Abstract
Traditional proactive network defenses deploy security resources in the network based on probabilistic policies to confuse potential attackers. However, this strategy can be exploited by stealthy attackers, leading to reduced efficiency and higher vulnerability. Game theory has been shown to provide a sound mathematical approach to overcome these deficiencies and determine an optimal defense strategy. However, existing game theoretic models typically either assume additive utility functions, or that the attacker can attack only one target. While such assumptions lead to tractable analyses, they miss key inherent dependencies that exist among different targets in current complex networks. In this chapter, we generalize the traditional security game model to the network scenario. We examine such a general security game from a theoretical perspective and provide a unified theoretical framework. In particular, we show that each security game is equivalent to a combinatorial optimization problem over a set system, which consists of defender’s pure strategy space. The key technique we use is based on projection of a polytope based transformation, and the ellipsoid method. We also provide several important applications of our developed framework, and show that for several problem classes, optimal defense strategies can be developed in polynomial time. Our approach paves the way for a deeper investigation into using game theoretic techniques for solving designing security mechanisms in networks, and we conclude by outlining a number of important future directions that need to be investigated.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Compared with traditional measures such as degree and betweenness centrality, the network value provides a more accurate description of the importance of different nodes.
- 2.
In this example, we adopt the zero-sum game model and assume the defender can protect the nodes with probability 1.
- 3.
\({A}\backslash{D}\) is the standard set difference, defined by \(A\backslash D\) = {x|x ∈ A, x∉D} and is equal to A ∩ D c, where D c is the complementary set of subset D.
- 4.
The notation (⋅, ⋅) denotes the concatenation operator of vector.
- 5.
Note that each vector in \(\varDelta _{N_d}^d\) is consists of two parts g 1(q) and g 2(q). Here the corresponding low-dimensional point is (π S(g 1(q), π S(g 2(q)).
References
R. Anderson, Why information security is hard - an economic perspective, in Proceedings of ACSAC, 2001
T. Moore, R. Anderson, Economics and internet security: a survey of recent analytical, empirical and behavioral research (2011). ftp://ftp.deas.harvard.edu/techreports/tr-03-11.pdf
T. Alpcan, T. Basar, Network Security: A Decision and Game-Theoretic Approach (Cambridge University Press, Cambridge, 2010)
L. Buttyan, J.P. Hubaux, Security and Cooperation in Wireless Networks: Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing (Cambridge University Press, Cambridge, 2007)
H. Kunreuther, G. Heal, Interdependent security. J. Risk Uncertain. 26(2–3), 231–249 (2003)
M.H. Manshaei, Q. Zhu, T. Alpcan, T. Basar, Game theory meets network security and privacy. ACM Comput. Surv. 45, 25 (2012)
A. Laszka, G. Horvath, M. Felegyhazi, L. Buttyan, Flipthem: modeling targeted attacks with flipit for multiple resources, in Proceedings of GameSec, 2014
M. Zhang, Z. Zheng, N.B. Shroff, A game theoretic model for defending against stealthy attacks with limited resources, in GameSec 2015, November 2015, London (Springer, Cham, 2015)
Z. Zheng, N.B. Shroff, P. Mohapatra, When to reset your keys: optimal timing of security updates via learning, in AAAI’17, San Francisco, CA, February 2017
J. Tsai, C. Kiekintveld, F. Ordonez, M. Tambe, S. Rathi, IRIS-a tool for strategic security allocation in transportation networks, in Eighth International Joint Conference on Autonomous Agents and Multiagent Systems (Industry Track), May 2009
M. Brown, A. Sinha, A. Schlenker, M. Tambe, One size does not fit all: a game-theoretic approach for dynamically and effectively screening for threats, in AAAI Conference on Artificial Intelligence (AAAI), 2016
