TY - GEN
T1 - Attack-aware cyber insurance for risk sharing in computer networks
AU - Hayel, Yezekael
AU - Zhu, Quanyan
N1 - Funding Information:
Q. Zhu—The work was partially supported by the NSF (grant EFMA 1441140) and a grant from NYU Research Challenge Fund.
Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risksharing mechanism in computer networks.
AB - Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risksharing mechanism in computer networks.
KW - Bilevel optimization problem
KW - Cyber attacks3
KW - Cyber insurance
KW - Incomplete information game
KW - Moral hazards
UR - http://www.scopus.com/inward/record.url?scp=84958532333&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84958532333&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-25594-1_2
DO - 10.1007/978-3-319-25594-1_2
M3 - Conference contribution
AN - SCOPUS:84958532333
SN - 9783319255934
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 22
EP - 34
BT - Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings
A2 - Khouzani, M.H.R.
A2 - Panaousis, Emmanouil
A2 - Theodorakopoulos, George
PB - Springer Verlag
T2 - 6th International Conference on Decision and Game Theory for Security, GameSec 2015
Y2 - 4 November 2015 through 5 November 2015
ER -