Game Theory based Cyber-Insurance to Cover Potential Loss from Mobile Malware Exploitation
Autor: | Paweł Śniatała, Li Wang, S. Sitharama Iyengar, Vir V. Phoha, Amith K. Belman, Changsheng Wan |
---|---|
Rok vydání: | 2021 |
Předmět: |
021110 strategic
defence & security studies Computer Networks and Communications Computer science 0211 other engineering and technologies 020206 networking & telecommunications 02 engineering and technology Adversary computer.software_genre Computer security Mobile malware Computer Science Applications symbols.namesake Hardware and Architecture Phone Nash equilibrium 0202 electrical engineering electronic engineering information engineering Cyber-Insurance symbols Malware Safety Research computer Mobile device Game theory Software Information Systems |
Zdroj: | Digital Threats: Research and Practice. 2:1-24 |
ISSN: | 2576-5337 2692-1626 |
Popis: | Potential for huge loss from malicious exploitation of software calls for development of principles of cyber-insurance. Estimating what to insure and for how much and what might be the premiums poses challenges because of the uncertainties, such as the timings of emergence and lethality of malicious apps, human propensity to favor ease by giving more privilege to downloaded apps over inconvenience of delay or functionality, the chance of infection determined by the lifestyle of the mobile device user, and the monetary value of the compromise of software, and so on. We provide a theoretical framework for cyber-insurance backed by game-theoretic formulation to calculate monetary value of risk and the insurance premiums associated with software compromise. By establishing the conditions for Nash equilibrium between strategies of an adversary and software we derive probabilities for risk, potential loss, gain to adversary from app categories, such as lifestyles, entertainment, education, and so on, and their prevalence ratios. Using simulations over a range of possibilities, and using publicly available malware statistics, we provide insights about the strategies that can be taken by the software and the adversary. We show the application of our framework on the most recent mobile malware data (2018 ISTR report—data for the year 2017) that consists of the top five Android malware apps: Malapp, Fakeinst, Premiumtext, Maldownloader , and Simplelocker and the resulting leaked phone number, location information, and installed app information. Uniqueness of our work stems from developing mathematical framework and providing insights of estimating cyber-insurance parameters through game-theoretic choice of strategies and by showing its efficacy on a recent real malicious app data . These insights will be of tremendous help to researchers and practitioners in the security community. |
Databáze: | OpenAIRE |
Externí odkaz: |