Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information

Abstract

A common assumption in security research is that more individual expertise unambiguously leads to a more secure overall network. We present a game-theoretic model in which this common assumption is challenged. Our findings indicate that expert users can be not only invaluable contributors, but also free-riders, defectors, and narcissistic opportunists. A direct application is that user education needs to highlight the cooperative nature of security, and foster the community sense, in particular, of higher skilled computer users. As a technical contribution, this paper represents, to our knowledge, the first formal study to quantitatively assess the impact of different degrees of information security expertise on the overall security of a network.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 23, 2010
Accession Number
ADA570744

Entities

People

  • Benjamin N. Johnson
  • Jens Grossklags
  • John Chuang
  • Nicolas Christin

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Engineered Resilient Systems
  • Human Systems

DTIC Thesaurus Topics

  • Communities
  • Computer Network Security
  • Computers
  • Cooperative Games
  • Cybersecurity
  • Economics
  • Education
  • Game Theory
  • Information Security
  • Motivation
  • National Security
  • Numerical Analysis
  • Probability
  • Probability Distributions
  • Public Policy
  • Security
  • United States

Fields of Study

  • Computer science

Readers

  • Artificial Intelligence
  • Military Leadership and Professional Education.
  • Systems Analysis and Design

Technology Areas

  • AI & ML
  • Cyber