Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity

Author

Xinrun WANG, Singapore Management UniversityFollow
Bo AN
Hau CHAN

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

8-2019

Abstract

Due to the recent cyber attacks, cybersecurity is becoming more critical in modern society. A single attack (e.g., WannaCry ransomware attack) can cause as much as $4 billion in damage. However, the cybersecurity investment by companies is far from satisfactory. Therefore, governments (e.g., in the UK) launch grants and subsidies to help companies to boost their cybersecurity to create a safer national cyber environment. The allocation problem is hard due to limited subsidies and the interdependence between self-interested companies and the presence of a strategic cyber attacker. To tackle the government's allocation problem, we introduce a Stackelberg game-theoretic model where the government first commits to an allocation and the companies/users and attacker simultaneously determine their protection and attack (pure or mixed) strategies, respectively. For the pure-strategy case, while there may not be a feasible allocation in general, we prove that computing an optimal allocation is NP-hard and propose a linear reverse convex program when the attacker can attack all users. For the mixed-strategy case, we show that there is a polynomial time algorithm to find an optimal allocation when the attacker has a single-attack capability. We then provide a heuristic algorithm, based on best-response-gradient dynamics, to find an effective allocation in the general setting. Experimentally, we show that our heuristic is effective and outperforms other baselines on synthetic and real data.

Discipline

Artificial Intelligence and Robotics | Information Security | Theory and Algorithms

Research Areas

Intelligent Systems and Optimization

Areas of Excellence

Digital transformation

Publication

Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI) 2019: Macao, August 10-16

First Page

6020

Last Page

6027

ISBN

9780999241141

Identifier

10.24963/ijcai.2019/834

Publisher

IJCAI

City or Country

Macao

Citation

WANG, Xinrun; AN, Bo; and CHAN, Hau. Who should pay the cost: A game-theoretic model for government subsidized investments to improve national cybersecurity. (2019). Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI) 2019: Macao, August 10-16. 6020-6027.
Available at: https://ink.library.smu.edu.sg/sis_research/9151

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.24963/ijcai.2019/834