research-article

Fair and private rewarding in a coalitional game of cybersecurity information sharing

Authors:

Iman Vakilinia,

Shamik SenguptaAuthors Info & Claims

IET Information Security, Volume 13, Issue 6

Pages 530 - 540

https://doi.org/10.1049/iet-ifs.2018.5079

Published: 01 November 2019 Publication History

Abstract

Cybersecurity information sharing is a key factor of cyber threat intelligence, allowing organisations to detect and prevent malicious behaviours proactively. However, stimulating organisations to participate and deterring free‐riding in such sharing is a big challenge. To this end, the sharing system should be equipped with a rewarding and participation‐fees allocation mechanisms to encourage sharing behaviour. The problem of cybersecurity information sharing as a non‐cooperative game has been studied extensively. In contrast, in this study, the authors model such a problem as a coalitional game. They investigate a rewarding and participation‐fees calculation based on profit sharing in coalitional game theory. In particular, they formulate a coalitional game between organisations and analyse the well‐known Shapley value and Nucleolus solution concepts in the cybersecurity information sharing system. Moreover, as the participation‐fees may leak sensitive information about the organisations’ cyber‐infrastructure, they study the application of differential privacy in the coalitional game theory to protect the organisation's fees while approximating the fairness.

9 References

[1]

Brown, S., Gommers, J., Serrano, O.: ‘From cyber security information sharing to threat management’. Proc. of the 2nd ACM Workshop on Information Sharing and Collaborative Security, Denver, Colorado, USA, 2015, pp. 43–49

[2]

Fischer, E., Liu, E., Rollins, J. et al: ‘The 2013 cybersecurity executive order: overview and considerations for congress’, 2013

[3]

‘S.754 – to improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes’,. Available at https://www.congress.gov/bill/114th‐congress/senate‐bill/754/

[4]

‘Cyber‐security information sharing partnership (cisp)’,. Available at https://www.ncsc.gov.uk/cisp

[5]

‘Cyber security information sharing: an overview of regulatory and nonregulatory approaches’,. Available at https://www.enisa.europa.eu/publications/cybersecurityinformation‐sharing

[6]

Gordon, L.A., Loeb, M.P., Lucyshyn, W.: ‘Sharing information on computer systems security: an economic analysis’, J. Account. Public Policy, 2003, 22, (6), pp. 461–485

[7]

Gal‐Or, E., Ghose, A.: ‘The economic incentives for sharing security information’, Inf. Syst. Res., 2005, 16, (2), pp. 186–208

[8]

Khouzani, M., Pham, V., Cid, C.: ‘Strategic discovery and sharing of vulnerabilities in competitive environments’. Int. Conf. on Decision and Game Theory for Security, Los Angeles, CA, USA, 2014, pp. 59–78

[9]

Rapoport, A., Chammah, A.M.: ‘Prisoner's dilemma: a study in conflict and cooperation’, vol. 165 (University of Michigan press, USA, 1965)

[10]

Moore, T., Dynes, S., Chang, F.R.: ‘Identifying how firms manage cybersecurity investment’, Southern Methodist University, 2015, vol. 32. Available at http://blogsmuedu/research/files/2015/10/SMU‐IBM.pdf, accessed 14 December 2015

[11]

Vakilinia, I., Sengupta, S.: ‘A coalitional game theory approach for cybersecurity information sharing’. ‐2017 IEEE Military Communications Conf. (MILCOM), MILCOM 2017, Baltimore, MD, USA, 2017, pp. 237–242

[12]

Rutkowski, A., Kadobayashi, Y., Furey, I. et al: ‘CYBEX: the cybersecurity information exchange framework (X. 1500)’, ACM SIGCOMM Comput. Commun. Rev., 2010, 40, (5), pp. 59–64

[13]

Laube, S., Böhme, R.: ‘The economics of mandatory security breach reporting to authorities’, J. Cybersecur., 2016, 2, (1), pp. 29–41

[14]

Steinberger, J., Sperotto, A., Golling, M. et al: ‘How to exchange security events? Overview and evaluation of formats and protocols’. 2015 IFIP/IEEE Int. Symp. on Integrated Network Management (IM), Ottawa, ON, Canada, 2015, pp. 261–269

[15]

Kampanakis, P.: ‘Security automation and threat information‐sharing options’, IEEE Secur. Priv., 2014, 12, (5), pp. 42–51

[16]

Khalili, M.M., Naghizadeh, P., Liu, M.: ‘Embracing risk dependency in designing cyber‐insurance contracts’. 2017 55th Annual Allerton Conf. on Communication, Control, and Computing (Allerton), Monticello, IL, USA, 2017, pp. 926–933

