# Interdependent Strategic Security Risk Management with Bounded   Rationality in the Internet of Things

**Authors:** Juntao Chen, Quanyan Zhu

arXiv: 1905.09341 · 2019-05-24

## TL;DR

This paper models security decision-making in IoT networks considering users' limited attention and bounded rationality, proposing a game-theoretic framework and an algorithm to identify critical users affecting overall security.

## Contribution

It introduces a holistic game-in-games model with a novel GNE solution for IoT security under bounded rationality and develops an algorithm to find critical decision-makers.

## Key findings

- The proposed algorithm effectively identifies critical users in IoT security networks.
- The GNE framework captures the interdependence of bounded rational decisions and cognitive network formation.
- Case studies demonstrate the model's applicability to smart community scenarios.

## Abstract

With the increasing connectivity enabled by the Internet of Things (IoT), security becomes a critical concern, and the users should invest to secure their IoT applications. Due to the massive devices in the IoT network, users cannot be aware of the security policies taken by all its connected neighbors. Instead, a user makes security decisions based on the cyber risks he perceives by observing a selected number of nodes. To this end, we propose a model which incorporates the limited attention or bounded rationality nature of players in the IoT. Specifically, each individual builds a sparse cognitive network of nodes to respond to. Based on this simplified cognitive network representation, each user then determines his security management policy by minimizing his own real-world security cost. The bounded rational decision-makings of players and their cognitive network formations are interdependent and thus should be addressed in a holistic manner. We establish a games-in-games framework and propose a Gestalt Nash equilibrium (GNE) solution concept to characterize the decisions of agents, and quantify their risk of bounded perception due to the limited attention. In addition, we design a proximal-based iterative algorithm to compute the GNE. With case studies of smart communities, the designed algorithm can successfully identify the critical users whose decisions need to be taken into account by the other users during the security management.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.09341/full.md

## Figures

30 figures with captions in the complete paper: https://tomesphere.com/paper/1905.09341/full.md

## References

44 references — full list in the complete paper: https://tomesphere.com/paper/1905.09341/full.md

---
Source: https://tomesphere.com/paper/1905.09341