Towards a science of security games

Abstract. Security is a critical concern around the world. In many domains from counter-terrorism to sustainability, limited security resources prevent complete security coverage at all times. Instead, these limited resources must be scheduled (or allocated or deployed), while simultaneously taking into account the impor-tance of different targets, the responses of the adversaries to the security posture, and the potential uncertainties in adversary payoffs and observations, etc. Com-putational game theory can help generate such security schedules. Indeed, casting the problem as a Stackelberg game, we have developed new algorithms that are now deployed over multiple years in multiple applications for scheduling of secu-rity resources. These applications are leading to real-world use-inspired research in the emerging research area of “security games”. The research challenges posed by these applications include scaling up security games to real-world sized prob-lems, handling multiple types of uncertainty, and dealing with bounded rationality of human adversaries.

Human-Agent Decision-making: Combining Theory and Practice

Extensive work has been conducted both in game theory and logic to model strategic interaction. An important question is whether we can use these theories to design agents for interacting with people? On the one hand, they provide a formal design specification for agent strategies. On the other hand, people do not necessarily adhere to playing in accordance with these strategies, and their behavior is affected by a multitude of social and psychological factors. In this paper we will consider the question of whether strategies implied by theories of strategic behavior can be used by automated agents that interact proficiently with people. We will focus on automated agents that we built that need to interact with people in two negotiation settings: bargaining and deliberation. For bargaining we will study game-theory based equilibrium agents and for argumentation we will discuss logic-based argumentation theory. We will also consider security games and persuasion games and will discuss the benefits of using equilibrium based agents.Comment: In Proceedings TARK 2015, arXiv:1606.0729

Modelling Telecommunications Operators and Adversaries using Game Theory

Telecommunications systems being inherently distributed and collaborative in nature present a plurality of attack surfaces to malicious entities and hence vulnerable to many potential attacks even indirectly demanding a need in prioritising security. The choice of security implementations depends upon the currently understood threats, future possible threat vectors, and the dependencies between systems. Executing these choices while contemplating the financial aspects is exceptionally difficult. It is thus critical to have a perceptible decision support framework for better security decision-making. This thesis studies the strategic nature of the interaction between the Telecoms operators and attackers utilising game theory to understand their strategic decision-making characteristics strengthening security decisions. To understand the security investment decision-making criteria of operators, this thesis utilises static security investment games. Through these games, we study the effects of security investment decision of an operator on other operators' behaviour. We determine conditions supporting the security investment decisions and propose strategic recommendations supplementing the dependency conditions. We then study attackers' behaviour considering them with strategic incentives in contrary to their strictly-bounded rationality in traditional game-theoretic modelling approaches. We utilise a behavioural approach and design a decision-flow model capturing the choices of attackers in the attack process. An outcome of this work is a generalised attack framework. Moreover, using this framework, we derive attack strategies optimising attackers' effort. Through this work, we are probing the foundations for drawing inferences about attackers' strategic characteristics from a cybersecurity perspective

Design of Dynamic and Personalized Deception: A Research Framework and New Insights

Deceptive defense techniques (e.g., intrusion detection, firewalls, honeypots, honeynets) are commonly used to prevent cyberattacks. However, most current defense techniques are generic and static, and are often learned and exploited by attackers. It is important to advance from static to dynamic forms of defense that can actively adapt a defense strategy according to the actions taken by individual attackers during an active attack. Our novel research approach relies on cognitive models and experimental games: Cognitive models aim at replicating an attacker’s behavior allowing the creation of personalized, dynamic deceptive defense strategies; experimental games help study human actions, calibrate cognitive models, and validate deceptive strategies. In this paper we offer the following contributions: (i) a general research framework for the design of dynamic, adaptive and personalized deception strategies for cyberdefense; (ii) a summary of major insights from experiments and cognitive models developed for security games of increased complexity; and (iii) a taxonomy of potential deception strategies derived from our research program so far