Fair and private rewarding in a coalitional game of cybersecurity information sharing
- Author(s): Iman Vakilinia 1 and Shamik Sengupta 1
-
-
View affiliations
-
Affiliations:
1:
Department of Computer Science and Engineering , University of Nevada Reno , 1664 N. Virginia Street, Reno 89557 , USA
-
Affiliations:
1:
Department of Computer Science and Engineering , University of Nevada Reno , 1664 N. Virginia Street, Reno 89557 , USA
- Source:
Volume 13, Issue 6,
November
2019,
p.
530 – 540
DOI: 10.1049/iet-ifs.2018.5079 , Print ISSN 1751-8709, Online ISSN 1751-8717
Cybersecurity information sharing is a key factor of cyber threat intelligence, allowing organisations to detect and prevent malicious behaviours proactively. However, stimulating organisations to participate and deterring free-riding in such sharing is a big challenge. To this end, the sharing system should be equipped with a rewarding and participation-fees allocation mechanisms to encourage sharing behaviour. The problem of cybersecurity information sharing as a non-cooperative game has been studied extensively. In contrast, in this study, the authors model such a problem as a coalitional game. They investigate a rewarding and participation-fees calculation based on profit sharing in coalitional game theory. In particular, they formulate a coalitional game between organisations and analyse the well-known Shapley value and Nucleolus solution concepts in the cybersecurity information sharing system. Moreover, as the participation-fees may leak sensitive information about the organisations’ cyber-infrastructure, they study the application of differential privacy in the coalitional game theory to protect the organisation's fees while approximating the fairness.
Inspec keywords: game theory; security of data; data privacy
Other keywords: differential privacy; coalitional game theory; Shapley value; organisation fees; noncooperative game; cybersecurity information sharing system; organisation cyber-infrastructure; sharing behaviour; rewarding participation-fees; Nucleolus solution; profit sharing
Subjects: Game theory; Data security
References
-
-
1)
-
1. Brown, S., Gommers, J., Serrano, O.: ‘From cyber security information sharing to threat management’. Proc. of the 2nd ACM Workshop on Information Sharing and Collaborative Security, Denver, Colorado, USA, 2015, pp. 43–49.
-
-
2)
-
44. Muto, S., Nakayama, M., Potters, J., et al: ‘On big boss games’, Econ. Stud. Q., 1988, 39, (4), pp. 303–321.
-
-
3)
-
33. McSherry, F., Mironov, I.: ‘Differentially private recommender systems: building privacy into the Netflix prize contenders’. Proc. of the 15th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, Paris, France, 2009, pp. 627–636.
-
-
4)
-
17. Vakilinia, I., Sengupta, S.: ‘A coalitional cyber-insurance framework for a common platform’, IEEE Trans. Inf. Forensics Sec., 2018, 14, (6), pp. 1526–1538.
-
-
5)
-
39. Shapley, L.S.: ‘A value for n-person games’, Contrib. Theory Games, 1953, 2, (28), pp. 307–317.
-
-
6)
-
31. Kargupta, H., Datta, S., Wang, Q., et al: ‘On the privacy preserving properties of random data perturbation techniques’. Third IEEE Int. Conf. on Data Mining, ICDM 2003, Melbourne, FL, USA, 2003, pp. 99–106.
-
-
7)
-
48. ‘Mattugames: a game theoretical Matlab toolbox to compute solution schemes and properties from TU-games’. Available at https://www.mathworks.com/matlabcentral/fileexchange/35933-mattugames.
-
-
8)
-
27. Halpern, J., Teague, V.: ‘Rational secret sharing and multiparty computation’. Proc. of the Thirty-Sixth Annual ACM Symp. on Theory of Computing, Chicago, IL, USA, 2004, pp. 623–632.
-
-
9)
-
35. Jin, H., Su, L., Ding, B., et al: ‘Enabling privacy-preserving incentives for mobile crowd sensing systems’. 2016 IEEE 36th Int. Conf. on Distributed Computing Systems (ICDCS), Nara, Japan, 2016, pp. 344–353.
-
-
10)
-
28. Goldman, C.V., Zilberstein, S.: ‘Optimizing information exchange in cooperative multi-agent systems’. Proc. of the Second Int. Joint Conf. on Autonomous Agents and Multiagent Systems, Melbourne, Australia, 2003, pp. 137–144.