[17]

Vakilinia, I., Sengupta, S.: ‘A coalitional cyber‐insurance framework for a common platform’, IEEE Trans. Inf. Forensics Sec., 2018, 14, (6), pp. 1526–1538

[18]

Khalili, M.M., Naghizadeh, P., Liu, M.: ‘Designing cyber insurance policies in the presence of security interdependence’. Proc. of the 12th workshop on the Economics of Networks, Systems and Computation, Cambridge, MA, USA, 2017, p. 7

[19]

Liu, D., Ji, Y., Mookerjee, V.: ‘Knowledge sharing and investment decisions in information security’, Decis. Support Syst., 2011, 52, (1), pp. 95–107

[20]

Vakilinia, I., Cheung, S., Sengupta, S.: ‘Sharing susceptible passwords as cyber threat intelligence feed’. 2018 IEEE Military Communications Conf. (MILCOM), MILCOM 2018, Los Angeles, CA, USA, 2018, pp. 1–6

[21]

Bhatia, J., Breaux, T.D., Friedberg, L. et al: ‘Privacy risk in cybersecurity data sharing’. Proc. of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, Vienna, Austria, 2016, pp. 57–64

[22]

Garrido‐Pelaz, R., González‐Manzano, L., Pastrana, S.: ‘Shall we collaborate?: a model to analyse the benefits of information sharing’. Proc. of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, Vienna, Austria, 2016, pp. 15–24

[23]

Tosh, D.K., Sengupta, S., Mukhopadhyay, S. et al: ‘Game theoretic modeling to enforce security information sharing among firms’. 2015 IEEE 2nd Int. Conf. on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA, 2015, pp. 7–12

[24]

Tosh, D., Sengupta, S., Kamhoua, C. et al: ‘An evolutionary game‐theoretic framework for cyber‐threat information sharing’. 2015 IEEE Int. Conf. on Communications (ICC), London, UK, 2015, pp. 7341–7346

[25]

Vakilinia, I., Tosh, D.K., Sengupta, S.: ‘3‐way game model for privacy‐preserving cybersecurity information exchange framework’. 2017 IEEE Military Communications Conf. (MILCOM), MILCOM 2017, Baltimore, MD, USA, 2017, pp. 829–834

[26]

Vakilinia, I., Tosh, D.K., Sengupta, S.: ‘Privacy‐preserving cybersecurity information exchange mechanism’. 2017 Int. Symp. on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, WA, USA, 2017, pp. 1–7

[27]

Halpern, J., Teague, V.: ‘Rational secret sharing and multiparty computation’. Proc. of the Thirty‐Sixth Annual ACM Symp. on Theory of Computing, Chicago, IL, USA, 2004, pp. 623–632

[28]

Goldman, C.V., Zilberstein, S.: ‘Optimizing information exchange in cooperative multi‐agent systems’. Proc. of the Second Int. Joint Conf. on Autonomous Agents and Multiagent Systems, Melbourne, Australia, 2003, pp. 137–144

[29]

Lindell, Y., Pinkas, B.: ‘Secure multiparty computation for privacy‐preserving data mining’, J. Priv. Confidentiality, 2009, 1, (1), p. 5

[30]

Brakerski, Z., Vaikuntanathan, V.: ‘Efficient fully homomorphic encryption from (standard) LWE’, SIAM J. Comput., 2014, 43, (2), pp. 831–871

[31]

Kargupta, H., Datta, S., Wang, Q. et al: ‘On the privacy preserving properties of random data perturbation techniques’. Third IEEE Int. Conf. on Data Mining, ICDM 2003, Melbourne, FL, USA, 2003, pp. 99–106

[32]

Dwork, C.: ‘Differential privacy: a survey of results’. Int. Conf. on Theory and Applications of Models of Computation, Xi'an, China, 2008, pp. 1–19

[33]

McSherry, F., Mironov, I.: ‘Differentially private recommender systems: building privacy into the Netflix prize contenders’. Proc. of the 15th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, Paris, France, 2009, pp. 627–636

[34]

McSherry, F., Talwar, K.: ‘Mechanism design via differential privacy’. 48th Annual IEEE Symp. on Foundations of Computer Science, FOCS'07, Providence, RI, USA, 2007, pp. 94–103

[35]

Jin, H., Su, L., Ding, B. et al: ‘Enabling privacy‐preserving incentives for mobile crowd sensing systems’. 2016 IEEE 36th Int. Conf. on Distributed Computing Systems (ICDCS), Nara, Japan, 2016, pp. 344–353

