A Game-Theoretic Framework for Network Security Vulnerability Assessment and Mitigation
In this paper we propose and discuss a game-theoretic framework for (a) evaluating security vulnerability, (b) quantifying the corresponding Pareto optimal vulnerability/cost tradeoff, and (c) identifying the optimal operating point on this Pareto optimal frontier. We discuss our framework in the context of a flow-level model of Supply-Demand (S-D) network where we assume a sophisticated attacker attempting to disrupt the network flow. The vulnerability metric is determined by the Nash equilibrium payoff of the corresponding game. The vulnerability/cost tradeoff is derived by assuming that “the network” can reduce the security vulnerability at the cost of using more expensive flows and the optimal operating point is determined by “the network” preferences with respect to vulnerability and cost. We illustrate the proposed framework on examples through numerical investigations.
KeywordsNash Equilibrium Network Manager Maximum Cost Security Investment Security Vulnerability
Unable to display preview. Download preview PDF.
- 1.Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M.J.G., Levi, M., Moore, T., Savage, S.: Measuring the Cost of Cybercrime. In: 11th Workshop on the Economics of Information Security (June 2012)Google Scholar
- 3.Gambit. Game theory analysis software and tools @ONLINE (2002), http://www.gambit-project.org/doc/index.html
- 5.Gueye, A.: A Game Theoretical Approach to Communication Security. PhD dissertation, University of California, Berkeley, Electrical Engineering and Computer Sciences (March 2011)Google Scholar
- 6.Gueye, A., Lazska, A., Walrand, J., Anantharam, V.: A Polyhedral-Based Analysis of Nash Equilibrium of Quasi-Zero-Sum Games and its Applications to Communication Network Security. Symmetry – Special Issue: Polyhedra (submitted)Google Scholar
- 7.Gueye, A., Marbukh, V., Walrand, J.C.: Towards a Quantification of Communication Network Vulnerability to Attacks: A Game Theoretic Approach. In: 3rd International ICST Conference on Game Theory for Networks, Vancouver, Canada (May 2012)Google Scholar
- 9.Laszka, A., Szeszlér, D., Buttyán, L.: Game-theoretic Robustness of Many-to-one Networks. In: 3rd International ICST Conference on Game Theory for Networks, Vancouver, Canada (May 2012)Google Scholar
- 10.Mcneil, E.J.: Extreme Value Theory for Risk Managers, pp. 93–113. RISK Books (1999)Google Scholar
- 11.Mell, P., Scarfone, K., Romanosky, S.: A Complete Guide to the Common Vulnerability Scoring System. In: NIST CVSS. National Institute of Standards and Technology (June 2007)Google Scholar
- 12.Tiwari, R.K., Karlapalem, K.: Cost Tradeoffs for Information Security Assurance. In: 4th Annual Workshop on the Economics of Information Security, WEIS, June 1-3. Harvard University, Cambridge (2005)Google Scholar
- 13.Wolsey, L.A., Nemhauser, G.L.: Integer and Combinatorial Optimization. Wiley-Interscience (November 1999)Google Scholar