An economic analysis of regulating security investments in the Internet

M. H R Khouzani; Soumya Sen; Ness B. Shroff

doi:10.1109/INFCOM.2013.6566869

An economic analysis of regulating security investments in the Internet

M. H R Khouzani, Soumya Sen, Ness B. Shroff

Information and Decision Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

11 Scopus citations

Abstract

Regulating the ISPs to adopt more security measures has been proposed as an effective method in mitigating the threats of attacks in the Internet. However, economic incentives of the ISPs and the network effects of security measures can lead to an under-investment in their adoption. We study the potential gains in a network's social utility when a regulator implements a monitoring and penalizing mechanism on the outbound threat activities of autonomous systems (ASes). We then show how free-riding can render regulations futile if the subset of ASes under the regulator's authority is smaller than a threshold. Finally, we show how heterogeneity of the ASes affect the responses of the ISPs and discuss how the regulator can leverage such information to improve the overall effectiveness of different security policies.

Original language	English (US)
Title of host publication	2013 Proceedings IEEE INFOCOM 2013
Pages	818-826
Number of pages	9
DOIs	https://doi.org/10.1109/INFCOM.2013.6566869
State	Published - Sep 2 2013
Event	32nd IEEE Conference on Computer Communications, IEEE INFOCOM 2013 - Turin, Italy Duration: Apr 14 2013 → Apr 19 2013

Publication series

Name	Proceedings - IEEE INFOCOM
ISSN (Print)	0743-166X

Other

Other	32nd IEEE Conference on Computer Communications, IEEE INFOCOM 2013
Country/Territory	Italy
City	Turin
Period	4/14/13 → 4/19/13

Access

10.1109/INFCOM.2013.6566869

OpenUrl availability

Full text

Cite this

@inproceedings{2485273588134ed68b4f0a098dc92952,

title = "An economic analysis of regulating security investments in the Internet",

abstract = "Regulating the ISPs to adopt more security measures has been proposed as an effective method in mitigating the threats of attacks in the Internet. However, economic incentives of the ISPs and the network effects of security measures can lead to an under-investment in their adoption. We study the potential gains in a network's social utility when a regulator implements a monitoring and penalizing mechanism on the outbound threat activities of autonomous systems (ASes). We then show how free-riding can render regulations futile if the subset of ASes under the regulator's authority is smaller than a threshold. Finally, we show how heterogeneity of the ASes affect the responses of the ISPs and discuss how the regulator can leverage such information to improve the overall effectiveness of different security policies.",

author = "Khouzani, {M. H R} and Soumya Sen and Shroff, {Ness B.}",

year = "2013",

month = sep,

day = "2",

doi = "10.1109/INFCOM.2013.6566869",

language = "English (US)",

isbn = "9781467359467",

series = "Proceedings - IEEE INFOCOM",

pages = "818--826",

booktitle = "2013 Proceedings IEEE INFOCOM 2013",

note = "32nd IEEE Conference on Computer Communications, IEEE INFOCOM 2013 ; Conference date: 14-04-2013 Through 19-04-2013",

}

TY - GEN

T1 - An economic analysis of regulating security investments in the Internet

AU - Khouzani, M. H R

AU - Sen, Soumya

AU - Shroff, Ness B.

PY - 2013/9/2

Y1 - 2013/9/2

N2 - Regulating the ISPs to adopt more security measures has been proposed as an effective method in mitigating the threats of attacks in the Internet. However, economic incentives of the ISPs and the network effects of security measures can lead to an under-investment in their adoption. We study the potential gains in a network's social utility when a regulator implements a monitoring and penalizing mechanism on the outbound threat activities of autonomous systems (ASes). We then show how free-riding can render regulations futile if the subset of ASes under the regulator's authority is smaller than a threshold. Finally, we show how heterogeneity of the ASes affect the responses of the ISPs and discuss how the regulator can leverage such information to improve the overall effectiveness of different security policies.

AB - Regulating the ISPs to adopt more security measures has been proposed as an effective method in mitigating the threats of attacks in the Internet. However, economic incentives of the ISPs and the network effects of security measures can lead to an under-investment in their adoption. We study the potential gains in a network's social utility when a regulator implements a monitoring and penalizing mechanism on the outbound threat activities of autonomous systems (ASes). We then show how free-riding can render regulations futile if the subset of ASes under the regulator's authority is smaller than a threshold. Finally, we show how heterogeneity of the ASes affect the responses of the ISPs and discuss how the regulator can leverage such information to improve the overall effectiveness of different security policies.

UR - http://www.scopus.com/inward/record.url?scp=84883121776&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883121776&partnerID=8YFLogxK

U2 - 10.1109/INFCOM.2013.6566869

DO - 10.1109/INFCOM.2013.6566869

M3 - Conference contribution

AN - SCOPUS:84883121776

SN - 9781467359467

T3 - Proceedings - IEEE INFOCOM

SP - 818

EP - 826

BT - 2013 Proceedings IEEE INFOCOM 2013

T2 - 32nd IEEE Conference on Computer Communications, IEEE INFOCOM 2013

Y2 - 14 April 2013 through 19 April 2013

ER -

An economic analysis of regulating security investments in the Internet

Abstract

Publication series

Other

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this