Game theory meets network security and privacy

This survey provides a structured and comprehensive overview of research on security and privacy in computer and communication networks that use game-theoretic approaches. We present a selected set of works to highlight the application of game theory in addressing different forms of security and privacy problems in computer networks and mobile applications. We organize the presented works in six main categories: security of the physical and MAC layers, security of self-organizing networks, intrusion detection systems, anonymity and privacy, economics of network security, and cryptography. In each category, we identify security problems, players, and game models. We summarize the main results of selected works, such as equilibrium analysis and security mechanism designs. In addition, we provide a discussion on the advantages, drawbacks, and future direction of using game theory in this field. In this survey, our goal is to instill in the reader an enhanced understanding of different research approaches in applying game-theoretic methods to network security. This survey can also help researchers from various fields develop game-theoretic solutions to current and emerging security problems in computer networking.

[1]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[2]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[3]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .

[4]  Martin E. Hellman,et al.  The Gaussian wire-tap channel , 1978, IEEE Trans. Inf. Theory.

[5]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[6]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[7]  Tamer Basar,et al.  With the Capacity 0.461(bits) and the Optimal Opd Being 'q = , 1998 .

[8]  R. McEliece,et al.  Some Information Theoretic Saddlepoints , 1985 .

[9]  A. Ephremides,et al.  A design concept for reliable mobile radio networks with frequency hopping signaling , 1987, Proceedings of the IEEE.

[10]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[11]  Lourdes Campos Fuzzy linear programming models to solve fuzzy matrix games , 1989 .

[12]  T. E. S. Raghavan,et al.  Algorithms for stochastic games — A survey , 1991, ZOR Methods Model. Oper. Res..

[13]  Robert Gibbons,et al.  A primer in game theory , 1992 .

[14]  T. Başar,et al.  Dynamic Noncooperative Game Theory, 2nd Edition , 1998 .

[15]  Noam Nisan,et al.  Algorithmic mechanism design (extended abstract) , 1999, STOC '99.

[16]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[17]  Eric van Damme,et al.  Non-Cooperative Games , 2000 .

[18]  Andrew T. Campbell,et al.  Peering and provisioning of differentiated Internet services , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[19]  Shai Halevi,et al.  A Cryptographic Solution to a Game Theoretic Problem , 2000, CRYPTO.

[20]  Ranjan K. Mallik,et al.  Analysis of an on-off jamming situation as a dynamic game , 2000, IEEE Trans. Commun..

[21]  Pietro Michiardi,et al.  Game theoretic analysis of security in mobile ad hoc networks , 2002 .

[22]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[23]  J. B. Cruz,et al.  An Approach to Fuzzy Noncooperative Nash Games , 2003 .

[24]  Lambert Schaelicke,et al.  Characterizing the Performance of Network Intrusion Detection Sensors , 2003, RAID.

[25]  Saurabh Bagchi,et al.  Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[26]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[27]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.

[28]  Kevin R. Fall,et al.  A delay-tolerant network architecture for challenged internets , 2003, SIGCOMM '03.

[29]  Roger Dingledine,et al.  On the Economics of Anonymity , 2003, Financial Cryptography.

[30]  Andrew M. Odlyzko,et al.  Privacy, economics, and price discrimination on the Internet , 2003, ICEC '03.

[31]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[32]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[33]  Alessandro Acquisti,et al.  Privacy in electronic commerce and the economics of immediate gratification , 2004, EC '04.

[34]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[35]  David K. Y. Yau,et al.  A game theoretic approach to provide incentive and service differentiation in P2P networks , 2004, SIGMETRICS '04/Performance '04.

[36]  Joseph Y. Halpern,et al.  Rational secret sharing and multiparty computation: extended abstract , 2004, STOC '04.

[37]  Joseph Y. Halpern,et al.  Ra-tional secret sharing and multiparty computation , 2004, STOC 2004.

[38]  R. Srikant,et al.  Correlated jamming on MIMO Gaussian fading channels , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[39]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[40]  R. Srikant,et al.  Correlated Jamming on MIMO Gaussian Fading Channels , 2004, IEEE Trans. Inf. Theory.

[41]  C. Leckie,et al.  A peer-to-peer collaborative intrusion detection system , 2005, 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic.

