基于相互依赖性的信息安全投资博弈

An Analysis of Games of Information Security Investment Based on Interdependent Security

相互依赖性是现阶段信息安全风险所具备的一个重要特征,网络中企业的信息安全决策会相互影响。本文以企业间的病毒传染为例,依据相互依赖性和威胁侵入类型的多样性,提出了企业间信息安全的投资博弈模型。通过外部性对企业间的依赖程度进行度量,说明了投资风险与企业间的病毒传染的概率和网络中企业数量之间的关系,并根据该关系,确定了多个企业进行信息安全投资的纳什均衡解。

Based on the interdependence, which is an important characteristic of information security and the diversity of invasions, an investment game model is presented in this paper. The paper investigates the investment risk exerted by the contagion between firms in the network. With externality representing the risk, the relationship between investment risks and the interdependent extension and the amount of firms in the network is illustrated. By use of the model, the investment risk and decision are analyzed quantitatively and then several Nash equilibrium solutions are provided further.