Abstract
Optimizing within the affine maximizer auctions (AMA) is an effective approach for revenue maximizing mechanism design. The AMA mechanisms are strategy-proof and individually rational (if the agents’ valuations for the outcomes are nonnegative). Every AMA mechanism is characterized by a list of parameters. By focusing on the AMA mechanisms, we turn mechanism design into a value optimization problem, where we only need to adjust the parameters. We propose a linear programming based heuristic for optimizing within the AMA family. We apply our technique to revenue maximizing mechanism design for zero-day exploit markets. We show that due to the nature of the zero-day exploit markets, if there are only two agents (one offender and one defender), then our technique generally produces a near optimal mechanism: the mechanism’s expected revenue is close to the optimal revenue achieved by the optimal strategy-proof and individually rational mechanism (not necessarily an AMA mechanism).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The authors also proposed a restricted version of AMA called the VVCA mechanisms. A VVCA mechanism is only characterized by 2n parameters, which makes it much easier to optimize over. On the other hand, due to the fact that the VVCA family is only a tiny subset of the whole AMA family, we lose revenue by focusing only on it.
- 2.
In our model, we allow payments. After all, the objective is to maximize revenue.
- 3.
If we allow randomized mechanisms, then an outcome is a nonincreasing function o(t), with \(o(0)=1\) and \(o(1)=0\). o(t) represents the probability for the exploit to be alive at time t.
- 4.
We have to emphasize that this is not an uncommon constraint when it comes to using numerical methods for maximizing mechanism revenue.
References
Algarni, A.M., Malaiya, Y.K.: Software vulnerability markets: discoverers and buyers. Int. J. Comput. Electr. Autom. Control Inf. Eng. 8(3), 71–81 (2014)
Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 833–844. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382284
Brams, S.J., Jones, M.A., Klamler, C.: Better ways to cut a cake - revisited. In: Brams, S., Pruhs, K., Woeginger, G. (eds.) Fair Division. Dagstuhl Seminar Proceedings, No. 07261. Internationales Begegnungs- und Forschungszentrum fĂĽr Informatik (IBFI), Schloss Dagstuhl, Germany (2007)
Chen, Y., Lai, J., Parkes, D., Procaccia, A.: Truth, justice, and cake cutting. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), Atlanta, GA, USA (2010)
Egelman, S., Herley, C., van Oorschot, P.C.: Markets for zero-day exploits: ethics and implications. In: Proceedings of 2013 Workshop on New Security Paradigms Workshop, NSPW 2013, pp. 41–46. ACM, New York (2013). http://doi.acm.org/10.1145/2535813.2535818
Emek, Y., Feldman, M., Gamzu, I., Paes Leme, R., Tennenholtz, M.: Signaling schemes for revenue maximization. In: Proceedings of the ACM Conference on Electronic Commerce (EC), Valencia, Spain (2012)
Fisher, D.: Vupen founder launches new zero-day acquisition firm zerodium (2015). https://threatpost.com/vupen-launches-new-zero-day-acquisition-firm-zerodium/113933/. Accessed 25 July 2012
Goemans, M., Skutella, M.: Cooperative facility location games. J. Algorithms 50, 194–214 (2004). Early version: SODA 2000, pp. 76–85
Greenberg, A.: Shopping for zero-days: a price list for hackers’ secret software exploits (2012). http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/. Accessed 23 Mar 2012
Guo, M., Deligkas, A.: Revenue maximization via hiding item attributes. In: Proceedings of the Twenty-Third International Joint Conference on Artificial Intelligence (IJCAI), Beijing, China (2013)
Guo, M., Deligkas, A., Savani, R.: Increasing VCG revenue by decreasing the quality of items. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), Quebec, Canada (2014)
Guo, M., Hata, H., Babar, A.: Revenue maximizing markets for zero-day exploits. In: Baldoni, M., Chopra, A.K., Son, T.C., Hirayama, K., Torroni, P. (eds.) PRIMA 2016. LNCS (LNAI), vol. 9862, pp. 247–260. Springer, Cham (2016). doi:10.1007/978-3-319-44832-9_15
Lahaie, S., Pennock, D.M., Saberi, A., Vohra, R.V.: Sponsored search auctions. In: Nisan, N., Roughgarden, T., Tardos, E., Vazirani, V. (eds.) Algorithmic Game Theory, Chap. 28. Cambridge University Press, Cambridge (2007)
Lavi, R., Mu’alem, A., Nisan, N.: Towards a characterization of truthful combinatorial auctions. In: Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS), pp. 574–583 (2003)
Likhodedov, A., Sandholm, T.: Methods for boosting revenue in combinatorial auctions. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), San Jose, CA, USA, pp. 232–237 (2004)
Likhodedov, A., Sandholm, T.: Approximating revenue-maximizing combinatorial auctions. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), Pittsburgh, PA, USA (2005)
Myerson, R.: Optimal auction design. Math. Oper. Res. 6, 58–73 (1981)
Procaccia, A.D., Tennenholtz, M.: Approximate mechanism design without money. In: Proceedings of the ACM Conference on Electronic Commerce (EC), Stanford, CA, USA, pp. 177–186 (2009)
TC Projects: Severity guidelines for security issues (2015). https://www.chromium.org/developers/severity-guidelines. Accessed 15 Sept 2015
Vickrey, W.: Counterspeculation, auctions, and competitive sealed tenders. J. Financ. 16, 8–37 (1961)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Guo, M., Hata, H., Babar, A. (2017). Optimizing Affine Maximizer Auctions via Linear Programming: An Application to Revenue Maximizing Mechanism Design for Zero-Day Exploits Markets. In: An, B., Bazzan, A., Leite, J., Villata, S., van der Torre, L. (eds) PRIMA 2017: Principles and Practice of Multi-Agent Systems. PRIMA 2017. Lecture Notes in Computer Science(), vol 10621. Springer, Cham. https://doi.org/10.1007/978-3-319-69131-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-69131-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69130-5
Online ISBN: 978-3-319-69131-2
eBook Packages: Computer ScienceComputer Science (R0)