12,089 research outputs found
Non-additive Security Games
We have investigated the security game under non-additive utility functions
Game Theory in Distributed Systems Security: Foundations, Challenges, and Future Directions
Many of our critical infrastructure systems and personal computing systems
have a distributed computing systems structure. The incentives to attack them
have been growing rapidly as has their attack surface due to increasing levels
of connectedness. Therefore, we feel it is time to bring in rigorous reasoning
to secure such systems. The distributed system security and the game theory
technical communities can come together to effectively address this challenge.
In this article, we lay out the foundations from each that we can build upon to
achieve our goals. Next, we describe a set of research challenges for the
community, organized into three categories -- analytical, systems, and
integration challenges, each with "short term" time horizon (2-3 years) and
"long term" (5-10 years) items. This article was conceived of through a
community discussion at the 2022 NSF SaTC PI meeting.Comment: 11 pages in IEEE Computer Society magazine format, including
references and author bios. There is 1 figur
On a Generic Security Game Model
To protect the systems exposed to the Internet against attacks, a security
system with the capability to engage with the attacker is needed. There have
been attempts to model the engagement/interactions between users, both benign
and malicious, and network administrators as games. Building on such works, we
present a game model which is generic enough to capture various modes of such
interactions. The model facilitates stochastic games with imperfect
information. The information is imperfect due to erroneous sensors leading to
incorrect perception of the current state by the players. To model this error
in perception distributed over other multiple states, we use Euclidean
distances between the outputs of the sensors. We build a 5-state game to
represent the interaction of the administrator with the user. The states
correspond to 1) the user being out of the system in the Internet, and after
logging in to the system; 2) having low privileges; 3) having high privileges;
4) when he successfully attacks and 5) gets trapped in a honeypot by the
administrator. Each state has its own action set. We present the game with a
distinct perceived action set corresponding to each distinct information set of
these states. The model facilitates stochastic games with imperfect
information. The imperfect information is due to erroneous sensors leading to
incorrect perception of the current state by the players. To model this error
in perception distributed over the states, we use Euclidean distances between
outputs of the sensors. A numerical simulation of an example game is presented
to show the evaluation of rewards to the players and the preferred strategies.
We also present the conditions for formulating the strategies when dealing with
more than one attacker and making collaborations.Comment: 31 page
A Comprehensive Insight into Game Theory in relevance to Cyber Security
The progressively ubiquitous connectivity in the present information systems pose newer challenges tosecurity. The conventional security mechanisms have come a long way in securing the well-definedobjectives of confidentiality, integrity, authenticity and availability. Nevertheless, with the growth in thesystem complexities and attack sophistication, providing security via traditional means can beunaffordable. A novel theoretical perspective and an innovative approach are thus required forunderstanding security from decision-making and strategic viewpoint. One of the analytical tools whichmay assist the researchers in designing security protocols for computer networks is game theory. Thegame-theoretic concept finds extensive applications in security at different levels, including thecyberspace and is generally categorized under security games. It can be utilized as a robust mathematicaltool for modelling and analyzing contemporary security issues. Game theory offers a natural frameworkfor capturing the defensive as well as adversarial interactions between the defenders and the attackers.Furthermore, defenders can attain a deep understanding of the potential attack threats and the strategiesof attackers by equilibrium evaluation of the security games. In this paper, the concept of game theoryhas been presented, followed by game-theoretic applications in cybersecurity including cryptography.Different types of games, particularly those focused on securing the cyberspace, have been analysed andvaried game-theoretic methodologies including mechanism design theories have been outlined foroffering a modern foundation of the science of cybersecurity
- …