基于Gordon-Loeb模型的信息安全投资博弈研究

doi:10.11959/j.issn.1000-436x.2018027

Abstract

Abstract:

In order to study the impacts of externalities of information security investment,the Gordon-Loeb model was extended to a multi-organization game environment.The relationships of the optimal information security investment with vulnerability,potential loss and investment effectiveness when confronted with different attack types under the positive and negative externalities were obtained respectively,and the difference with the optimal information security investment under the social optimum condition was compared.The results show that there were some similarities in the varying pattern of information security investment between the condition of the positive externality and a single organization,but information security investment under the negative externality changes greatly and was generally more cautious,and attack types also have important impacts on information security investment.

Key words: information security investment, Gordon-Loeb model, externality, attack type

CLC Number:

TP309

Qin WANG,Jianming ZHU. Research on the game of information security investment based on the Gordon-Loeb model[J]. Journal on Communications, 2018, 39(2): 174-182.

Figures/Tables 3

References 14

[1]	ANDERSON R , . Why information security is hard:an economic perspective[C]// The Seventeenth Annual Computer Security Applications Conference. 2001: 358-365.
[2]	GORDON L A , LOEB M P . The economics of information security investment[J]. ACM Transactions on Information ＆ System Security, 2002,5(4): 438-457.
[3]	陈天平, 张串绒, 郭威武 ,等. 效用理论在信息安全投资优化中的应用[J]. 计算机科学, 2009,36(12): 70-72.
	CHEN T P , ZHANG C R , GUO W W ,et al. Application of utility theory in investment optimizing of information security[J]. Computer Science, 2009,36(12): 70-72.
[4]	GORDON L A , LOEB M P , LUCYSHYN W ,et al. Externalities and the magnitude of cyber security underinvestment by private sector firms:a modification of the Gordon-Loeb model[J]. Journal of Information Security, 2015,6(1): 24-30.
[5]	HUANG C D , HU Q , BEHARA R S . Economics of information security investment in the case of simultaneous attacks[C]// The Fifth Workshop on the Economics of Information Security. 2006.
[6]	HUANG C D , HU Q , BEHARA R S . An economic analysis of the optimal information security investment in the case of a risk-averse firm[J]. International Journal of Production Economics, 2008,114(2): 793-804.
[7]	HUANG C D , BEHARA R S , GOO J . Optimal information security investment in a Healthcare Information Exchange:an economic analysis[J]. Decision Support Systems, 2013,61(1): 1-11.
[8]	GORDON L A , LOEB M P , LUCYSHYN W . Sharing information on computer systems security:an economic analysis[J]. Journal of Accounting ＆ Public Policy, 2003,22(6): 461-485.
[9]	巩国权, 王军, 强爽 . 双寡头垄断市场的信息安全投资模型研究[J]. 中国管理科学, 2007,15(z1): 444-448.
	GONG G Q , WANG J , QIANG S . Information security investment model in dual-oligopoly market[J]. Chinese Journal of Management Science, 2007,15(z1): 444-448.
[10]	LELARGE M . Coordination in network security games:a monotone comparative statics approach[J]. IEEE Journal on Selected Areas in Communications, 2012,30(11): 2210-2219.
[11]	WU Y , FENG G , WANG N ,et al. Game of information security investment:impact of attack types and network vulnerability[J]. Expert Systems with Applications, 2015,42(15-16): 6132-6146.
[12]	QIAN X , LIU X , PEI J ,et al. A game-theoretic analysis of information security investment for multiple firms in a network[J]. Journal of the Operational Research Society, 2017,68(10): 1-16.
[13]	IOANNIDIS C , PYM D , WILLIAMS J . Fixed costs,investment rigidities,and risk aversion in information security:a utility-theoretic approach[M]// Economics of Information Security and Privacy III. 2013: 171-191.
[14]	?APKO Z , AKSENTIJEVI? S , TIJAN E . Economic and financial analysis of investments in information security[C]// The 37th International Convention on Information and Communication Technology,Electronics and Microelectronics. 2014: 1550-1556.

Metrics

Recommended 0

No Suggested Reading articles found!

[1]	Xiaoni DU, Xiangyu WANG, Lifang LIANG, Kaibin LI. Quantum cryptanalysis of lightweight block cipher Piccolo [J]. Journal on Communications, 2023, 44(6): 175-182.
[2]	Zhen ZHENG, Yingjian YAN, Juesong CAI, Yanjiang LIU. Non-specific TVLA method based on two-sample KS test [J]. Journal on Communications, 2023, 44(5): 137-147.
[3]	Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233.
[4]	Dacheng ZHOU, Hongchang CHEN, Weizhen HE, Guozhen CHENG, Hongchao HU. Research on multidimensional dynamic defense strategy for microservice based on deep reinforcement learning [J]. Journal on Communications, 2023, 44(4): 50-63.
[5]	Ming TANG, Yifan HU. Load-to-store: exploit the time leakage of store buffer transient window [J]. Journal on Communications, 2023, 44(4): 64-77.
[6]	Wei LI, Chun LIU, Dawu GU, Wenqian SUN, Jianning GAO, Mengyang QIN. Statistical ineffective fault analysis of the lightweight authenticated cipher algorithm Saturnin-Short [J]. Journal on Communications, 2023, 44(4): 167-175.
[7]	Yuling LIU, Cuilin WANG, Zhangjie FU. Generative text steganography method based on emotional expression in semantic space [J]. Journal on Communications, 2023, 44(4): 176-186.
[8]	Baiji HU, Xiaojuan ZHANG, Yuancheng LI, Rongxin LAI. Multi-function supported privacy protection data aggregation scheme for V2G network [J]. Journal on Communications, 2023, 44(4): 187-200.
[9]	Wei FAN, Cheng PENG, Dali ZHU, Yuqing WANG. Research on intrusion response strategy based on static Bayesian game in mobile edge computing network [J]. Journal on Communications, 2023, 44(2): 70-81.
[10]	Dongyan HUANG, Kun LI. Research on multi-address time-based blockchain covert communication method [J]. Journal on Communications, 2023, 44(2): 148-159.
[11]	Shufen ZHANG, Yanling DONG, Jingcheng XU, Haoshi WANG. AdaBoost algorithm based on target perturbation [J]. Journal on Communications, 2023, 44(2): 198-209.
[12]	Shengbao WANG, Xin ZHOU, Kang WEN, Bosen WENG. Tripartite authenticated key exchange protocol for smart grid [J]. Journal on Communications, 2023, 44(2): 210-218.
[13]	Yiliang HAN, Kaiyang GUO, Riming WU, Kai LIU. Attribute-based encryption scheme against key abuse based on OBDD access structure from lattice [J]. Journal on Communications, 2023, 44(1): 75-88.
[14]	Chao XIA, Yaqi LIU, Qingxiao GUAN, Xin JIN, Yanshuo ZHANG, Shengwei XU. Steganalysis of JPEG images using non-linear residuals [J]. Journal on Communications, 2023, 44(1): 142-152.
[15]	Xiaodong FU, Xinxin QI, Li LIU, Wei PENG, Jiaman DING, Fei DAI. Detecting and preventing collusion attack in DPoS based on power index [J]. Journal on Communications, 2022, 43(12): 123-133.

Research on the game of information security investment based on the Gordon-Loeb model

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 3

References 14

Related Articles 15

Metrics

Recommended 0