Identifying Tipping Points in a Decision-Theoretic Model of Network Security
Source: Carnegie Mellon University
Although system administrators are frequently urged to protect the machines in their network, the fact remains that the decision to protect is far from universal. To better understand this decision, the authors formulate a decision-theoretic model of a system administrator responsible for a network of size n against an attacker attempting to penetrate the network and infect the machines with a virus or similar exploit. By analyzing the model, they are able to demonstrate the cost sensitivity of smaller networks as well as identify tipping points that can lead the administrator to switch away from the decision to protect.