Identifying Tipping Points in a Decision-Theoretic Model of Network Security

TL;DR

This paper models the decision-making process of network administrators regarding protection strategies, revealing cost sensitivities and tipping points that influence protection decisions in network security.

Contribution

It introduces a decision-theoretic model for network security decisions, highlighting critical thresholds affecting administrator choices.

Findings

Smaller networks are more cost-sensitive.

Identifies tipping points influencing protection decisions.

Provides insights into decision thresholds in network security.

Abstract

Although system administrators are frequently urged to protect the machines in their network, the fact remains that the decision to protect is far from universal. To better understand this decision, we formulate a decision-theoretic model of a system administrator responsible for a network of size n against an attacker attempting to penetrate the network and infect the machines with a virus or similar exploit. By analyzing the model we are able to demonstrate the cost sensitivity of smaller networks as well as identify tipping points that can lead the administrator to switch away from the decision to protect.