Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

How Bad are Selfish Investments in Network Security?

Libin Jiang, Venkat Anantharam and Jean Walrand

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2008-183
December 20, 2008

http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-183.pdf

Internet security does not only depend on the security-related investments of individual users, but also on how these users affect each other. In a non-cooperative environment, each user chooses a level of investment to minimize his own security risk plus the cost of investment. Not surprisingly, this selfish behavior often results in undesirable security degradation of the overall system. In this paper, (1) we first characterize the price of anarchy (POA) of network security under two models: an "Effective-investment" model, and a "Bad-traffic" model. We give insight on how the POA depends on the network topology, individual users' cost functions, and their mutual influence. We also introduce the concept of "weighted POA" to bound the region of all feasible payoffs. (2) In a repeated game, on the other hand, users have more incentive to cooperate for their long term interests. We consider the socially best outcome that can be supported by the repeated game, and give a ratio between this outcome and the social optimum. (3) Next, we compare the benefits of improving security technology or improving incentives, and show that improving technology alone may not offset the efficiency loss due to the lack of incentives. (4) Finally, we characterize the performance of correlated equilibrium (CE) in the security game. Although the paper focuses on Internet security, many results are generally applicable to games with positive externalities.


BibTeX citation:

@techreport{Jiang:EECS-2008-183,
    Author = {Jiang, Libin and Anantharam, Venkat and Walrand, Jean},
    Title = {How Bad are Selfish Investments in Network Security?},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2008},
    Month = {Dec},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-183.html},
    Number = {UCB/EECS-2008-183},
    Abstract = {Internet security does not only depend on the security-related investments of individual users, but also on how these users affect each other. In a non-cooperative environment, each user chooses a level of investment to minimize his own security risk plus the cost of investment. Not surprisingly, this selfish behavior often results in undesirable security degradation of the overall system. In this paper, (1) we first characterize the price of anarchy (POA) of network security under two models: an "Effective-investment" model, and a "Bad-traffic" model. We give insight on how the POA depends on the network topology, individual users' cost functions, and their mutual influence. We also introduce the concept of "weighted POA" to bound the region of all feasible payoffs. (2) In a repeated game, on the other hand, users have more incentive to cooperate for their long term interests. We consider the socially best outcome that can be supported by the repeated game, and give a ratio between this outcome and the social optimum. (3) Next, we compare the benefits of improving security technology or improving incentives, and show that improving technology alone may not offset the efficiency loss due to the lack of incentives. (4) Finally, we characterize the performance of correlated equilibrium (CE) in the security game. Although the paper focuses on Internet security, many results are generally applicable to games with positive externalities.}
}

EndNote citation:

%0 Report
%A Jiang, Libin
%A Anantharam, Venkat
%A Walrand, Jean
%T How Bad are Selfish Investments in Network Security?
%I EECS Department, University of California, Berkeley
%D 2008
%8 December 20
%@ UCB/EECS-2008-183
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-183.html
%F Jiang:EECS-2008-183