Identifying Tipping Points in a Decision-Theoretic Model of Network Security
This work addresses network security decision-making for system administrators, but it appears incremental as it builds on existing models without introducing major new paradigms.
The authors tackled the problem of understanding system administrators' decisions to protect networks by developing a decision-theoretic model that analyzes cost sensitivity in smaller networks and identifies tipping points leading to a switch away from protection.
Although system administrators are frequently urged to protect the machines in their network, the fact remains that the decision to protect is far from universal. To better understand this decision, we formulate a decision-theoretic model of a system administrator responsible for a network of size n against an attacker attempting to penetrate the network and infect the machines with a virus or similar exploit. By analyzing the model we are able to demonstrate the cost sensitivity of smaller networks as well as identify tipping points that can lead the administrator to switch away from the decision to protect.