Title: An Analytical Approach to Regulation of Security Investments in the Internet
Abstract: Continuous proliferation of threats, evolution of attackers' choice of media and techniques, and the alarming erosion of privacy have made information security an important need of our increasingly IT-dependent society. Besides the technological barriers, security and privacy are affected by the investment decisions and behavioral traits of the end-users, service providers and content developers. This talk will introduce an analytical approach to a better understanding of the selfish incentives and strategic decisions of the involved agents with the goal of developing more efficient regulatory policies. Namely, I will present a model for the investment decisions of private ISPs in probing incoming and outgoing traffic for security threats, and the macro-level effect of these individual decisions. I will discuss the phenomenon of free-riding and the impacts of shortsightedness and limited rationality of the decision makers. I will examine the effectiveness of command-and-control regulatory policies, such as mandating investments and requiring minimum bilateral protection by security vendors, as well as economic incentive policies such as subsidies or seeding the ISPs with security measures, and a honeypot based punishment of ISPs that the threats originate from. For each of such policies, I will show the effect on the social and individual utilities as well as the overall network security in the equilibria. I will also explore the efficacy of these policies when the regulator has only a restricted region of jurisdiction, i.e., only a subset of ISPs can be mandated, seeded, or penalized.
Short Bio: Arman Khouzani received the B.Sc. degree in EE from Sharif University of Technology, Tehran, Iran in 2006, and joined University of Pennsylvania (UPenn), School of Engineering and Applied Science (SEAS), Philadelphia, PA, with fellowship award under supervision of Professor Saswati Sarkar. He received the M.S.E. and Ph.D. degrees in Electrical and Systems Engineering (ESE) from UPenn in 2008 and 2011, respectively. His PhD thesis received the 2012 Joseph and Rosaline Wolf Award of Best Male Dissertation in Electrical and Systems Engineering at UPenn. Since August 2011, He is doing postdoctoral research with Professor Ness B. Shroff at ECE department of the Ohio State University. His research interests are in stochastic optimization, optimal control and dynamic games in wireless networks.