A Game Theoretic Model for Network Virus Protection

Security is crucial for information systems. In a company, security management is traditionally controlled via a centralized single-point. However, when we deal with multiple computer systems interconnected in a wide area networks (WAN), the use of a central authority for security management is completely meaningless. In this paper, we propose a distributed decision-making designed to thwart viruses in a WAN. A key aspect is whether owners of devices are willing to update their anti-virus in order to protect their computers or not to pay for an anti-virus update and take the risk to be contaminated. Given the fact that computers are interconnected via networks and the Internet, the risk of being infected does not only depend on each computer's strategy, but also on the strategies chosen by other computers in the network. This makes the virus protection problem much more challenging. To do so, we model the interaction between nodes as a non-cooperative game in which each node decides individually whether to update the anti-virus or not. The virus spread is assumed to follow a biologically inspired epidemic model in which the dynamic of sources that disseminate the virus evolves as function of the popularity of virus using the influence linear threshold model. We first provide a full characterization of the equilibria of the game and then we investigate the impact of the update cost. In particular, we study the performance of the strategies at the equilibrium in terms of the update cost and the network size on both the security management system and the anti-virus producers. These results give some helpful insights on how secure is decentralizing antivirus update decisions.