: https://libkey.io/10.1111/risa.12966?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Yann Bramoull? & Rachel Kranton & Martin D'Amours, 2014. "Strategic Interaction and Networks," American Economic Review, American Economic Association, vol. 104(3), pages 898-930, March.
    2. Mas-Colell, Andreu & Whinston, Michael D. & Green, Jerry R., 1995. "Microeconomic Theory," OUP Catalogue, Oxford University Press, number 9780195102680.
    3. Belhaj, Mohamed & Bramoullé, Yann & Deroïan, Frédéric, 2014. "Network games under strategic complementarities," Games and Economic Behavior, Elsevier, vol. 88(C), pages 310-319.
    4. Chopra, Shauhrat S. & Khanna, Vikas, 2015. "Interconnectedness and interdependencies of critical infrastructures in the US economy: Implications for resilience," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 436(C), pages 865-877.
    5. Ballester, Coralio & Calvó-Armengol, Antoni, 2010. "Interactions with hidden complementarities," Regional Science and Urban Economics, Elsevier, vol. 40(6), pages 397-406, November.
    6. Sergey V. Buldyrev & Roni Parshani & Gerald Paul & H. Eugene Stanley & Shlomo Havlin, 2010. "Catastrophic cascade of failures in interdependent networks," Nature, Nature, vol. 464(7291), pages 1025-1028, April.
    7. Hausken, Kjell, 2017. "Defense and attack for interdependent systems," European Journal of Operational Research, Elsevier, vol. 256(2), pages 582-591.
    8. Hausken, Kjell, 2006. "Income, interdependence, and substitution effects affecting incentives for security investment," Journal of Accounting and Public Policy, Elsevier, vol. 25(6), pages 629-665.
    9. Kunreuther, Howard & Heal, Geoffrey, 2003. "Interdependent Security," Journal of Risk and Uncertainty, Springer, vol. 26(2-3), pages 231-249, March-May.
    10. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    11. Wu, Baichao & Tang, Aiping & Wu, Jie, 2016. "Modeling cascading failures in interdependent infrastructures under terrorist attacks," Reliability Engineering and System Safety, Elsevier, vol. 147(C), pages 1-8.
    12. Kjell Hausken, 2002. "Probabilistic Risk Analysis and Game Theory," Risk Analysis, John Wiley & Sons, vol. 22(1), pages 17-27, February.
    13. Leo Katz, 1953. "A new status index derived from sociometric analysis," Psychometrika, Springer;The Psychometric Society, vol. 18(1), pages 39-43, March.
    14. Shan, Xiaojun & Zhuang, Jun, 2013. "Hybrid defensive resource allocations in the face of partially strategic attackers in a sequential defender–attacker game," European Journal of Operational Research, Elsevier, vol. 228(1), pages 262-272.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Yu Chen & Jie Hu & Weiping Zhang, 2020. "Too Connected to Fail? Evidence from a Chinese Financial Risk Spillover Network," China & World Economy, Institute of World Economics and Politics, Chinese Academy of Social Sciences, vol. 28(6), pages 78-100, November.
    2. Mansooreh Ezhei & Behrouz Tork Ladani, 2020. "Interdependency Analysis in Security Investment against Strategic Attacks," Information Systems Frontiers, Springer, vol. 22(1), pages 187-201, February.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Simon, Jay & Omar, Ayman, 2020. "Cybersecurity investments in the supply chain: Coordination and a strategic attacker," European Journal of Operational Research, Elsevier, vol. 282(1), pages 161-171.
    2. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    3. Rui Peng & Di Wu & Mengyao Sun & Shaomin Wu, 2021. "An attack-defense game on interdependent networks," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 72(10), pages 2331-2341, October.
    4. Chen, Shun & Zhao, Xudong & Chen, Zhilong & Hou, Benwei & Wu, Yipeng, 2022. "A game-theoretic method to optimize allocation of defensive resource to protect urban water treatment plants against physical attacks," International Journal of Critical Infrastructure Protection, Elsevier, vol. 36(C).
