An Evolutionary Game-Theoretic Framework for Cyber-threat Information Sharing
Abstract
The initiative to protect against future cyber crimes requires a collaborative effort from all types of agencies spanning industry, academia, federal institutions, and military agencies. Therefore, a Cybersecurity Information Exchange (CYBEX) framework is required to facilitate breach/patch related in- formation sharing among the participants (firms) to combat cyber attacks. In this paper, we formulate a non-cooperative cybersecurity information sharing game that can guide: (i) the firms (players) 1 to independently decide whether to participate in CYBEX and share or not; (ii) the CYBEX framework to utilize the participation cost dynamically as incentive (to attract firms toward self-enforced sharing) and as a charge (to increase revenue). We analyze the game from an evolutionary game- theoretic strategy and determine the conditions under which the players self-enforced evolutionary stability can be achieved. We present a distributed learning heuristic to attain the evolutionary stable strategy (ESS) under various conditions. We also show how CYBEX can wisely vary its pricing for participation to increase sharing as well as its own revenue, eventually evolving toward a win-win situation.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 09, 2014
- Accession Number
- ADA619177
Entities
People
- Andrew Martin
- Charles Kamhoua
- Deepak K. Tosh
- Kevin Kwiat
- Shamik Sengupta
Organizations
- Air Force Research Laboratory