An Evolutionary Game-Theoretic Framework for Cyber-threat Information Sharing

Tosh, Deepak; Sengupta, Shamik; Kamhoua, Charles; Kwiat, Kevin; Martin, Andrew

doi:10.1109/ICC.2015.7249499

View/Open

Martin351296-Accepted.pdf (289.6Kb)

File version

Accepted Manuscript (AM)

Author(s)

Tosh, Deepak

Sengupta, Shamik

Kamhoua, Charles

Kwiat, Kevin

Martin, Andrew

Griffith University Author(s)

Martin, Andrew

Year published

2015

Metadata

Show full item record

Abstract

The initiative to protect against future cyber crimes requires a collaborative effort from all types of agencies spanning industry, academia, federal institutions, and military agencies. Therefore, a Cybersecurity Information Exchange (CYBEX) framework is required to facilitate breach/patch related information sharing among the participants (firms) to combat cyber attacks. In this paper, we formulate a non-cooperative cybersecurity information sharing game that can guide: (i) the firms (players)1 to independently decide whether to 'participate in CYBEX and share' or not; (ii) the CYBEX framework to utilize the participation ...
View more >The initiative to protect against future cyber crimes requires a collaborative effort from all types of agencies spanning industry, academia, federal institutions, and military agencies. Therefore, a Cybersecurity Information Exchange (CYBEX) framework is required to facilitate breach/patch related information sharing among the participants (firms) to combat cyber attacks. In this paper, we formulate a non-cooperative cybersecurity information sharing game that can guide: (i) the firms (players)1 to independently decide whether to 'participate in CYBEX and share' or not; (ii) the CYBEX framework to utilize the participation cost dynamically as incentive (to attract firms toward self-enforced sharing) and as a charge (to increase revenue). We analyze the game from an evolutionary game-theoretic strategy and determine the conditions under which the players' self-enforced evolutionary stability can be achieved. We present a distributed learning heuristic to attain the evolutionary stable strategy (ESS) under various conditions. We also show how CYBEX can wisely vary its pricing for participation to increase sharing as well as its own revenue, eventually evolving toward a win-win situation.
View less >

Conference Title

2015 IEEE International Conference on Communications (ICC)

Volume

2015-September

DOI

https://doi.org/10.1109/ICC.2015.7249499

Copyright Statement

© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Subject

Cybersecurity and privacy not elsewhere classified

Science & Technology

Telecommunications

Cybersecurity

CYBEX

Publication URI

http://hdl.handle.net/10072/392560

Collection

Conference outputs