[36]

Ács, G., Castelluccia, C.: ‘I have a DREAM! (DiffeRentially privatE smArt metering)’. Information Hiding, 2011, vol. 6958, pp. 118–132

[37]

Backes, M., Meiser, S.: ‘Differentially private smart metering with battery recharging’. Data Privacy Management and Autonomous Spontaneous Security, Egham, UK, 2014, pp. 194–212

[38]

Friedman, A., Sharfman, I., Keren, D. et al: ‘Privacy‐preserving distributed stream monitoring’. Network and Distributed System Security Symp. (NDSS), San Diego, CA, USA, 2014

[39]

Shapley, L.S.: ‘A value for n‐person games’, Contrib. Theory Games, 1953, 2, (28), pp. 307–317

[40]

Schmeidler, D.: ‘The nucleolus of a characteristic function game’, SIAM J. Appl. Math., 1969, 17, (6), pp. 1163–1170

[41]

Saad, W., Han, Z., Debbah, M. et al: ‘Coalitional game theory for communication networks’, IEEE Signal Process. Mag., 2009, 26, (5), pp. 77–97

[42]

Singh, C., Sarkar, S., Aram, A. et al: ‘Cooperative profit sharing in coalition‐based resource allocation in wireless networks’, IEEE/ACM Trans. Netw., 2012, 20, (1), pp. 69–83

[43]

Cai, J., Pooch, U.: ‘Allocate fair payoff for cooperation in wireless ad hoc networks using shapley value’. 18th Int. Parallel and Distributed Processing Symp., 2004. Proc., 2004, p. 219

[44]

Muto, S., Nakayama, M., Potters, J. et al: ‘On big boss games’, Econ. Stud. Q., 1988, 39, (4), pp. 303–321

[45]

Shapley, L.S.: ‘Cores of convex games’, Int. J. Game Theory, 1971, 1, (1), pp. 11–26

[46]

Dwork, C., Roth, A.: ‘The algorithmic foundations of differential privacy’, Found. Trends® Theor. Comput. Sci., 2014, 9, (3–4), pp. 211–407

[47]

Littlechild, S.C., Owen, G.: ‘A simple expression for the shapley value in a special case’, Manage. Sci., 1973, 20, (3), pp. 370–372

[48]

‘Mattugames: a game theoretical Matlab toolbox to compute solution schemes and properties from TU‐games’,. Available at https://www.mathworks.com/matlabcentral/fileexchange/35933‐mattugames

[49]

Kullback, S., Leibler, R.A.: ‘On information and sufficiency’, Ann. Math. Stat., 1951, 22, (1), pp. 79–86

Cited By

Söderberg EChurch LHöst M(2021)Open Data-driven Usability Improvements of Static Code Analysis and its ChallengesProceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering10.1145/3463274.3463808(272-277)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3463274.3463808
Zhang LZhu TXiong PZhou WYu P(2021)More than PrivacyACM Computing Surveys10.1145/346077154:7(1-37)Online publication date: 18-Jul-2021
https://dl.acm.org/doi/10.1145/3460771

Recommendations

A coalitional game theory approach for cybersecurity information sharing
MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)
As the complexity and number of cybersecurity incidents are growing, the traditional security measures are not sufficient to defend against attackers. In this situation, cyber threat intelligence capability substantially improves the detection and ...
Cooperative profit sharing in coalition-based resource allocation in wireless networks

We consider a network in which several service providers offer wireless access to their respective subscribed customers through potentially multihop routes. If providers cooperate by jointly deploying and pooling their resources, such as spectrum and ...
A linear approximation method for the Shapley value

The Shapley value is a key solution concept for coalitional games in general and voting games in particular. Its main advantage is that it provides a unique and fair solution, but its main drawback is the complexity of computing it (e.g., for voting ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IET Information Security

IET Information Security Volume 13, Issue 6

November 2019

192 pages

EISSN:1751-8717

DOI:10.1049/ise2.v13.6

Issue’s Table of Contents

© 2020 The Institution of Engineering and Technology.

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 November 2019

Author Tags

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Söderberg EChurch LHöst M(2021)Open Data-driven Usability Improvements of Static Code Analysis and its ChallengesProceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering10.1145/3463274.3463808(272-277)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3463274.3463808
Zhang LZhu TXiong PZhou WYu P(2021)More than PrivacyACM Computing Surveys10.1145/346077154:7(1-37)Online publication date: 18-Jul-2021
https://dl.acm.org/doi/10.1145/3460771

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents