Ph. D. Project
Title:
Stochastic games over graphs: applications to cyber-insurance contracts
Dates:
2022/10/01 - 2025/09/30
Supervisor(s): 
Other supervisor(s):
Dr. KAZI-TANI, Nabil (nabil.kazi-tani@univ-lorraine.fr)
Description:
Over the past ten years, the growing number of cyber related issues and incidents have made it one of the main
concerns in insurance. The COVID-19 pandemic has considerably increased the exposure of professionals and
individuals to computer attacks. Cyber risk has thus been described as the second major risk of the decade to
come in the Axa Future Risks report of 2021. It is even considered to be the main risk in France according to the
Allianz Risk Barometer ranking of 2021.

The main guarantees of cyber insurance contracts currently on the market are:
- identification of the problem and its extent,
- the implementation of corrective actions, additional protections and programs of prevention,
- the payment of certain costs associated with the claim.
The prices of this type of contract are very variable and depend on several macroeconomic factors such as the size
of the company, its turnover as well as its exposure to IT risk (typically via the number of computers or servers).
However, one aspect that is often ignored is the impact of the graph structure on the safety and robustness of the
network.

In this project, we aim to mathematically characterize the effect of the underlying network topology on prices,
cyber risk assessment and management. To do so, we model the interactions between attackers and defenders as
a stochastic game. Assuming that both the attacker and the defender behave in a rational manner, we can
characterize their interactions under a dynamic game framework. While we can assume that the structure of the
network is known to the defender, the attacker may not have this information or may possess an imperfect
knowledge of the graph. An important issue for both of these entities is to identify and order the nodes in terms
of their strategic importance. For example, in a star graph, defending the central node is much more important
than other nodes. A study of the resulting game will help predict the likelihood that a network gets compromised
when under attack, with a given (and known) budget of defense and attack.

During the course of the PhD, the student will perform a literature review on dynamic games and cyber-security.
Then, a suitable model that captures the impact of the network on the cyber-security issue will be developed and
analyzed as a dynamic game. For large homogenous networks, a mean-field analysis maybe performed to deal
with the scaling. Finally, the equilibria of the game can be studied to provide recommendations to the
modification of cyber-insurance contracts as a function of the graph structure.
Keywords:
game theory, graph theory, cyber-security
Department(s): 
Control Identification Diagnosis