Attack-aware cyber insurance for risk sharing in computer networks

Yezekael Hayel, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risksharing mechanism in computer networks.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings
PublisherSpringer Verlag
Pages22-34
Number of pages13
Volume9406
ISBN (Print)9783319255934
DOIs
StatePublished - 2015
Event6th International Conference on Decision and Game Theory for Security, GameSec 2015 - London, United Kingdom
Duration: Nov 4 2015Nov 5 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9406
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other6th International Conference on Decision and Game Theory for Security, GameSec 2015
CountryUnited Kingdom
CityLondon
Period11/4/1511/5/15

Fingerprint

Risk Sharing
Insurance
Computer Networks
Computer networks
Attack
Game
Information Asymmetry
Moral Hazard
Zero sum game
Nest
Privacy Preserving
Best Practice
Viruses
Virus
Infection
Hazards
Damage
Interaction
Model
Demonstrate

Keywords

  • Bilevel optimization problem
  • Cyber attacks3
  • Cyber insurance
  • Incomplete information game
  • Moral hazards

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Hayel, Y., & Zhu, Q. (2015). Attack-aware cyber insurance for risk sharing in computer networks. In Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings (Vol. 9406, pp. 22-34). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9406). Springer Verlag. https://doi.org/10.1007/978-3-319-25594-1_2

Attack-aware cyber insurance for risk sharing in computer networks. / Hayel, Yezekael; Zhu, Quanyan.

Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings. Vol. 9406 Springer Verlag, 2015. p. 22-34 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9406).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hayel, Y & Zhu, Q 2015, Attack-aware cyber insurance for risk sharing in computer networks. in Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings. vol. 9406, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9406, Springer Verlag, pp. 22-34, 6th International Conference on Decision and Game Theory for Security, GameSec 2015, London, United Kingdom, 11/4/15. https://doi.org/10.1007/978-3-319-25594-1_2
Hayel Y, Zhu Q. Attack-aware cyber insurance for risk sharing in computer networks. In Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings. Vol. 9406. Springer Verlag. 2015. p. 22-34. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-25594-1_2
Hayel, Yezekael ; Zhu, Quanyan. / Attack-aware cyber insurance for risk sharing in computer networks. Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings. Vol. 9406 Springer Verlag, 2015. pp. 22-34 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{895c78373971407a834bb938da220ffb,
title = "Attack-aware cyber insurance for risk sharing in computer networks",
abstract = "Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risksharing mechanism in computer networks.",
keywords = "Bilevel optimization problem, Cyber attacks3, Cyber insurance, Incomplete information game, Moral hazards",
author = "Yezekael Hayel and Quanyan Zhu",
year = "2015",
doi = "10.1007/978-3-319-25594-1_2",
language = "English (US)",
isbn = "9783319255934",
volume = "9406",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "22--34",
booktitle = "Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings",

}

TY - GEN

T1 - Attack-aware cyber insurance for risk sharing in computer networks

AU - Hayel, Yezekael

AU - Zhu, Quanyan

PY - 2015

Y1 - 2015

N2 - Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risksharing mechanism in computer networks.

AB - Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risksharing mechanism in computer networks.

KW - Bilevel optimization problem

KW - Cyber attacks3

KW - Cyber insurance

KW - Incomplete information game

KW - Moral hazards

UR - http://www.scopus.com/inward/record.url?scp=84958532333&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84958532333&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-25594-1_2

DO - 10.1007/978-3-319-25594-1_2

M3 - Conference contribution

SN - 9783319255934

VL - 9406

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 22

EP - 34

BT - Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings

PB - Springer Verlag

ER -