Applying Game Theory to Cyberattacks and Defenses

Behzad Zare Moayedi, Mohammad Abdollahi Azgomi, "A Game Theoretic Framework for Evaluation of the Impacts of Hackers Diversity on Security Measures," Reliability Engineering & System Safety, 99 (2012): 45-54 (full article behind paywall).

Abstract: Game theoretical methods offer new insights into quantitative evaluation of dependability and security. Currently, there is a wide range of useful game theoretic approaches to model the behaviour of intelligent agents. However, it is necessary to revise these approaches if there is a community of hackers with significant diversity in their behaviours. In this paper, we introduce a novel approach to extend the basic ideas of applying game theory in stochastic modelling. The proposed method classifies the community of hackers based on two main criteria used widely in hacker classifications, which are motivation and skill. We use Markov chains to model the system and compute the transition rates between the states based on the preferences and the skill distributions of hacker classes. The resulting Markov chains can be solved to obtain the desired security measures. We also present the results of an illustrative example using the proposed approach, which examines the relation between the attributes of the community of hackers and the security measures.

Posted on January 2, 2012 at 6:15 AM • 6 Comments

Comments

Malachi JJanuary 2, 2012 7:25 AM

Since I'm a PhD student whose research is in cyber security and game theory, I've seen papers like this quite a lot. This one, like many, seem to suffer from the same basic flaw. (I used my university access to see the full version of this paper)

The flaw is that they propose some framework to model these cyber security problems, but because of the computational complexity of solving these problems, they only consider very simple examples.

This would be ok if you could take the analysis of this simple problem and make some general statements that provide insight into the bigger problems. But with this setup and many others, you can't make these generalizations.

Therefore, I feel the value add for these types of theoretical papers on cyber security are very limited

zoliJanuary 2, 2012 7:28 AM

I have no access to the publication, but hopefully they'll reference this work:
"In 1928 von Neumann published his seminal article, "Theory of Parlor Games," in which he discussed bluffing in poker, addressed the economic and military applications of game theory, and developed the "minimax" strategy where decision makers attempt to minimize the maximum amount of losses other decision makers can inflict."
Source: http://www.referenceforbusiness.com/encyclopedia/...

zedianJanuary 2, 2012 12:10 PM

@Malachi J: As I am also doing my PhD research in the area of national security and game theoretical considerations, maybe we could share some insights. You can direct message me under https://twitter.com/#!/z_edian

As derived from nuclear deterrence, working with game theory on military strategies is an interesting approach. However, I do believe that while for nuclear warfare it was quite doable, it will be pretty difficult to do with cyber warfare - if considering it within a mathematical framework.

reallyJanuary 5, 2012 10:27 AM

You guys understand that game theory (in this context) is not about poker or video games, right?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..