Optimal security investments in a prevention and detection game

Carlos Barreto; Alvaro A. Cardenas; Alain Bensoussan

doi:10.1145/3055305.3055314

Optimal security investments in a prevention and detection game

Carlos Barreto, Alvaro A. Cardenas, Alain Bensoussan

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

4 Citations (Scopus)

Abstract

Most security defenses can be breached by motivated adversaries, therefore in addition to attack-prevention technologies, firms investing in cyber-security for their information technology infrastructure need to consider attack-detection and restoration tools to detect intruders, and restore their system to a safe condition. Attackers face similar investment alternatives; they need to invest resources to finding vulnerabilities in a protected system, and once the protection has been broken, they need to invest in the infrastructure necessary to exploit these attacks and maintain stealthy persistence in the compromised infrastructure. We model this dual considerations as a dynamic programming problem between attackers and defenders and then study the Nash equilibrium of this game. Our goal is to find models and alternatives that can help us understand optimal security investments in prevention and detection against advanced rational adversaries.

Original language	English
Title of host publication	HoTSoS 2017 - Proceedings of the Hot Topics in Science of Security
Subtitle of host publication	Symposium and Bootcamp
Publisher	Association for Computing Machinery
Pages	24-34
ISBN (Print)	978-1-4503-5274-1
DOIs	https://doi.org/10.1145/3055305.3055314
Publication status	Published - Apr 2017
Externally published	Yes
Event	4th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2017 - Hanover, United States Duration: 4 Apr 2017 → 5 Apr 2017 http://hot-sos.com

Conference

Conference	4th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2017
Place	United States
City	Hanover
Period	4/04/17 → 5/04/17
Internet address	http://hot-sos.com

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure

Research Keywords

Dynamic programming
Game theory
Security investments

Access Output

10.1145/3055305.3055314

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@inproceedings{a65209eafdb34e3eabf1fed5617c4faa,

title = "Optimal security investments in a prevention and detection game",

abstract = "Most security defenses can be breached by motivated adversaries, therefore in addition to attack-prevention technologies, firms investing in cyber-security for their information technology infrastructure need to consider attack-detection and restoration tools to detect intruders, and restore their system to a safe condition. Attackers face similar investment alternatives; they need to invest resources to finding vulnerabilities in a protected system, and once the protection has been broken, they need to invest in the infrastructure necessary to exploit these attacks and maintain stealthy persistence in the compromised infrastructure. We model this dual considerations as a dynamic programming problem between attackers and defenders and then study the Nash equilibrium of this game. Our goal is to find models and alternatives that can help us understand optimal security investments in prevention and detection against advanced rational adversaries.",

keywords = "Dynamic programming, Game theory, Security investments",

author = "Carlos Barreto and Cardenas, {Alvaro A.} and Alain Bensoussan",

year = "2017",

month = apr,

doi = "10.1145/3055305.3055314",

language = "English",

isbn = "978-1-4503-5274-1 ",

pages = "24--34",

booktitle = "HoTSoS 2017 - Proceedings of the Hot Topics in Science of Security",

publisher = "Association for Computing Machinery",

address = "United States",

note = "4th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2017 ; Conference date: 04-04-2017 Through 05-04-2017",

url = "http://hot-sos.com",

}

Barreto, C, Cardenas, AA & Bensoussan, A 2017, Optimal security investments in a prevention and detection game. in HoTSoS 2017 - Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp. Association for Computing Machinery, pp. 24-34, 4th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2017, Hanover, United States, 4/04/17. https://doi.org/10.1145/3055305.3055314

Optimal security investments in a prevention and detection game. / Barreto, Carlos; Cardenas, Alvaro A.; Bensoussan, Alain.
HoTSoS 2017 - Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp. Association for Computing Machinery, 2017. p. 24-34.

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - Optimal security investments in a prevention and detection game

AU - Barreto, Carlos

AU - Cardenas, Alvaro A.

AU - Bensoussan, Alain

PY - 2017/4

Y1 - 2017/4

N2 - Most security defenses can be breached by motivated adversaries, therefore in addition to attack-prevention technologies, firms investing in cyber-security for their information technology infrastructure need to consider attack-detection and restoration tools to detect intruders, and restore their system to a safe condition. Attackers face similar investment alternatives; they need to invest resources to finding vulnerabilities in a protected system, and once the protection has been broken, they need to invest in the infrastructure necessary to exploit these attacks and maintain stealthy persistence in the compromised infrastructure. We model this dual considerations as a dynamic programming problem between attackers and defenders and then study the Nash equilibrium of this game. Our goal is to find models and alternatives that can help us understand optimal security investments in prevention and detection against advanced rational adversaries.

AB - Most security defenses can be breached by motivated adversaries, therefore in addition to attack-prevention technologies, firms investing in cyber-security for their information technology infrastructure need to consider attack-detection and restoration tools to detect intruders, and restore their system to a safe condition. Attackers face similar investment alternatives; they need to invest resources to finding vulnerabilities in a protected system, and once the protection has been broken, they need to invest in the infrastructure necessary to exploit these attacks and maintain stealthy persistence in the compromised infrastructure. We model this dual considerations as a dynamic programming problem between attackers and defenders and then study the Nash equilibrium of this game. Our goal is to find models and alternatives that can help us understand optimal security investments in prevention and detection against advanced rational adversaries.

KW - Dynamic programming

KW - Game theory

KW - Security investments

UR - http://www.scopus.com/inward/record.url?scp=85021877945&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85021877945&origin=recordpage

U2 - 10.1145/3055305.3055314

DO - 10.1145/3055305.3055314

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 978-1-4503-5274-1

SP - 24

EP - 34

BT - HoTSoS 2017 - Proceedings of the Hot Topics in Science of Security

PB - Association for Computing Machinery

T2 - 4th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2017

Y2 - 4 April 2017 through 5 April 2017

ER -

Optimal security investments in a prevention and detection game

Abstract

Conference

UN SDGs

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this