Fictitious Play with Time-Invariant Frequency Update for Network Security

We study two-player security games which can be viewed as sequences of nonzero-sum matrix games played by an Attacker and a Defender. The evolution of the game is based on a stochastic fictitious play process, where players do not have access to each other's payoff matrix. Each has to observe the other's actions up to present and plays the action generated based on the best response to these observations. In a regular fictitious play process, each player makes a maximum likelihood estimate of her opponent's mixed strategy, which results in a time-varying update based on the previous estimate and current action. In this paper, we explore an alternative scheme for frequency update, whose mean dynamic is instead time-invariant. We examine convergence properties of the mean dynamic of the fictitious play process with such an update scheme, and establish local stability of the equilibrium point when both players are restricted to two actions. We also propose an adaptive algorithm based on this time-invariant frequency update.Comment: Proceedings of the 2010 IEEE Multi-Conference on Systems and Control (MSC10), September 2010, Yokohama, Japa

A game theoretic model for digital identity and trust in online communities

Digital identity and trust management mechanisms play an important role on the Internet. They help users make decisions on trustworthiness of digital identities in online communities or ecommerce environments, which have significant security consequences. This work aims to contribute to construction of an analytical foundation for digital identity and trust by adopting a quantitative approach. A game theoretic model is developed to quantify community effects and other factors in trust decisions. The model captures factors such as peer pressure and personality traits. The existence and uniqueness of a Nash equilibrium solution is studied and shown for the trust game defined. In addition, synchronous and asynchronous update algorithms are shown to converge to the Nash equilibrium solution. A numerical analysis is provided for a number of scenarios that illustrate the interplay between user behavior and community effects

Detection of Malware Attacks on Virtual Machines for a Self-Heal Approach in Cloud Computing using VM Snapshots

Cloud Computing strives to be dynamic as a service oriented architecture. The services in the SoA are rendered in terms of private, public and in many other commercial domain aspects. These services should be secured and thus are very vital to the cloud infrastructure. In order, to secure and maintain resilience in the cloud, it not only has to have the ability to identify the known threats but also to new challenges that target the infrastructure of a cloud. In this paper, we introduce and discuss a detection method of malwares from the VM logs and corresponding VM snapshots are classified into attacked and non-attacked VM snapshots. As snapshots are always taken to be a backup in the backup servers, especially during the night hours, this approach could reduce the overhead of the backup server with a self-healing capability of the VMs in the local cloud infrastructure. A machine learning approach at the hypervisor level is projected, the features being gathered from the API calls of VM instances in the IaaS level of cloud service. Our proposed scheme can have a high detection accuracy of about 93% while having the capability to classify and detect different types of malwares with respect to the VM snapshots. Finally the paper exhibits an algorithm using snapshots to detect and thus to self-heal using the monitoring components of a particular VM instances applied to cloud scenarios. The self-healing approach with machine learning algorithms can determine new threats with some prior knowledge of its functionality