Game Theory Meets Network Security: A Tutorial

The increasingly pervasive connectivity of today's information systems brings up new challenges to security. Traditional security has accomplished a long way toward protecting well-defined goals such as confidentiality, integrity, availability, and authenticity. However, with the growing sophistication of the attacks and the complexity of the system, the protection using traditional methods could be cost-prohibitive. A new perspective and a new theoretical foundation are needed to understand security from a strategic and decision-making perspective. Game theory provides a natural framework to capture the adversarial and defensive interactions between an attacker and a defender. It provides a quantitative assessment of security, prediction of security outcomes, and a mechanism design tool that can enable security-by-design and reverse the attacker's advantage. This tutorial provides an overview of diverse methodologies from game theory that includes games of incomplete information, dynamic games, mechanism design theory to offer a modern theoretic underpinning of a science of cybersecurity. The tutorial will also discuss open problems and research challenges that the CCS community can address and contribute with an objective to build a multidisciplinary bridge between cybersecurity, economics, game and decision theory.

[1]  Quanyan Zhu,et al.  Strategic Trust in Cloud-Enabled Cyber-Physical Systems With an Application to Glucose Control , 2017, IEEE Transactions on Information Forensics and Security.

[2]  Quanyan Zhu,et al.  Network Security Configurations: A Nonzero-Sum Stochastic Game Approach , 2010, Proceedings of the 2010 American Control Conference.

[3]  Quanyan Zhu,et al.  A Game-Theoretic Approach to Design Secure and Resilient Distributed Support Vector Machines , 2018, IEEE Transactions on Neural Networks and Learning Systems.

[4]  Peter Schartner,et al.  Information-leakage in hybrid randomized protocols , 2011, Proceedings of the International Conference on Security and Cryptography.

[5]  Peter Schartner,et al.  Game-Theoretic Security Analysis of Quantum Networks , 2009, 2009 Third International Conference on Quantum, Nano and Micro Technologies.

[6]  Oguzhan Alagöz,et al.  Modeling secrecy and deception in a multiple-period attacker-defender signaling game , 2010, Eur. J. Oper. Res..

[7]  Stefan Rass,et al.  Uncertainty in Games: Using Probability-Distributions as Payoffs , 2015, GameSec.

[8]  Stefan Rass On Game-Theoretic Risk Management (Part Three) - Modeling and Applications , 2017 .

[9]  Quanyan Zhu,et al.  A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks , 2017, IEEE Journal on Selected Areas in Communications.

[10]  Quanyan Zhu,et al.  A game-theoretic defense against data poisoning attacks in distributed support vector machines , 2017, 2017 IEEE 56th Annual Conference on Decision and Control (CDC).

[11]  Quanyan Zhu,et al.  Strategic Defense Against Deceptive Civilian GPS Spoofing of Unmanned Aerial Vehicles , 2017, GameSec.

[12]  Quanyan Zhu,et al.  A Dynamic Bayesian Security Game Framework for Strategic Defense Mechanism Design , 2014, GameSec.

[13]  Quanyan Zhu,et al.  GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats , 2016, GameSec.

[14]  Quanyan Zhu,et al.  A cyber-physical game framework for secure and resilient multi-agent autonomous systems , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[15]  Quanyan Zhu,et al.  Epidemic Protection Over Heterogeneous Networks Using Evolutionary Poisson Games , 2017, IEEE Transactions on Information Forensics and Security.

[16]  Pawlick Jeffrey,et al.  A Stackelberg game perspective on the conflict between machine learning and data obfuscation , 2016 .

[17]  Quanyan Zhu,et al.  Dynamic policy-based IDS configuration , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[18]  Quanyan Zhu,et al.  Hybrid Learning in Stochastic Games and Its Application in Network Security , 2013 .

[19]  Quanyan Zhu,et al.  A Large-Scale Markov Game Approach to Dynamic Protection of Interdependent Infrastructure Networks , 2017, GameSec.

[20]  Stefan Rass Information-Theoretic Security as an Optimization Problem , 2011 .

[21]  Quanyan Zhu,et al.  Analysis and Computation of Adaptive Defense Strategies Against Advanced Persistent Threats for Cyber-Physical Systems , 2018, GameSec.

[22]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[23]  Stefan Rass,et al.  On Game-Theoretic Network Security Provisioning , 2012, Journal of Network and Systems Management.

[24]  Quanyan Zhu,et al.  Resilient control of cyber-physical systems against Denial-of-Service attacks , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[25]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[26]  Quanyan Zhu,et al.  Deployment and exploitation of deceptive honeybots in social networks , 2012, 52nd IEEE Conference on Decision and Control.

[27]  Quanyan Zhu,et al.  Dynamic Interference Minimization Routing Game for On-Demand Cognitive Pilot Channel , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[28]  Quanyan Zhu,et al.  Heterogeneous learning in zero-sum stochastic games with incomplete information , 2011, 49th IEEE Conference on Decision and Control (CDC).

[29]  Quanyan Zhu,et al.  A Stochastic Game Model for Jamming in Multi-Channel Cognitive Radio Systems , 2010, 2010 IEEE International Conference on Communications.

[30]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[31]  Quanyan Zhu,et al.  Proactive Defense Against Physical Denial of Service Attacks Using Poisson Signaling Games , 2017, GameSec.

[32]  Frank L. Lewis,et al.  Reinforcement Learning And Approximate Dynamic Programming For Feedback Control , 2016 .

[33]  Stefan Rass,et al.  Numerical Computation of Multi-goal Security Strategies , 2014, GameSec.

[34]  Quanyan Zhu,et al.  Cross-layer secure cyber-physical control system design for networked 3D printers , 2016, 2016 American Control Conference (ACC).

[35]  Quanyan Zhu,et al.  A Dynamic Game Analysis and Design of Infrastructure Network Protection and Recovery: 125 , 2017, PERV.

[36]  Quanyan Zhu,et al.  On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats , 2018, IEEE Access.

[37]  Peter Schartner,et al.  Security as a Game – Decisions from Incomplete Models , 2010, DSS 2010.

[38]  Quanyan Zhu,et al.  A game-theoretical approach to incentive design in collaborative intrusion detection networks , 2009, 2009 International Conference on Game Theory for Networks.

[39]  Quanyan Zhu,et al.  Interference Aware Routing Game for Cognitive Radio Multi-Hop Networks , 2012, IEEE Journal on Selected Areas in Communications.

[40]  Quanyan Zhu,et al.  FACID: A trust-based collaborative decision framework for intrusion detection networks , 2016, Ad Hoc Networks.

[41]  Quanyan Zhu,et al.  Modeling and Analysis of Leaky Deception Using Signaling Games With Evidence , 2018, IEEE Transactions on Information Forensics and Security.

[42]  Quanyan Zhu,et al.  On the Detection of Adversarial Attacks against Deep Neural Networks , 2017, SafeConfig@CCS.

[43]  Quanyan Zhu,et al.  GUIDEX: A Game-Theoretic Incentive-Based Mechanism for Intrusion Detection Networks , 2012, IEEE Journal on Selected Areas in Communications.

[44]  Azer Bestavros,et al.  Markov Modeling of Moving Target Defense Games , 2016, MTD@CCS.

[45]  Quanyan Zhu,et al.  Resilient and secure network design for cyber attack-induced cascading link failures in critical infrastructures , 2015, 2015 49th Annual Conference on Information Sciences and Systems (CISS).

[46]  Peter Schartner,et al.  Multipath Authentication without shared Secrets and with Applications in Quantum Networks , 2010, Security and Management.

[47]  Quanyan Zhu,et al.  Security investment under cognitive constraints: A Gestalt Nash equilibrium approach , 2018, 2018 52nd Annual Conference on Information Sciences and Systems (CISS).

[48]  Quanyan Zhu,et al.  Compliance signaling games: toward modeling the deterrence of insider threats , 2016, Comput. Math. Organ. Theory.

[49]  Stefan Rass On Game-Theoretic Risk Management (Part Two) - Algorithms to Compute Nash-Equilibria in Games with Distributions as Payoffs , 2015, ArXiv.

[50]  Stefan Rass,et al.  Secure Communication over Software-Defined Networks , 2015, Mob. Networks Appl..

[51]  Quanyan Zhu,et al.  A mean-field stackelberg game approach for obfuscation adoption in empirical risk minimization , 2017, 2017 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[52]  Stefan Rass,et al.  A Network Modeling and Analysis Tool for Perfectly Secure Communication , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[53]  Quanyan Zhu,et al.  A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy , 2017, ACM Comput. Surv..

[54]  Peter Schartner,et al.  Building a Quantum Network: How to Optimize Security and Expenses , 2010, Journal of Network and Systems Management.

[55]  Quanyan Zhu,et al.  Attack-Aware Cyber Insurance for Risk Sharing in Computer Networks , 2015, GameSec.

[56]  Quanyan Zhu,et al.  Physical Intrusion Games—Optimizing Surveillance by Simulation and Game Theory , 2017, IEEE Access.

[57]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[58]  Peter Schartner,et al.  A Unified Framework for the Analysis of Availability, Reliability and Security, With Applications to Quantum Networks , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[59]  Quanyan Zhu,et al.  Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense , 2013, GameSec.

[60]  Quanyan Zhu,et al.  Secure and practical output feedback control for cloud-enabled cyber-physical systems , 2017, 2017 IEEE Conference on Communications and Network Security (CNS).

[61]  Quanyan Zhu,et al.  Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks , 2012, 2012 IEEE 51st IEEE Conference on Decision and Control (CDC).

[62]  Stefan Rass Complexity of Network Design for Private Communication and the P-vs-NP Question , 2014 .

[63]  Quanyan Zhu,et al.  A hybrid stochastic game for secure control of cyber-physical systems , 2018, Autom..

[64]  Stefan Rass,et al.  Game Theory for Security and Risk Management: From Theory to Practice , 2018 .

[65]  Quanyan Zhu,et al.  Interdependent network formation games with an application to critical infrastructures , 2016, 2016 American Control Conference (ACC).

[66]  Quanyan Zhu,et al.  Tragedy of Anticommons in Digital Right Management of Medical Records , 2012, HealthSec.

[67]  Stefan Rass,et al.  On the Cost of Game Playing: How to Control the Expenses in Mixed Strategies , 2017, GameSec.

[68]  Quanyan Zhu,et al.  Deceptive Routing in Relay Networks , 2012, GameSec.

[69]  Stefan Rass On Game-Theoretic Risk Management (Part One) - Towards a Theory of Games with Payoffs that are Probability-Distributions , 2015 .

[70]  Quanyan Zhu,et al.  Compliance Control: Managed Vulnerability Surface in Social-Technological Systems via Signaling Games , 2015, MIST@CCS.

[71]  Branislav Bosanský,et al.  Manipulating Adversary's Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security , 2017, GameSec.

[72]  Quanyan Zhu,et al.  Adaptive Strategic Cyber Defense for Advanced Persistent Threats in Critical Infrastructure Networks , 2018, PERV.

[73]  Stefan Rass,et al.  Decisions with Uncertain Consequences—A Total Ordering on Loss-Distributions , 2016, PloS one.

[74]  Stefan Rass,et al.  Defending Against Advanced Persistent Threats Using Game-Theory , 2017, PloS one.

[75]  Rui Zhang,et al.  Attack-Aware Cyber Insurance of Interdependent Computer Networks , 2016 .

[76]  Quanyan Zhu,et al.  A Game-Theoretic Approach to Secure Control of Communication-Based Train Control Systems Under Jamming Attacks , 2017, SCAV@CPSWeek.

[77]  Stefan Rass,et al.  Password Security as a Game of Entropies , 2018, Entropy.

[78]  Quanyan Zhu,et al.  Deceptive routing games , 2012, 2012 IEEE 51st IEEE Conference on Decision and Control (CDC).

[79]  Quanyan Zhu,et al.  Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[80]  Quanyan Zhu,et al.  Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach , 2017, IEEE Transactions on Information Forensics and Security.