论文信息 - Compliance Control: Managed Vulnerability Surface in Social-Technological Systems via Signaling Games

Compliance Control: Managed Vulnerability Surface in Social-Technological Systems via Signaling Games

The agents of an organization, in fulfillment of their tasks, generate a cyber-physical-human trace, which is amenable to formal analysis with modal logic to verify safety and liveness properties. Trusted but non-trustworthy agents within an organization may attempt to conceal their true intentions, develop deceptive strategies, and exploit the organization--a scenario modeled here as a basic compliance signaling game. The challenge for the organization, only partially informed of its own true state, is in measuring and estimating its own safety and liveness properties as accurately as possible--the subject of this paper. To improve measurements, we suggest counter strategies where the organization presents honey objectives on a closely monitored attack surface to elicit exploitive actions and to estimate its own safety properties, an activity required for an adaptive response aiming to manage an organization's vulnerability and safety surfaces. We expand the basic game to a system of social-technological agents and tailor the encounter structure of evolutionary games to one that best fits a typical organization. Focusing on these double-sided signaling games (compliance and measure) within a system of social-technological agents, we outline a simple gradient ascent-based control mechanism and report on its ability to select and stabilize desirable equilibria despite the typical non-stationarity and chaos within evolutionary game systems. We clarify the design of our feedback-driven control system by using behavioral sensing, estimation and numerical optimization, and actuation with micro-incentives.

[1] Bud Mishra,et al. Cyber Security via Minority Games with Epistatic Signaling , 2014, BICT.

[2] Kevin J. S. Zollman,et al. Evolutionary dynamics of Lewis signaling games: signaling systems vs. partial pooling , 2007, Synthese.

[3] M. Spence. Job Market Signaling , 1973 .

[4] Chang Chieh Hang,et al. Towards intelligent PID control , 1989, Autom..

[5] Armin W. Schulz. Signals: evolution, learning, and information , 2012 .

[6] Jonathan M. Spring,et al. Cyber Security via Signaling Games: Toward a Science of Cyber Security , 2014, ICDCIT.

[7] Katya Scheinberg,et al. Recent progress in unconstrained nonlinear optimization without derivatives , 1997, Math. Program..

[8] R. Kirk. CONVENTION: A PHILOSOPHICAL STUDY , 1970 .

[9] Lester Ingber,et al. Simulated annealing: Practice versus theory , 1993 .

[10] Yun Li,et al. PID control system analysis, design, and technology , 2005, IEEE Transactions on Control Systems Technology.

[11] Brian Skyrms,et al. Emergence of Information Transfer by Inductive Learning , 2008, Stud Logica.

[12] Emile H. L. Aarts,et al. Simulated Annealing: Theory and Applications , 1987, Mathematics and Its Applications.

[13] Tamara G. Kolda,et al. Optimization by Direct Search: New Perspectives on Some Classical and Modern Methods , 2003, SIAM Rev..

[14] Ken Binmore,et al. Evolution and Mixed Strategies , 2001, Games Econ. Behav..