通信学报 ›› 2018, Vol. 39 ›› Issue (2): 174-182.doi: 10.11959/j.issn.1000-436x.2018027
• 学术通信 • 上一篇
王秦,朱建明
修回日期:2018-01-02
出版日期:2018-02-01
发布日期:2018-03-28
作者简介:王秦(1990-),男,甘肃天水人,中央财经大博士生,主要研究方向为信息安全的经济学分析。|朱建明(1965-),男,山西太原人,博士,中央财经大学教授、博士生导师,主要研究方向为信息安全和电子商务安全。
基金资助:Qin WANG,Jianming ZHU
Revised:2018-01-02
Online:2018-02-01
Published:2018-03-28
Supported by:摘要:
为了研究信息安全投资外部性的影响,将Gordon-Loeb模型扩展到多组织博弈环境下,分别得出在正负外部性下,面对不同类型的攻击时,最优信息安全投资与脆弱性、潜在损失和投资效率的关系,并且比较了与社会最优条件下最优信息安全投资的差别。结果表明,正外部性条件下的信息安全投资变化规律与单一组织的情况相比存在一定相似之处,但负外部性下的信息安全投资改变较大,总体更加谨慎,并且攻击类型对于信息安全投资有着重要影响。
中图分类号:
王秦,朱建明. 基于Gordon-Loeb模型的信息安全投资博弈研究[J]. 通信学报, 2018, 39(2): 174-182.
Qin WANG,Jianming ZHU. Research on the game of information security investment based on the Gordon-Loeb model[J]. Journal on Communications, 2018, 39(2): 174-182.
图1
漏洞风险与脆弱性的关系"
图2
漏洞风险与信息安全投资额的关系"
图3
组织信息安全投资博弈关系"
| [1] | ANDERSON R , . Why information security is hard:an economic perspective[C]// The Seventeenth Annual Computer Security Applications Conference. 2001: 358-365. |
| [2] | GORDON L A , LOEB M P . The economics of information security investment[J]. ACM Transactions on Information & System Security, 2002,5(4): 438-457. |
| [3] | 陈天平, 张串绒, 郭威武 ,等. 效用理论在信息安全投资优化中的应用[J]. 计算机科学, 2009,36(12): 70-72. |
| CHEN T P , ZHANG C R , GUO W W ,et al. Application of utility theory in investment optimizing of information security[J]. Computer Science, 2009,36(12): 70-72. | |
| [4] | GORDON L A , LOEB M P , LUCYSHYN W ,et al. Externalities and the magnitude of cyber security underinvestment by private sector firms:a modification of the Gordon-Loeb model[J]. Journal of Information Security, 2015,6(1): 24-30. |
| [5] | HUANG C D , HU Q , BEHARA R S . Economics of information security investment in the case of simultaneous attacks[C]// The Fifth Workshop on the Economics of Information Security. 2006. |
| [6] | HUANG C D , HU Q , BEHARA R S . An economic analysis of the optimal information security investment in the case of a risk-averse firm[J]. International Journal of Production Economics, 2008,114(2): 793-804. |
| [7] | HUANG C D , BEHARA R S , GOO J . Optimal information security investment in a Healthcare Information Exchange:an economic analysis[J]. Decision Support Systems, 2013,61(1): 1-11. |
| [8] | GORDON L A , LOEB M P , LUCYSHYN W . Sharing information on computer systems security:an economic analysis[J]. Journal of Accounting & Public Policy, 2003,22(6): 461-485. |
| [9] | 巩国权, 王军, 强爽 . 双寡头垄断市场的信息安全投资模型研究[J]. 中国管理科学, 2007,15(z1): 444-448. |
| GONG G Q , WANG J , QIANG S . Information security investment model in dual-oligopoly market[J]. Chinese Journal of Management Science, 2007,15(z1): 444-448. | |
| [10] | LELARGE M . Coordination in network security games:a monotone comparative statics approach[J]. IEEE Journal on Selected Areas in Communications, 2012,30(11): 2210-2219. |
| [11] | WU Y , FENG G , WANG N ,et al. Game of information security investment:impact of attack types and network vulnerability[J]. Expert Systems with Applications, 2015,42(15-16): 6132-6146. |
| [12] | QIAN X , LIU X , PEI J ,et al. A game-theoretic analysis of information security investment for multiple firms in a network[J]. Journal of the Operational Research Society, 2017,68(10): 1-16. |
| [13] | IOANNIDIS C , PYM D , WILLIAMS J . Fixed costs,investment rigidities,and risk aversion in information security:a utility-theoretic approach[M]// Economics of Information Security and Privacy III. 2013: 171-191. |
| [14] | ?APKO Z , AKSENTIJEVI? S , TIJAN E . Economic and financial analysis of investments in information security[C]// The 37th International Convention on Information and Communication Technology,Electronics and Microelectronics. 2014: 1550-1556. |
| [1] | 杜小妮, 王香玉, 梁丽芳, 李锴彬. 轻量级分组密码Piccolo的量子密码分析[J]. 通信学报, 2023, 44(6): 175-182. |
| [2] | 郑震, 严迎建, 蔡爵嵩, 刘燕江. 基于双样本KS检验的非特定TVLA方法[J]. 通信学报, 2023, 44(5): 137-147. |
| [3] | 冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233. |
| [4] | 周大成, 陈鸿昶, 何威振, 程国振, 扈红超. 基于深度强化学习的微服务多维动态防御策略研究[J]. 通信学报, 2023, 44(4): 50-63. |
| [5] | 唐明, 胡一凡. Load-to-store: store buffer暂态窗口时间泄露的利用[J]. 通信学报, 2023, 44(4): 64-77. |
| [6] | 李玮, 刘春, 谷大武, 孙文倩, 高建宁, 秦梦洋. Saturnin-Short轻量级认证加密算法的统计无效故障分析[J]. 通信学报, 2023, 44(4): 167-175. |
| [7] | 刘玉玲, 王翠林, 付章杰. 语义空间下基于情感表达的生成式文本隐写方法[J]. 通信学报, 2023, 44(4): 176-186. |
| [8] | 胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200. |
| [9] | 范伟, 彭诚, 朱大立, 王雨晴. 移动边缘计算网络下基于静态贝叶斯博弈的入侵响应策略研究[J]. 通信学报, 2023, 44(2): 70-81. |
| [10] | 黄冬艳, 李琨. 多地址的时间型区块链隐蔽通信方法研究[J]. 通信学报, 2023, 44(2): 148-159. |
| [11] | 张淑芬, 董燕灵, 徐精诚, 王豪石. 基于目标扰动的AdaBoost算法[J]. 通信学报, 2023, 44(2): 198-209. |
| [12] | 王圣宝, 周鑫, 文康, 翁柏森. 适用于智能电网的三方认证密钥交换协议[J]. 通信学报, 2023, 44(2): 210-218. |
| [13] | 韩益亮, 郭凯阳, 吴日铭, 刘凯. 格上基于OBDD访问结构的抗密钥滥用属性加密方案[J]. 通信学报, 2023, 44(1): 75-88. |
| [14] | 夏超, 刘亚奇, 关晴骁, 金鑫, 张艳硕, 许盛伟. 基于非线性残差的JPEG图像隐写分析[J]. 通信学报, 2023, 44(1): 142-152. |
| [15] | 付晓东, 漆鑫鑫, 刘骊, 彭玮, 丁家满, 代飞. 基于权力指数的DPoS共谋攻击检测与预防[J]. 通信学报, 2022, 43(12): 123-133. |
| 阅读次数 | ||||||
|
全文 |
|
|||||
|
摘要 |
|
|||||
|
||
