A non-zero-sum, sequential detection game

This paper examines a two-player, non-zero-sum, sequential detection game motivated by problems arising in the cyber-security domain. A defender agent seeks to sequentially detect the presence of an attacker agent via the drift of a stochastic process. The attacker strategically chooses the drift of the observed stochastic process, while his payoff increases in both the drift of the stochastic process and the expected time spent undetected by the defender. It is the defender's objective to minimize a payoff function which is a weighted sum of the expected observation time and both type I and type II detection errors. As such, a best response sequential decision rule for the defender is a continuous-time version of Wald's Sequential Probability Ratio Test. We prove the existence of pure Nash equilibria and give sufficient conditions for the existence of Stackelberg equilibria with the defender as leader in the special case that the attacker does not discount future payoffs. The equilibria are explored through numerical examples.

[1]  W. Marsden I and J , 2012 .

[2]  M. A. Girshick,et al.  Bayes and minimax solutions of sequential decision problems , 1949 .

[3]  S. Shankar Sastry,et al.  A game theory model for electricity theft detection and privacy-aware control in AMI systems , 2012, 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[4]  Frank Spitzer Optimal Stopping Rules (A. N. Shiryayev) , 1981 .

[5]  John Musacchio,et al.  A Network Security Classification Game , 2011, GAMENETS.

[6]  David M Levinson,et al.  Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering , 2009, Complex.

[7]  R. Durrett Probability: Theory and Examples , 1993 .

[8]  J. Andel Sequential Analysis , 2022, The SAGE Encyclopedia of Research Design.

[9]  John S. Baras,et al.  An Analytic Framework for Modeling and Detecting Access Layer Misbehavior in Wireless Networks , 2008, TSEC.

[10]  Alʹbert Nikolaevich Shiri︠a︡ev,et al.  Optimal Stopping and Free-Boundary Problems , 2006 .

[11]  John Musacchio,et al.  A botnet detection game , 2014, 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[12]  John S. Baras,et al.  Application of sequential detection schemes for obtaining performance bounds of greedy users in the IEEE 802.11 MAC , 2008, IEEE Communications Magazine.

[13]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[14]  H. Vincent Poor,et al.  Quickest Detection: Probabilistic framework , 2008 .

[15]  R. Khan,et al.  Sequential Tests of Statistical Hypotheses. , 1972 .

[16]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[17]  Alʹbert Nikolaevich Shiri︠a︡ev,et al.  Optimal stopping rules , 1977 .

[18]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .