Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Estimating Systematic Risk in Real-World Networks

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8437))

Included in the following conference series:

Abstract

Social, technical and business connections can all give rise to security risks. These risks can be substantial when individual compromises occur in combinations, and difficult to predict when some connections are not easily observed. A significant and relevant challenge is to predict these risks using only locally-derivable information.

We illustrate by example that this challenge can be met if some general topological features of the connection network are known. By simulating an attack propagation on two large real-world networks, we identify structural regularities in the resulting loss distributions, from which we can relate various measures of a network’s risks to its topology. While deriving these formulae requires knowing or approximating the connective structure of the network, applying them requires only locally-derivable information.

On the theoretical side, we show that our risk-estimating methodology gives good approximations on randomly-generated scale-free networks with parameters approximating those in our study. Since many real-world networks are formed through preferential attachment mechanisms that yield similar scale-free topologies, we expect this methodology to have a wider range of applications to risk management whenever a large number of connections is involved.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that we intentionally do not refer to these subsets of nodes as subnetworks. The reason for this distinction is that the term subnetwork would suggest that the links inside the subset inherently play a more important role than links connecting to the outside, or that these subsets are isolated from the rest of the network.

  2. 2.

    As we will later show, this assumption could be wrongly justified by the loss distribution measured on small sample.

References

  1. Markoff, J., Perlroth, N.: Firm is accused of sending spam, and fight jams Internet. The New York Times, 26 March 2013

    Google Scholar 

  2. Böhme, R., Schwartz, G.: Modeling cyber-insurance: Towards a unifying framework. In: Workshop on the Economics of Information Security (WEIS) (2010)

    Google Scholar 

  3. Johnson, B., Laszka, A., Grossklags, J.: The complexity of estimating systematic risk in networks. In: Proceedings of the 27th IEEE Computer Security Foundations Symposium (CSF), pp. 325–336 (2014)

    Google Scholar 

  4. Laszka, A., Felegyhazi, M., Buttyán, L.: A survey of interdependent information security games. ACM Comput. Surv. 47(2), 23:1–23:38 (2014)

    Article  Google Scholar 

  5. Varian, H.: System reliability and free riding. In: Camp, L., Lewis, S. (eds.) Economics of Information Security. Advances in Information Security, vol. 12, pp. 1–15. Kluwer Academic, Dordrecht (2004)

    Chapter  Google Scholar 

  6. Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 17th International World Wide Web Conference (WWW), pp. 209–218 (2008)

    Google Scholar 

  7. Fultz, N., Grossklags, J.: Blue versus red: Towards a model of distributed security attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Grossklags, J., Johnson, B., Christin, N.: When information improves information security. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 416–423. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Johnson, B., Böhme, R., Grossklags, J.: Security games with market insurance. In: Baras, J.S., Katz, J., Altman, E. (eds.) GameSec 2011. LNCS, vol. 7037, pp. 117–130. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Aspnes, J., Chang, K., Yampolskiy, A.: Inoculation strategies for victims of viruses and the sum-of-squares partition problem. J. Comput. Syst. Sci. 72(6), 1077–1093 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  11. Moscibroda, T., Schmid, S., Wattenhofer, R.: When selfish meets evil: Byzantine players in a virus inoculation game. In: Proceedings of the Twenty-Fifth Annual ACM Symposium on Principles of Distributed Computing, pp. 35–44 (2006)

    Google Scholar 

  12. Kephart, J., White, S.: Directed-graph epidemiological models of computer viruses. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343–359 (1991)

    Google Scholar 

  13. Pastor-Satorras, R., Vespignani, A.: Epidemic spreading in scale-free networks. Phys. Rev. Lett. 86(14), 3200–3203 (2001)

    Article  Google Scholar 

  14. EguĂ­luz, V., Klemm, K.: Epidemic threshold in structured scale-free networks. Phys. Rev. Lett. 89(10), Article No. 108701 (2002)

    Google Scholar 

  15. Pastor-Satorras, R., Vespignani, A.: Epidemic dynamics in finite size scale-free networks. Phys. Rev. E 65(3), Article No. 035108(R) (2002)

    Google Scholar 

  16. Kunreuther, H., Heal, G.: Interdependent security. J. Risk Uncertain. 26(2), 231–249 (2003)

    Article  MATH  Google Scholar 

  17. Heal, G., Kunreuther, H.: Interdependent security: A general model. Working paper No. 10706, National Bureau of Economic Research, August 2004

    Google Scholar 

  18. Kearns, M., Ortiz, L.: Algorithms for interdependent security games. In: Thrun, S., Saul, L., Schölkopf, B. (eds.) Advances in Neural Information Processing Systems, vol. 16, pp. 561–568. MIT Press, Cambridge (2004)

    Google Scholar 

  19. Johnson, B., Grossklags, J., Christin, N., Chuang, J.: Uncertainty in interdependent security games. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 234–244. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  20. Chan, H., Ceyko, M., Ortiz, L.: Interdependent defense games: Modeling interdependent security under deliberate attacks. In: Proceedings of the Twenty-Eighth Conference on Uncertainty in Artificial Intelligence (UAI), Catalina Island, CA, pp. 152–162, August 2012

    Google Scholar 

  21. Ogut, H., Menon, N., Raghunathan, S.: Cyber insurance and IT security investment: Impact of interdependent risk. In: Workshop on the Economics of Information Security (WEIS) (2005)

    Google Scholar 

  22. Barabási, A.L.: Scale-free networks: A decade and beyond. Science 325(5939), 412–413 (2009)

    Article  MathSciNet  Google Scholar 

  23. Barabási, A.L., Albert, R.: Emergence of scaling in random networks. Science 286(5439), 509–512 (1999)

    Article  MathSciNet  Google Scholar 

  24. Li, L., Alderson, D., Doyle, J.C., Willinger, W.: Towards a theory of scale-free graphs: Definition, properties, and implications. Internet Math. 2(4), 431–523 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  25. Stumpf, M., Wiuf, C., May, R.: Subnets of scale-free networks are not scale-free: Sampling properties of networks. Proc. Natl. Acad. Sci. USA 102(12), 4221–4224 (2005)

    Article  Google Scholar 

  26. Anderson, R.: Liability and computer security: Nine principles. In: Proceedings of the Third European Symposium on Research in Computer Security (ESORICS), pp. 231–245, November 1994

    Google Scholar 

  27. Böhme, R.: Towards insurable network architectures. IT - Inf. Technol. 52(5), 290–293 (2010)

    Google Scholar 

  28. Birman, K., Schneider, F.: The monoculture risk put into context. IEEE Secur. Priv. 7(1), 14–17 (2009)

    Article  Google Scholar 

  29. Geer, D., Pfleeger, C., Schneier, B., Quarterman, J., Metzger, P., Bace, R., Gutmann, P.: Cyberinsecurity: The cost of monopoly. How the dominance of Microsoft’s products poses a risk to society. Computer & Communications Industry Association, Washington, DC (2003)

    Google Scholar 

  30. Böhme, R., Kataria, G.: Models and measures for correlation in cyber-insurance. In: Workshop on the Economics of Information Security (WEIS) (2006)

    Google Scholar 

  31. Chen, P.Y., Kataria, G., Krishnan, R.: Correlated failures, diversification, and information security risk management. MIS Q. 35(2), 397–422 (2011)

    Google Scholar 

  32. Čížek, P., Härdle, W., Weron, R.: Statistical Tools for Finance and Insurance. Springer, Heidelberg (2005)

    Google Scholar 

  33. Laeven, R., Goovaerts, M.: Premium calculation and insurance pricing. In: Melnick, E.L., Everitt, B.S. (eds.) Encyclopedia of Quantitative Risk Analysis and Assessment. Wiley, Chichester (2008)

    Google Scholar 

  34. Sharpe, W.: Capital asset prices: A theory of market equilibrium under conditions of risk. J. Finance 19(3), 425–442 (1964)

    MathSciNet  Google Scholar 

  35. The Cooperative Association for Internet Data Analysis (CAIDA): AS rank and AS relationship datasets. http://as-rank.caida.org/, http://www.caida.org/data/active/as-relationships/index.xml

  36. Gjoka, M., Kurant, M., Butts, C., Markopoulou, A.: Walking in Facebook: A case study of unbiased sampling of OSNs. In: Proceedings of the 29th IEEE Conference on Computer Communications (INFOCOM) (2010)

    Google Scholar 

  37. Gjoka, M., Kurant, M., Butts, C., Markopoulou, A.: Practical recommendations on crawling online social networks. IEEE J. Sel. Areas Commun. 29(9), 1872–1892 (2011)

    Article  Google Scholar 

  38. Johnson, B., Laszka, A., Grossklags, J.: How many down? Toward understanding systematic risk in networks. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 495–500 (2014)

    Google Scholar 

Download references

Acknowledgements

This research was partly supported by the Penn State Institute for CyberScience, and the National Science Foundation under ITR award CCF-0424422 (TRUST). We also thank the reviewers for their comments on an earlier draft of the paper.

Author information

Authors and Affiliations

  1. College of Information Sciences and Technology, Pennsylvania State University, State College, USA

    Aron Laszka & Jens Grossklags

  2. Department of Networked Systems and Services, Budapest University of Technology and Economics, Budapest, Hungary

    Aron Laszka & Mark Felegyhazi

  3. School of Information, University of California, Berkeley, USA

    Benjamin Johnson

Authors
  1. Aron Laszka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benjamin Johnson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jens Grossklags
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mark Felegyhazi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jens Grossklags .

Editor information

Editors and Affiliations

  1. Carnegie Mellon University, Pittsburgh, Pennsylvania, USA

    Nicolas Christin

  2. University of Calgary, Calgary, Alberta, Canada

    Reihaneh Safavi-Naini

Rights and permissions

Reprints and permissions

Copyright information

© 2014 International Financial Cryptography Association

About this paper

Cite this paper

Laszka, A., Johnson, B., Grossklags, J., Felegyhazi, M. (2014). Estimating Systematic Risk in Real-World Networks. In: Christin, N., Safavi-Naini, R. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45472-5_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45472-5_27

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45471-8

  • Online ISBN: 978-3-662-45472-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation