Network Security and Contagion
We develop a theoretical model of security investments in a network of interconnected agents. Network connections introduce the possibility of cascading failures due to an exogenous or endogenous attack depending on the profile of security investments by the agents. The general presumption in the li...
| Main Authors: | , , |
|---|---|
| Format: | Working Paper |
| Language: | en_US |
| Published: |
Cambridge, MA: Department of Economics, Massachusetts Institute of Technology
2013
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/79387 |
| _version_ | 1826200928993148928 |
|---|---|
| author | Acemoglu, Daron Malekian, Azarakhsh Ozdaglar, Asu |
| author_facet | Acemoglu, Daron Malekian, Azarakhsh Ozdaglar, Asu |
| author_sort | Acemoglu, Daron |
| collection | MIT |
| description | We develop a theoretical model of security investments in a network of interconnected agents. Network connections introduce the possibility of cascading failures due to an exogenous or endogenous attack depending on the profile of security investments by the agents. The general presumption in the literature, based on intuitive arguments or analysis of symmetric networks, is that because security investments create positive externalities on other agents, there will be underinvestment in security. We show that this reasoning is incomplete because of a first-order economic force: security investments are also strategic substitutes. In a general (non-symmetric) network, this implies that underinvestment by some agents will encourage overinvestment by others. We demonstrate by means of examples there can be overinvestment by some agents and also that aggregate probabilities of infection can be lower in equilibrium compared to the social optimum. We then provide sufficient conditions for underinvestment. This requires both sufficiently convex cost functions (convexity alone is not enough) and networks that are either symmetric or locally tree-like. We also characterize the impact of network structure on equilibrium and optimal investments. Finally, we show that when the attack location is endogenized (by assuming that the attacker chooses a probability distribution over the location of the attack in order to maximize damage), there is an additional incentive for overinvestment: greater investment by an agent shifts the attack to other parts of the network. |
| first_indexed | 2024-09-23T11:43:37Z |
| format | Working Paper |
| id | mit-1721.1/79387 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T11:43:37Z |
| publishDate | 2013 |
| publisher | Cambridge, MA: Department of Economics, Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/793872019-04-11T07:29:18Z Network Security and Contagion Acemoglu, Daron Malekian, Azarakhsh Ozdaglar, Asu cascades, contagion, network security, security investments, strategic substitutes, underinvestment. We develop a theoretical model of security investments in a network of interconnected agents. Network connections introduce the possibility of cascading failures due to an exogenous or endogenous attack depending on the profile of security investments by the agents. The general presumption in the literature, based on intuitive arguments or analysis of symmetric networks, is that because security investments create positive externalities on other agents, there will be underinvestment in security. We show that this reasoning is incomplete because of a first-order economic force: security investments are also strategic substitutes. In a general (non-symmetric) network, this implies that underinvestment by some agents will encourage overinvestment by others. We demonstrate by means of examples there can be overinvestment by some agents and also that aggregate probabilities of infection can be lower in equilibrium compared to the social optimum. We then provide sufficient conditions for underinvestment. This requires both sufficiently convex cost functions (convexity alone is not enough) and networks that are either symmetric or locally tree-like. We also characterize the impact of network structure on equilibrium and optimal investments. Finally, we show that when the attack location is endogenized (by assuming that the attacker chooses a probability distribution over the location of the attack in order to maximize damage), there is an additional incentive for overinvestment: greater investment by an agent shifts the attack to other parts of the network. We thank various numerous seminar and conference participants for useful suggestions. We gratefully acknowledge financial support from the Toulouse Network with Information Technology and Army Research Office. 2013-06-28T18:57:33Z 2013-06-28T18:57:33Z 2013-06-28 Working Paper http://hdl.handle.net/1721.1/79387 en_US Working paper, Massachusetts Institute of Technology, Dept. of Economics;13-14 application/pdf Cambridge, MA: Department of Economics, Massachusetts Institute of Technology |
| spellingShingle | cascades, contagion, network security, security investments, strategic substitutes, underinvestment. Acemoglu, Daron Malekian, Azarakhsh Ozdaglar, Asu Network Security and Contagion |
| title | Network Security and Contagion |
| title_full | Network Security and Contagion |
| title_fullStr | Network Security and Contagion |
| title_full_unstemmed | Network Security and Contagion |
| title_short | Network Security and Contagion |
| title_sort | network security and contagion |
| topic | cascades, contagion, network security, security investments, strategic substitutes, underinvestment. |
| url | http://hdl.handle.net/1721.1/79387 |
| work_keys_str_mv | AT acemogludaron networksecurityandcontagion AT malekianazarakhsh networksecurityandcontagion AT ozdaglarasu networksecurityandcontagion |