Target Information Trading - An Economic Perspective of Security

Ample evidence has confirmed the importance of information in security. While much research on security game has assumed the attackers' limited observation capabilities to obtain target information, few work considers the possibility that the information can be acquired from a data broker, not to mention exploring the profit-seeking behaviors of such an information service in the shrouded underground society. This paper studies the role of information in security problem when the target information is sold by a data broker to multiple competitive attackers. We formulate a novel multi-stage game model to characterize both the cooperative and competitive interactions of the data broker and attackers. Specifically, the attacker competition with correlated purchasing and attacking decisions is modeled as a two-stage stochastic model; and the bargaining process between the data broker and the attackers is analyzed in a Stackelberg game. Both the attackers' competitive equilibrium solutions and data broker's optimal pricing strategy are obtained. Our results show that with information trading, the target suffers from larger risks even when the information price is too high to benefit the attackers; and the information accuracy is more valuable when the target value is higher. Furthermore, the competition may weaken the information value to the attackers but benefit the data broker. The study contributes to the literature by characterizing the co-opetitive behaviors of the attackers with labor specialization, providing quantitative measures of information value from an economic perspective, and thus promoting a better understanding of the profit-seeking underground community.