基于stackelberg博弈的供应链企业间信息安全决策分析

针对网络系统不同的脆弱性，通过建模分析了网络暴露程度、黑客攻击概率、黑客入侵概率、安全投资效率等因素对企业的网络安全投资策略的影响，研究了一定预算约束下的企业网络安全投资策略。研究表明：在企业网络系统防御随机攻击能力较强，防御定向攻击能力较弱的情况下，当安全投资总额非常大的时候，对随机攻击类型的投资分配应随着安全投资总额的增大而增大，对定向攻击类型的投资分配应随着安全投资总额的增大而减小；当安全投资总额非常小时，投资分配情况视网络暴露程度的大小而定。

Information security investment for competitive firms with hacker behavior and security requirements

This paper develops a model to study enterprise network security investment strategies when facing different vulnerabilities with budget constraints. It analyzes the impact factors such as the network exposure, the attack probability, the breach probability, and security investment efficiency on network security investment strategies. The result shows that under the circumstance that the network system has a stronger ability to defend against an opportunistic attack and a weaker ability to defend against a targeted attack, when the optimal security investment is very high, the investment allocation to the opportunistic attacks increases with an increase in the total investment while investment allocation to the targeted attacks decreases with an increase in the total investment; when the optimal security investment is very small, the allocation of investment depends on the degree of network exposure.