A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks

Rui Zhang, Quanyan Zhu, Yezekael Hayel

Research output: Research - peer-reviewArticle

Abstract

Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions, such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among the three types of players.

LanguageEnglish (US)
Article number7859343
Pages779-794
Number of pages16
JournalIEEE Journal on Selected Areas in Communications
Volume35
Issue number3
DOIs
StatePublished - Mar 1 2017

Fingerprint

Insurance
Computer networks
Intrusion detection
Hazards
Profitability
Experiments

Keywords

  • Cyber insurance
  • information asymmetry
  • mechanism design
  • moral hazard
  • network effects
  • network security
  • security games

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks. / Zhang, Rui; Zhu, Quanyan; Hayel, Yezekael.

In: IEEE Journal on Selected Areas in Communications, Vol. 35, No. 3, 7859343, 01.03.2017, p. 779-794.

Research output: Research - peer-reviewArticle

@article{754e9c7de9614bf3a4cf54f5f1eaa7a7,
title = "A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks",
abstract = "Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions, such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among the three types of players.",
keywords = "Cyber insurance, information asymmetry, mechanism design, moral hazard, network effects, network security, security games",
author = "Rui Zhang and Quanyan Zhu and Yezekael Hayel",
year = "2017",
month = "3",
doi = "10.1109/JSAC.2017.2672378",
volume = "35",
pages = "779--794",
journal = "IEEE Journal on Selected Areas in Communications",
issn = "0733-8716",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

TY - JOUR

T1 - A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks

AU - Zhang,Rui

AU - Zhu,Quanyan

AU - Hayel,Yezekael

PY - 2017/3/1

Y1 - 2017/3/1

N2 - Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions, such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among the three types of players.

AB - Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions, such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among the three types of players.

KW - Cyber insurance

KW - information asymmetry

KW - mechanism design

KW - moral hazard

KW - network effects

KW - network security

KW - security games

UR - http://www.scopus.com/inward/record.url?scp=85018872924&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85018872924&partnerID=8YFLogxK

U2 - 10.1109/JSAC.2017.2672378

DO - 10.1109/JSAC.2017.2672378

M3 - Article

VL - 35

SP - 779

EP - 794

JO - IEEE Journal on Selected Areas in Communications

T2 - IEEE Journal on Selected Areas in Communications

JF - IEEE Journal on Selected Areas in Communications

SN - 0733-8716

IS - 3

M1 - 7859343

ER -