Game Theory Meets Network Security and Privacy

This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by game-theoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address different forms of security and privacy problems in computer networks and mobile applications. The presented works are classified into six main categories based on their topics: security of the physical and MAC layers, application layer security in mobile networks, intrusion detection systems, anonymity and privacy, economics of network security, and cryptography. In each category, security problems, players, and game models are identified and the main results of selected works, such as equilibrium analysis and security mechanism designs are summarized. In addition, a discussion on advantages, drawbacks, and the future direction of using game theory in this field is provided. In this survey, we aim to provide a better understanding of the different research approaches for applying game theory to network security. This survey can also help researchers from various fields develop game-theoretic solutions to current and emerging security problems in computer networking

Uncertainty in the weakest-link security game

Abstract — Individuals in computer networks not only have to invest to secure their private resources from potential attackers, but have to be aware of the existing interdependencies that exist with other network participants. Indeed, a user’s security is frequently negatively impacted by protection failures of even just one other individual, the weakest link. In this paper, we are interested in the impact of bounded ra-tionality and limited information on user payoffs and strategies in the presence of strong weakest-link externalities. As a first contribution, we address the problem of bounded rationality by proposing a simple but novel modeling approach. We anticipate the vast majority of users to be unsophisticated and to apply approximate decision-rules that fail to accurately appreciate the impact of their decisions on others. Expert agents, on the other hand, fully comprehend to which extent their own and others ’ security choices affect the network as a whole, and respond rationally. The second contribution of this paper is to address how the security choices by users are mediated by the information available on the severity of the threats the network faces. We assume that each individual faces a randomly drawn probability of being subject to a direct attack. We study how the decisions of the expert user differ if all draws are common knowledge, compared to a scenario where this information is only privately known. We further propose a metric to quantify the value of information available: the payoff difference between complete and incomplete information conditions, divided by the payoff under the incomplete information condition. We study this ratio metric graphically and isolate parameter regions where being more informed creates a payoff advantage for the expert agent. I