    5. Wang, Shuliang & Gu, Xifeng & Luan, Shengyang & Zhao, Mingwei, 2021. "Resilience analysis of interdependent critical infrastructure systems considering deep learning and network theory," International Journal of Critical Infrastructure Protection, Elsevier, vol. 35(C).
    6. Bose, Gautam & Konrad, Kai A., 2020. "Devil take the hindmost: Deflecting attacks to other defenders," Reliability Engineering and System Safety, Elsevier, vol. 204(C).
    7. Li, Qing & Li, Mingchu & Gong, Zhongqiang & Tian, Yuan & Zhang, Runfa, 2022. "Locating and protecting interdependent facilities to hedge against multiple non-cooperative limited choice attackers," Reliability Engineering and System Safety, Elsevier, vol. 223(C).
    8. Chaoqi, Fu & Yangjun, Gao & Jilong, Zhong & Yun, Sun & Pengtao, Zhang & Tao, Wu, 2021. "Attack-defense game for critical infrastructure considering the cascade effect," Reliability Engineering and System Safety, Elsevier, vol. 216(C).
    9. Hausken, Kjell, 2017. "Defense and attack for interdependent systems," European Journal of Operational Research, Elsevier, vol. 256(2), pages 582-591.
    10. Ghorbani-Renani, Nafiseh & González, Andrés D. & Barker, Kash & Morshedlou, Nazanin, 2020. "Protection-interdiction-restoration: Tri-level optimization for enhancing interdependent network resilience," Reliability Engineering and System Safety, Elsevier, vol. 199(C).
    11. Almoghathawi, Yasser & Selim, Shokri & Barker, Kash, 2023. "Community structure recovery optimization for partial disruption, functionality, and restoration in interdependent networks," Reliability Engineering and System Safety, Elsevier, vol. 229(C).
    12. Bloch, Francis & Quérou, Nicolas, 2013. "Pricing in social networks," Games and Economic Behavior, Elsevier, vol. 80(C), pages 243-261.
    13. Levitin, Gregory & Hausken, Kjell, 2008. "Protection vs. redundancy in homogeneous parallel systems," Reliability Engineering and System Safety, Elsevier, vol. 93(10), pages 1444-1451.
    14. Belhaj, Mohamed & Deroïan, Frédéric, 2012. "Risk taking under heterogenous revenue sharing," Journal of Development Economics, Elsevier, vol. 98(2), pages 192-202.
    15. Demange, Gabrielle, 2017. "Optimal targeting strategies in a network under complementarities," Games and Economic Behavior, Elsevier, vol. 105(C), pages 84-103.
    16. Dubovik, Andrei, 2018. "Mergers on Networks," MPRA Paper 95458, University Library of Munich, Germany.
    17. Hausken, Kjell, 2008. "Strategic defense and attack for reliability systems," Reliability Engineering and System Safety, Elsevier, vol. 93(11), pages 1740-1750.
    18. Kjell Hausken & Vicki M. Bier & Jun Zhuang, 2009. "Defending Against Terrorism, Natural Disaster, and All Hazards," International Series in Operations Research & Management Science, in: Vicki M. M. Bier & M. Naceur Azaiez (ed.), Game Theoretic Risk Analysis of Security Threats, chapter 4, pages 65-97, Springer.
    19. Kjell Hausken & Gregory Levitin, 2008. "Efficiency of Even Separation of Parallel Elements with Variable Contest Intensity," Risk Analysis, John Wiley & Sons, vol. 28(5), pages 1477-1486, October.
    20. Argenti, Francesca & Landucci, Gabriele & Reniers, Genserik & Cozzani, Valerio, 2018. "Vulnerability assessment of chemical facilities to intentional attacks based on Bayesian Network," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 515-530.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:riskan:v:38:y:2018:i:8:p:1559-1575. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1111/(ISSN)1539-6924 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.