Game Theory based Cyber-Insurance to Cover Potential Loss from Mobile Malware Exploitation

Li Wang, S. Sitharama Iyengar, Amith K. Belman, Paweł Sniatała, Vir V. Phoha, Changsheng Wan

Research output: Contribution to journalArticlepeer-review

Abstract

Potential for huge loss from malicious exploitation of software calls for development of principles of cyber-insurance. Estimating what to insure and for how much and what might be the premiums poses challenges because of the uncertainties, such as the timings of emergence and lethality of malicious apps, human propensity to favor ease by giving more privilege to downloaded apps over inconvenience of delay or functionality, the chance of infection determined by the lifestyle of the mobile device user, and the monetary value of the compromise of software, and so on. We provide a theoretical framework for cyber-insurance backed by game-theoretic formulation to calculate monetary value of risk and the insurance premiums associated with software compromise. By establishing the conditions for Nash equilibrium between strategies of an adversary and software we derive probabilities for risk, potential loss, gain to adversary from app categories, such as lifestyles, entertainment, education, and so on, and their prevalence ratios. Using simulations over a range of possibilities, and using publicly available malware statistics, we provide insights about the strategies that can be taken by the software and the adversary. We show the application of our framework on the most recent mobile malware data (2018 ISTR report - data for the year 2017) that consists of the top five Android malware apps: Malapp, Fakeinst, Premiumtext, Maldownloader, and Simplelocker and the resulting leaked phone number, location information, and installed app information. Uniqueness of our work stems from developing mathematical framework and providing insights of estimating cyber-insurance parameters through game-theoretic choice of strategies and by showing its efficacy on a recent real malicious app data. These insights will be of tremendous help to researchers and practitioners in the security community.

Original languageEnglish (US)
Article number9
JournalDigital Threats: Research and Practice
Volume2
Issue number2
DOIs
StatePublished - Apr 2021

Keywords

  • Game theory
  • android malware
  • cyber insurance
  • malicious apps
  • nash equilibrium
  • software apps

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Computer Science Applications
  • Hardware and Architecture
  • Information Systems
  • Safety Research

Fingerprint

Dive into the research topics of 'Game Theory based Cyber-Insurance to Cover Potential Loss from Mobile Malware Exploitation'. Together they form a unique fingerprint.

Cite this