F. Fang, A. Xin Jiang, M. Tambe, Optimal patrol strategy for protecting moving targets with multiple mobile resources, in Proceedings of the 2013 International Conference on Autonomous Agents and Multi-Agent Systems International Foundation for Autonomous Agents and Multiagent Systems (2013), pp. 957–964
M. Tambe, Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned (Cambridge University Press, Cambridge, 2011)
A. Gueye, V. Marbukh, J.C. Walrand, Towards a metric for communication network vulnerability to attacks: a game theoretic approach, in International Conference on Game Theory for Networks (Springer, Berlin, 2012)
F.L. Sinong Wang, N.B. Shroff, Non-additive security games, in AAAI, 2017
S. Wang, N. Shroff, Security game with non-additive utilities and multiple attacker resources, in Proceedings of the ACM on Measurement and Analysis of Computing Systems, vol. 1 (2017), p. 13
H. Von Stackelberg, Marktform und gleichgewicht (J. Springer, Berlin, 1934)
B. Von Stengel, S. Zamir, Leadership with commitment to mixed strategies, vol. 38. Technical report LSE-CDAM-2004-01, CDAM research report (2004)
F.V. Fomin, D. Kratsch, Exact Exponential Algorithms (Springer, Berlin, 2010)
R. Kennes, P. Smets, Computational aspects of the Mobius transformation, in Proceedings of the Sixth Annual Conference on Uncertainty in Artificial Intelligence, pp. 401–416 (Elsevier Science Inc., Amsterdam, 1990)
M. Grotschel, L. Lovasz, A. Schrijver, The ellipsoid method and its consequences in combinatorial optimization. Combinatorica 1(2), 169–197 (1981)
R.J. Lipton, E. Markakis, A. Mehta, Playing large games using simple strategies, in Proceedings of the 4th ACM Conference on Electronic Commerce (EC), pp. 36–41 (ACM, New York, 2003)
P. Shakarian, H. Lei, R. Lindelauf, Power grid defense against malicious cascading failure, in Proceedings of the 2014 International Conference on Autonomous Agents and Multi-Agent Systems. International Foundation for Autonomous Agents and Multiagent Systems (2014)
J. Pita, M. Jain, J. Marecki, F. Ordonez, C. Portway, M. Tambe, C. Western, P. Paruchuri, S. Kraus, Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport, in Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems: Industrial Track, pp. 125–132. International Foundation for Autonomous Agents and Multiagent Systems (2013)
D. Korzhyk, V. Conitzer, R. Parr, Security games with multiple attacker resources, in IJCAI Proceedings - International Joint Conference on Artificial Intelligence, vol. 22 (2011), pp. 273–279. Citeseer
D. Korzhyk, V. Conitzer, R. Parr, Complexity of computing optimal Stackelberg strategies in security resource allocation games, in AAAI, 2010
F. Fang, T.H. Nguyen, R. Pickles, W.Y. Lam, G.R. Clements, B. An, A. Singh, M. Tambe, A. Lemieu, Deploying PAWS: field optimization of the protection assistant for wildlife security, in Proceedings of the Twenty-Eighth Innovative Applications of Artificial Intelligence Conference, 2016
H. Xu, F. Fang, A.X. Jiang, V. Conitzer, S. Dughmi, M. Tambe, Solving zero-sum security games in discretized spatio-temporal domains, in AAAI (2014), pp. 1500–1506, Citeseer
S.V. Buldyrev et al., Catastrophic cascade of failures in interdependent networks. Nature 464(7291), 1025 (2010)
Acknowledgement
This work has been funded in part by a grant from the Army Research Office W911NF-15-1-0277.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 This is a U.S. government work and not under copyright protection in the U.S.; foreign copyright protection may apply
About this chapter
Cite this chapter
Wang, S., Shroff, N. (2019). Proactive Network Defense with Game Theory. In: Wang, C., Lu, Z. (eds) Proactive and Dynamic Network Defense. Advances in Information Security, vol 74. Springer, Cham. https://doi.org/10.1007/978-3-030-10597-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-10597-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-10596-9
Online ISBN: 978-3-030-10597-6
eBook Packages: Computer ScienceComputer Science (R0)