Simulation and Game-Theoretic Analysis of an Attacker-Defender Game

This paper uses agent-based simulation to determine appropriate strategies for attackers and defenders in a simple network security game, using a method which is generalizable to many other security games. In this game, both sides are modeled as strategic entities. The attacker is trying to maximize the amount of damage he causes, and the defender is trying to minimize her loss subject to cost constraints. Through simulation, we derive Nash equilibrium strategies for each side under a variety of cost conditions in order to better inform network administrators about attacker behaviors and possible mitigations.

[1]  Nicolas Christin,et al.  Security and insurance management in networks with heterogeneous agents , 2008, EC '08.

[2]  C. F. Larry Heimann,et al.  Optimal Security Investments in Networks of Varying Size and Topology , 2012, 2012 Workshop on Socio-Technical Aspects in Security and Trust.

[3]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[4]  Jens Grossklags,et al.  Blue versus Red: Towards a Model of Distributed Security Attacks , 2009, Financial Cryptography.

[5]  A. Tversky,et al.  Prospect theory: analysis of decision under risk , 1979 .

[6]  Charles M. Macal,et al.  Tutorial on agent-based modelling and simulation , 2005, Proceedings of the Winter Simulation Conference, 2005..

[7]  J. Pratt RISK AVERSION IN THE SMALL AND IN THE LARGE11This research was supported by the National Science Foundation (grant NSF-G24035). Reproduction in whole or in part is permitted for any purpose of the United States Government. , 1964 .

[8]  Rainer Böhme,et al.  Security Games with Market Insurance , 2011, GameSec.

[9]  Kjell Hausken,et al.  Protecting complex infrastructures against multiple strategic attackers , 2011, Int. J. Syst. Sci..

[10]  John S. Baras,et al.  Decision and Game Theory for Security , 2010, Lecture Notes in Computer Science.

[11]  Michael J. North,et al.  Tutorial on Agent-Based Modeling and Simulation PART 2: How to Model with Agents , 2006, Proceedings of the 2006 Winter Simulation Conference.

[12]  H. Kunreuther,et al.  You Only Die Once: Managing Discrete Interdependent Risks , 2003 .

[13]  M. Allais Le comportement de l'homme rationnel devant le risque : critique des postulats et axiomes de l'ecole americaine , 1953 .

[14]  C. F. Larry Heimann,et al.  Identifying Tipping Points in a Decision-Theoretic Model of Network Security , 2012, ArXiv.

[15]  A. Tversky,et al.  Prospect Theory : An Analysis of Decision under Risk Author ( s ) : , 2007 .

[16]  George Cybenko,et al.  Exploiting Adversary's Risk Profiles in Imperfect Information Security Games , 2011, GameSec.

[17]  Pern Hui Chia,et al.  Colonel Blotto in the Phishing War , 2011, GameSec.

[18]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[19]  D. Ariely Predictably Irrational: The Hidden Forces That Shape Our Decisions , 2008 .

[20]  Benjamin Johnson,et al.  Uncertainty in the weakest-link security game , 2009, 2009 International Conference on Game Theory for Networks.

[21]  Nicolas Christin,et al.  Uncertainty in Interdependent Security Games , 2010, GameSec.

[22]  Marco Casassa Mont,et al.  Economic Methods and Decision Making by Security Professionals , 2011, WEIS.

[23]  C. F. Larry Heimann,et al.  The effects of loss profiles in interdependent network security , 2012, World Congress on Internet Security (WorldCIS-2012).

[24]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.