Identifying Tipping Points in a Decision-Theoretic Model of Network Security

Abstract

Although system administrators are frequently urged to protect the machines in their network, the fact remains that the decision to protect is far from universal. To better understand this decision, we formulate a decision-theoretic model of a system administrator responsible for a network of size n against an attacker attempting to penetrate the network and infect the machines with a virus or similar exploit. By analyzing the model we are able to demonstrate the cost sensitivity of smaller networks as well as identify tipping points that can lead the administrator to switch away from the decision to protect.