An evolutionary game-theoretic framework for cyber-threat information sharing
- 1 June 2015
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 7341-7346
- https://doi.org/10.1109/icc.2015.7249499
Abstract
The initiative to protect against future cyber crimes requires a collaborative effort from all types of agencies spanning industry, academia, federal institutions, and military agencies. Therefore, a Cybersecurity Information Exchange (CYBEX) framework is required to facilitate breach/patch related information sharing among the participants (firms) to combat cyber attacks. In this paper, we formulate a non-cooperative cybersecurity information sharing game that can guide: (i) the firms (players) 1 to independently decide whether to “participate in CYBEX and share” or not; (ii) the CYBEX framework to utilize the participation cost dynamically as incentive (to attract firms toward self-enforced sharing) and as a charge (to increase revenue). We analyze the game from an evolutionary game-theoretic strategy and determine the conditions under which the players' self-enforced evolutionary stability can be achieved. We present a distributed learning heuristic to attain the evolutionary stable strategy (ESS) under various conditions. We also show how CYBEX can wisely vary its pricing for participation to increase sharing as well as its own revenue, eventually evolving toward a win-win situation.Keywords
This publication has 3 references indexed in Scilit:
- CYBEXACM SIGCOMM Computer Communication Review, 2010
- Sharing information on computer systems security: An economic analysisJournal of Accounting and Public Policy, 2003
- Evolution and the Theory of GamesPublished by Cambridge University Press (CUP) ,1982