-
-
11)
-
16. Khalili, M.M., Naghizadeh, P., Liu, M.: ‘Embracing risk dependency in designing cyber-insurance contracts’. 2017 55th Annual Allerton Conf. on Communication, Control, and Computing (Allerton), Monticello, IL, USA, 2017, pp. 926–933.
-
-
12)
-
42. Singh, C., Sarkar, S., Aram, A., et al: ‘Cooperative profit sharing in coalition-based resource allocation in wireless networks’, IEEE/ACM Trans. Netw., 2012, 20, (1), pp. 69–83.
-
-
13)
-
20. Vakilinia, I., Cheung, S., Sengupta, S.: ‘Sharing susceptible passwords as cyber threat intelligence feed’. 2018 IEEE Military Communications Conf. (MILCOM), MILCOM 2018, Los Angeles, CA, USA, 2018, pp. 1–6.
-
-
14)
-
36. Ács, G., Castelluccia, C.: ‘I have a DREAM! (DiffeRentially privatE smArt metering)’. Information Hiding, 2011, vol. 6958, pp. 118–132.
-
-
15)
-
29. Lindell, Y., Pinkas, B.: ‘Secure multiparty computation for privacy-preserving data mining’, J. Priv. Confidentiality, 2009, 1, (1), p. 5.
-
-
16)
-
46. Dwork, C., Roth, A.: ‘The algorithmic foundations of differential privacy’, Found. Trends® Theor. Comput. Sci., 2014, 9, (3–4), pp. 211–407.
-
-
17)
-
21. Bhatia, J., Breaux, T.D., Friedberg, L., et al: ‘Privacy risk in cybersecurity data sharing’. Proc. of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, Vienna, Austria, 2016, pp. 57–64.
-
-
18)
-
26. Vakilinia, I., Tosh, D.K., Sengupta, S.: ‘Privacy-preserving cybersecurity information exchange mechanism’. 2017 Int. Symp. on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, WA, USA, 2017, pp. 1–7.
-
-
19)
-
49. Kullback, S., Leibler, R.A.: ‘On information and sufficiency’, Ann. Math. Stat., 1951, 22, (1), pp. 79–86.
-
-
20)
-
41. Saad, W., Han, Z., Debbah, M., et al: ‘Coalitional game theory for communication networks’, IEEE Signal Process. Mag., 2009, 26, (5), pp. 77–97.
-
-
21)
-
8. Khouzani, M., Pham, V., Cid, C.: ‘Strategic discovery and sharing of vulnerabilities in competitive environments’. Int. Conf. on Decision and Game Theory for Security, Los Angeles, CA, USA, 2014, pp. 59–78.
-
-
22)
-
3. ‘S.754 – to improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes’. Available at https://www.congress.gov/bill/114th-congress/senate-bill/754/.
-
-
23)
-
45. Shapley, L.S.: ‘Cores of convex games’, Int. J. Game Theory, 1971, 1, (1), pp. 11–26.
-
-
24)
-
37. Backes, M., Meiser, S.: ‘Differentially private smart metering with battery recharging’. Data Privacy Management and Autonomous Spontaneous Security, Egham, UK, 2014, pp. 194–212.
-
-
25)
-
32. Dwork, C.: ‘Differential privacy: a survey of results’. Int. Conf. on Theory and Applications of Models of Computation, Xi'an, China, 2008, pp. 1–19.
-
-
26)
-
14. Steinberger, J., Sperotto, A., Golling, M., et al: ‘How to exchange security events? Overview and evaluation of formats and protocols’. 2015 IFIP/IEEE Int. Symp. on Integrated Network Management (IM), Ottawa, ON, Canada, 2015, pp. 261–269.
-
-
27)
-
43. Cai, J., Pooch, U.: ‘Allocate fair payoff for cooperation in wireless ad hoc networks using shapley value’. 18th Int. Parallel and Distributed Processing Symp., 2004. Proc., 2004, p. 219.
-
-
28)
-
30. Brakerski, Z., Vaikuntanathan, V.: ‘Efficient fully homomorphic encryption from (standard) LWE’, SIAM J. Comput., 2014, 43, (2), pp. 831–871.
-
-
29)
-
22. Garrido-Pelaz, R., González-Manzano, L., Pastrana, S.: ‘Shall we collaborate?: a model to analyse the benefits of information sharing’. Proc. of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, Vienna, Austria, 2016, pp. 15–24.
-
-
30)
-
11. Vakilinia, I., Sengupta, S.: ‘A coalitional game theory approach for cybersecurity information sharing’. -2017 IEEE Military Communications Conf. (MILCOM), MILCOM 2017, Baltimore, MD, USA, 2017, pp. 237–242.
