Protecting shared information in networks: A network security game with strategic attacks

Bram De Witte, Paolo Frasca*, Bastiaan Overvest, Judith Timmer

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

1 Citation (Scopus)
34 Downloads (Pure)


A digital security breach, by which confidential information is leaked, does not only affect the agent whose system is infiltrated but is also detrimental to other agents socially connected to the infiltrated system. Although it has been argued that these externalities create incentives to underinvest in security, this presumption is challenged by the possibility of strategic adversaries that attack the least protected agents. In this paper we study a new model of security games in which agents share tokens of sensitive information in a network of contacts. The agents have the opportunity to invest in security to protect against an attack that can be either strategically or randomly targeted. We show that, in the presence of random attack, underinvestments always prevail at the Nash equilibrium in comparison with the social optimum. Instead, when the attack is strategic, either underinvestments or overinvestments are possible, depending on the net-work topology and on the characteristics of the process of the spreading of information. Actually, agents invest more in security than socially optimal when dependencies among agents are low (which can happen because the information network is sparsely connected or because the probability that information tokens are shared is small). These overinvestments pass on to underinvestments when information sharing is more likely (and therefore, when the risk brought by the attack is higher). In order to keep our analysis tractable, some of our results on strategic attacks make an assumption of homogeneity in the network, namely, that the network is vertex-transitive. We complement these results with an analysis on star graphs (which are nonhomogeneous), which confirms that the essential lines of our findings can remain valid on general networks.
Original languageEnglish
Pages (from-to)4255-4277
Number of pages23
JournalInternational journal of robust and nonlinear control
Issue number11
Early online date1 Dec 2019
Publication statusPublished - 25 Jul 2020


  • UT-Hybrid-D
  • Network externalities
  • Privacy game
  • Security game
  • Large networks
  • 22/2 OA procedure


Dive into the research topics of 'Protecting shared information in networks: A network security game with strategic attacks'. Together they form a unique fingerprint.

Cite this