Market Based Models for CYBersecurity information EXchange (CYBEX)
AuthorTosh, Deepak Kumar
StatisticsView Usage Statistics
Rising rate of cyber criminal activities has caught the attention of everyone spanning industry, academia, federal institutions, and military agencies. The initiative to protect critical resources against future cyber attacks requires security investments complemented with a collaborative effort from every organization. Therefore, a robust CYBersecurity information EXchange (CYBEX) framework is required to facilitate cyber-threat intelligence (CTI) sharing among the participants (firms) to abate the impact of cyber attacks.Since many firms hesitate to participate in the sharing framework, we devise a CYBEX self-coexistence game that is aimed to guide the firms (players) to choose if they are interested to participate or not. The evolutionary analysis of the game results in a novel mechanism to enforce the firms toward participation by wisely varying the participation cost. Based on the derived conditional constraints from evolutionary analysis, we propose a dynamic cost adaptation algorithm for CYBEX where, participation cost is altered dynamically depending on the number of participants in the sharing system. We also formalize a distributed learning heuristic for the firms that helps them to attain evolutionary stable strategy (ESS) by learning from their previous action history. After participating in CYBEX, rational players may opt differentiated sharing in the framework to gain economic advantage. To understand how the firms can be triggered to share more we formulate a game of information sharing where the firms potentially figure out how much of their CTI they want to share with the community of firms. Using evolutionary analysis, we derive the constraints under which different equilibrium strategies can be achieved and then derive the lower as well as upper bounds of incentives from CYBEX. The external incentives can be manipulated in an appropriate manner to motivate firms towards sharing all of their information truthfully with others.Though working in a collaborative manner and exchanging security information with each other, corporations can proactively defend cybersecurity issues, without any incentives and possibility of information exploitation hinder the firms to share their breach/vulnerability information with the external agencies. Hence it is crucial to understand how the firms can be encouraged, so that they become self-enforced towards sharing their threat intelligence, which will not only increase their own payoff but also their peers' too, creating a win-win situation. In this research, we study the incentives and costs behind such crucial information sharing and security investments made by the firms. Specifically, a non-cooperative game between N-firms is formulated to analyze the participating firms' decisions about the information sharing and security investments. We analyze the probability of successful cyber attack using the famous dose-response immunity model. We design an incentive model for CYBEX, which can incentivize/punish the firms based on their sharing/free-riding nature in the framework. Using negative definite Hessian condition, we find the conditions under which the social optimal values of the coupled constraint tuple (security investment and sharing quantity) can be found, which will maximize the firms' net payoff. We also address the problem of cyber interdependency that is aggravated in a public cloud computing platform. Since the collaborative effort of organizations in developing a countermeasure for a cyber-breach reduces each firm's cost of investment in cyber defense, cyber-threat information sharing among different organizations has the potential to maximize vulnerabilities discovery at a minimum cost. Using non-cooperative game theoretic analysis, we investigate to find optimal strategy of investment in vulnerability discovery and sharing their cyber-threat information, when multiple self-interested firms are operating on cloud domain.