-
-
31)
-
47. Littlechild, S.C., Owen, G.: ‘A simple expression for the shapley value in a special case’, Manage. Sci., 1973, 20, (3), pp. 370–372.
-
-
32)
-
15. Kampanakis, P.: ‘Security automation and threat information-sharing options’, IEEE Secur. Priv., 2014, 12, (5), pp. 42–51.
-
-
33)
-
13. Laube, S., Böhme, R.: ‘The economics of mandatory security breach reporting to authorities’, J. Cybersecur., 2016, 2, (1), pp. 29–41.
-
-
34)
-
9. Rapoport, A., Chammah, A.M.: ‘Prisoner's dilemma: a study in conflict and cooperation’, vol. 165 (University of Michigan press, USA, 1965).
-
-
35)
-
4. ‘Cyber-security information sharing partnership (cisp)’. Available at https://www.ncsc.gov.uk/cisp.
-
-
36)
-
7. Gal-Or, E., Ghose, A.: ‘The economic incentives for sharing security information’, Inf. Syst. Res., 2005, 16, (2), pp. 186–208.
-
-
37)
-
40. Schmeidler, D.: ‘The nucleolus of a characteristic function game’, SIAM J. Appl. Math., 1969, 17, (6), pp. 1163–1170.
-
-
38)
-
19. Liu, D., Ji, Y., Mookerjee, V.: ‘Knowledge sharing and investment decisions in information security’, Decis. Support Syst., 2011, 52, (1), pp. 95–107.
-
-
39)
-
12. Rutkowski, A., Kadobayashi, Y., Furey, I., et al: ‘CYBEX: the cybersecurity information exchange framework (X. 1500)’, ACM SIGCOMM Comput. Commun. Rev., 2010, 40, (5), pp. 59–64.
-
-
40)
-
5. ‘Cyber security information sharing: an overview of regulatory and nonregulatory approaches’. Available at https://www.enisa.europa.eu/publications/cybersecurityinformation-sharing.
-
-
41)
-
25. Vakilinia, I., Tosh, D.K., Sengupta, S.: ‘3-way game model for privacy-preserving cybersecurity information exchange framework’. 2017 IEEE Military Communications Conf. (MILCOM), MILCOM 2017, Baltimore, MD, USA, 2017, pp. 829–834.
-
-
42)
-
18. Khalili, M.M., Naghizadeh, P., Liu, M.: ‘Designing cyber insurance policies in the presence of security interdependence’. Proc. of the 12th workshop on the Economics of Networks, Systems and Computation, Cambridge, MA, USA, 2017, p. 7.
-
-
43)
-
10. Moore, T., Dynes, S., Chang, F.R.: ‘Identifying how firms manage cybersecurity investment’, Southern Methodist University, 2015, vol. 32. Available at http://blogsmuedu/research/files/2015/10/SMU-IBM.pdf, accessed 14 December 2015.
-
-
44)
-
38. Friedman, A., Sharfman, I., Keren, D., et al: ‘Privacy-preserving distributed stream monitoring’. Network and Distributed System Security Symp. (NDSS), San Diego, CA, USA, 2014.
-
-
45)
-
6. Gordon, L.A., Loeb, M.P., Lucyshyn, W.: ‘Sharing information on computer systems security: an economic analysis’, J. Account. Public Policy, 2003, 22, (6), pp. 461–485.
-
-
46)
-
2. Fischer, E., Liu, E., Rollins, J., et al: ‘The 2013 cybersecurity executive order: overview and considerations for congress’, 2013.
-
-
47)
-
34. McSherry, F., Talwar, K.: ‘Mechanism design via differential privacy’. 48th Annual IEEE Symp. on Foundations of Computer Science, FOCS'07, Providence, RI, USA, 2007, pp. 94–103.
-
-
48)
-
23. Tosh, D.K., Sengupta, S., Mukhopadhyay, S., et al: ‘Game theoretic modeling to enforce security information sharing among firms’. 2015 IEEE 2nd Int. Conf. on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA, 2015, pp. 7–12.
-
-
49)
-
24. Tosh, D., Sengupta, S., Kamhoua, C., et al: ‘An evolutionary game-theoretic framework for cyber-threat information sharing’. 2015 IEEE Int. Conf. on Communications (ICC), London, UK, 2015, pp. 7341–7346.
-
-
1)