# Protecting shared information in networks: a network security game with   strategic attacks

**Authors:** Bram de Witte, Paolo Frasca, Bastiaan Overvest, Judith Timmer

arXiv: 1906.09486 · 2019-06-25

## TL;DR

This paper models security investments in networks where agents share sensitive information, revealing that strategic attack types and network structure significantly influence whether agents under-invest or over-invest in security.

## Contribution

It introduces a new security game model considering both strategic and random attacks, analyzing how network topology affects security investment behaviors.

## Key findings

- Under-investment occurs at Nash equilibrium under random attacks.
- Network topology influences whether agents over-invest or under-invest in security.
- Higher information sharing increases the likelihood of under-investment due to elevated attack risks.

## Abstract

A digital security breach, by which confidential information is leaked, does not only affect the agent whose system is infiltrated, but is also detrimental to other agents socially connected to the infiltrated system. Although it has been argued that these externalities create incentives to under-invest in security, this presumption is challenged by the possibility of strategic adversaries that attack the least protected agents. In this paper we study a new model of security games in which agents share tokens of sensitive information in a network of contacts. The agents have the opportunity to invest in security to protect against an attack that can be either strategically or randomly targeted. We show that, in the presence of random attack, under-investments always prevail at the Nash equilibrium in comparison with the social optimum. Instead, when the attack is strategic, either under-investments or over-investments are possible, depending on the network topology and on the characteristics of the process of the spreading of information. Actually, agents invest more in security than socially optimal when dependencies among agents are low (which can happen because the information network is sparsely connected or because the probability that information tokens are shared is small). These over-investments pass on to under-investments when information sharing is more likely (and therefore, when the risk brought by the attack is higher).

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.09486/full.md

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/1906.09486/full.md

## References

26 references — full list in the complete paper: https://tomesphere.com/paper/1906.09486/full.md

---
Source: https://tomesphere.com/paper/1906.09486