یک رویکرد نظریه ِی بازی برای قیمت‌گذاری رایانش ابری و تعیین سطح امنیت شرکت‌های ارائه‌دهنده ی امنیت

نوع مقاله : پژوهشی

نویسندگان

دانشکده‌ی مهندسی صنایع و سیستم‌ها، دانشگاه صنعتی اصفهان، اصفهان، ایران.

چکیده

سخت‌افزارها ممکن است دچار خرابی‌های ناگهانی شوند و راه‌حل‌های نرم‌افزاری اغلب پرهزینه‌اند، بنابراین کاربران به محیطی نیاز دارند که بتوانند بدون نیاز به سخت‌افزار و نرم‌افزار گران‌قیمت، محاسبات و ذخیره‌سازی داده‌ها را انجام دهند. رایانش ابری این امکان را فراهم می‌کند، اما نگرانی‌هایی درباره‌ی امنیت داده‌ها در برابر حملات سایبری وجود دارد. شرکت‌های امنیتی با تعیین سطح امنیت و قیمت‌گذاری براساس ارزش اطلاعات و درصد بازیابی می‌توانند از داده‌های کاربران محافظت کنند. آن‌ها می‌توانند راهبرد‌های متفاوتی مانند پیشگیری از حملات (ساختار رهبر) یا انتظار برای وقوع حمله و سپس مقابله (ساختار پیرو) را انتخاب کنند. در پژوهش حاضر، دو ساختار ذکرشده با حضور هکر کلاه سیاه بررسی شده است. نتایج نشان داده‌اند که ساختار قدرت، تأثیر زیادی در مقدار قیمت نداشته است، اما سود را به‌شدت تحت تأثیر قرار داده است. همچنین مشخص شده است که ارزش اطلاعات و کاهش اعتبار شرکت در اثر حمله‌ی موفق، در سود و میزان تقاضا تأثیر زیادی دارد. 

کلیدواژه‌ها

موضوعات


عنوان مقاله [English]

Game-Theoretic Approach for Pricing Cloud Computing and Determining the Security Level of Security Provider Companies

نویسندگان [English]

  • Mahdie Sadeghian
  • Morteza Rasti-Barzoki
  • Hossein Khosroshahi
Department of Industrial and Systems Engineering, Isfahan University of Technology, Isfahan
چکیده [English]

Since hardware may experience sudden failure and software solutions are often costly, users need an environment to perform computational and data storage tasks without expensive hardware and software. Cloud computing can provide this capability, but the presence of cyber hackers and their attacks raises user concerns about their data security. As information is precious, losing it can result in significant costs for the information owner. To address this problem, companies have emerged to ensure the safety of cloud computing services, and cloud users can entrust their information security to them. This article aims to examine the competition between security provider companies and cyber hackers using game theory and determine the strategies of each player to determine the game structure. These structures are based on the leader's decision to determine the security level initially or after an attack has occurred. The company decides what price to offer the user based on the value of the information, the amount of effort needed to return the information after a successful attack, the security level it needs to maintain, and the power structure. Similarly, the hacker decides how much effort to put in based on the value of the information. The results show that the price decreases linearly based on the information value when the company is the leader. In addition to the results obtained about the company's profit, it shows that in general, the company's profit, when it is a leader, is more than when it is a follower, and in particular, the company's profit based on the percentage of returned information in the leader's position is much higher than in the position of the follower. The level of security provided is also different according to the position of the company, and when the company is the leader, it is much higher than when the company is the follower, based on the hacker's credibility and the value of the returned information.

کلیدواژه‌ها [English]

  • Pricing
  • investment
  • black hat hacker
  • cybersecurity
  • game theory
1. O’Connor, S., Hasshu, S., Bielby, J., Colreavy-Donnelly, S., Kuhn, S., Caraffini, F. and Smith, R., 2021. Scips: A serious game using a guidance mechanic to scaffold effective training for cyber security, Information Sciences, 580, 524-540 DOI: https://doi.org/10.1016/j.ins.2021.08.098.
2. Chronopoulos, M., Panaousis, E. and Grossklags, J., 2017. An options approach to cybersecurity investment, IEEE Access, 6, pp. 12175 – 12186 DOI: 10.1109/ACCESS.2017.2773366
3. Whaiduzzaman, M. and Gani, A., 2013, Measuring security for cloud service provider: A third party approach, in 2013 International Conference on Electrical Information and Communication Technology (EICT), pp. 1-6. IEEE. DOI: 1109/EICT.2014.6777855
4. Che, J., Duan, Y., Zhang, T. and Fan, J., 2011. Study on the security models and strategies of cloud computing, Procedia Engineering, 23, pp. 586-593 DOI: https://doi.org/10.1016/j.proeng.2011.11.2551.
5. Hsieh, C., Chang, Y. and Wu, C., 2014. Competitive pricing and ordering decisions in a multiple-channel supply chain, International journal of production economics, 154, pp. 156-165 DOI:  https://doi.org/10.1016/j.ijpe.2014.04.024.
6. Chen, Z., Wu, S., Govindan, K., Wang, J., Chin, K. and Martíınez, L., 2022, Optimal pricing decision in a multi-channel supply chain with a revenue-sharing contract, Annals of Operations Research, 318, pp. 67-102, DOI: https://doi.org/10.1007/s10479-022-04748-7.
7. Bartholomae, F., 2018, Cybercrime and cloud computing. A game theoretic network model, Managerial and Decision Economics, 39, pp. 297-305, DOI: https://doi.org/10.1002/mde.2904.
8. Shy, O., 2001, The economics of network industries, Cambridge university press, DOI: https://doi.org/10.1007/978-3-662-04623-4_17.
9. Cong, P., Li, L., Zhou, J., Cao, K., Wei, T., Chen, M. and HU., S, 2018, Profit-driven dynamic cloud pricing for multiserver systems considering user perceived value, IEEE Trans. Parallel Distrib. Syst, 29, pp. 2742-2756, DOI: 10.1109/TPDS.2018.2843343.
10. Chng, S., Lu, H.Y., Kumar, A. and Yau, D., 2022, Hacker types, motivations and strategies: A comprehensive framework, Computers in Human Behavior Reports, 5, pp. 100167, DOI: https://doi.org/10.1016/j.chbr.2022.100167
11. Caldwell, T., 2011, Ethical hackers: Putting on the white hat, Network Security, Vol. 2011, pp. 10-13, DOI: https://doi.org/10.1016/S1353-4858(11)70075-7.
12. Cohen, D., Elalouf, A. and Zeev, R., 2022, Collaboration or separation maximizing the partnership between a “gray hat” hacker and an organization in a two-stage cybersecurity game, International Journal of Information Management Data Insights, 2, pp. pages 100073, DOI: https://doi.org/10.1016/j.jjimei.2022.100073.
13. Rachamalla, S. and Fatima, S.H., 2020, Game theory and cyber security, Annual Workshop on Cyber Security, 2,  pp. 978- 990, DOI: https://doi.org/10.1145/1852666.1852704.
14. Shiva, S., Roy, S. and Dasgupta, D., 2010. Game theory for cyber security, in Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1-4, [In Persian] DOI: https://doi.org/10.1145/1852666.1852704,
15. Do, C., Tran, N., Hong, C., Kamhoua, C.A., Kwiat, K.A., Blasch, E. and Lyengar., S., 2017. Game theory for cyber security and privacy, ACM Computing Surveys (CSUR), 50, pp. 1-37, DOI: https://doi.org/10.1145/3057268.
16. Hyder, B. and Govindarasu, M., 2020. Optimization of cybersecurity investment strategies in the smart grid using game-theory, in 2020 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1-5, DOI: 1109/ISGT45199.2020.9087634.
17. Xiao, P. and Tang, Z., 2015, Game theory–based resource pricing model in cloud platforms, International Journal of Communication Networks and Distributed Systems, 14, pp. 256-271, DOI: https://doi.org/10.1504/IJCNDS.2015.068666.
18. Feng, S., Xiong, Z., Niyato, D., Wang, P., Wang, S., and Shen, S., Joint pricing and security investment in cloud security service market with user interdependency, IEEE Transactions on Services Computing, 15, pp. 1461-1472, DOI: 10.1109/TSC.2020.2996382.
19. Ge, H., Zhao, L., Yue, D., Xie, X., Xie, L., Gorbachev, S., Corovin., I. and Ge., Y., 2024, A game theory based optimal allocation strategy for defense resources of smart grid under cyber-attack, Information Sciences, 652, pp. 1197-1220, DOI: https://doi.org/10.1016/j.ins.2023.119759.
20. Huang, J., Leng, M. and Parlar, M., 2021, Demand functions in decision modeling: A comprehensive survey and research directions, Decision Sciences, 44, pp. 557-609, DOI: https://doi.org/10.1111/deci.12021
21. Phillips, R., 2021, Pricing and revenue optimization, Stanford university press, 2021. In Electrical, DOI: https://doi.org/10.1515/9781503614260
22. Gao, X., Qiu, M., Wang, Y. and Wang, X., 2023, Information security investment with budget constraint and security information sharing in resource-sharing environments, Journal of the Operational Research Society, 74, pp. 1520-1535, DOI: https://doi.org/10.1080/01605682.2022.2096506 .