[42]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .

[43]  Michal Pechoucek,et al.  Adversarial Behavior in Multi-Agent Systems , 2005, EUMAS.

[44]  Simon Haykin,et al.  Cognitive radio: brain-empowered wireless communications , 2005, IEEE Journal on Selected Areas in Communications.

[45]  Adrian Perrig,et al.  On the distribution and revocation of cryptographic keys in sensor networks , 2005, IEEE Transactions on Dependable and Secure Computing.

[46]  Svein J. Knapskog,et al.  Real-Time Risk Assessment with Network Sensors and Intrusion Detection Systems , 2005, CIS.

[47]  K. Hui,et al.  Economics of Privacy , 2005 .

[48]  Maxim Raya,et al.  The security of vehicular ad hoc networks , 2005, SASN '05.

[49]  Terrence August,et al.  Network Software Security and User Incentives , 2006, Manag. Sci..

[50]  Svein J. Knapskog,et al.  On Stochastic Modeling for Integrated Security and Dependability Evaluation , 2006, J. Networks.

[51]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[52]  Nahid Shahmehri,et al.  A Trust-Aware, P2P-Based Overlay for Intrusion Detection , 2006, 17th International Workshop on Database and Expert Systems Applications (DEXA'06).

[53]  Danny Dolev,et al.  Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation , 2006, PODC '06.

[54]  K. Hui,et al.  Economics of Privacy , 2005 .

[55]  William A. Arbaugh,et al.  Dynamic spectrum access in cognitive radio networks , 2006 .

[56]  Jonathan Katz,et al.  Rational Secret Sharing, Revisited , 2006, SCN.

[57]  Anna Lysyanskaya,et al.  Rationality and Adversarial Behavior in Multi-party Computation , 2006, CRYPTO.

[58]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[59]  Alissa Natanovna Reyzin Rational secret sharing , 2007 .

[60]  Raouf Boutaba,et al.  Policy-based Management: A Historical Perspective , 2007, Journal of Network and Systems Management.

[61]  K. J. Ray Liu,et al.  Game Theoretic Analysis of Cooperation Stimulation and Security in Autonomous Mobile Ad Hoc Networks , 2007, IEEE Transactions on Mobile Computing.

[62]  S. Micali,et al.  Revenue in Truly Combinatorial Auctions and Adversarial Mechanism Design , 2007 .

[63]  Jolyon Clulow,et al.  New Strategies for Revocation in Ad-Hoc Networks , 2007, ESAS.

[64]  Ehab Al-Shaer,et al.  Ranking-Based Optimal Resource Allocation in Peer-to-Peer Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[65]  Stanley Wasserman,et al.  Social Network Analysis: Methods and Applications , 1994, Structural analysis in the social sciences.

[66]  T. Rabin,et al.  Algorithmic Game Theory: Cryptography and Game Theory , 2007 .

[67]  Levente Buttyán,et al.  Security and Cooperation in Wireless Networks: Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing , 2007 .

[68]  N. Nisan Introduction to Mechanism Design (for Computer Scientists) , 2007 .

[69]  John S. Baras,et al.  Malicious Users in Unstructured Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[70]  Raouf Boutaba,et al.  Trust Management for Host-Based Collaborative Intrusion Detection , 2008, DSOM.

[71]  Maxim Raya,et al.  Revocation games in ephemeral networks , 2008, CCS.

[72]  Moni Naor,et al.  Cryptography and Game Theory: Designing Protocols for Exchanging Information , 2008, TCC.

[73]  Ron Lavi,et al.  Algorithmic Mechanism Design , 2008, Encyclopedia of Algorithms.

[74]  Geoffrey M. Voelker,et al.  Analysis of a mixed-use urban wifi network: when metropolitan becomes neapolitan , 2008, IMC '08.

[75]  Danny Dolev,et al.  Lower Bounds on Implementing Robust and Resilient Mediators , 2007, TCC.

[76]  Jonathan Katz,et al.  Bridging Game Theory and Cryptography: Recent Results and Future Directions , 2008, TCC.

[77]  Jun Zhang,et al.  Security Patch Management: Share the Burden or Share the Damage? , 2008, Manag. Sci..

[78]  Jeffrey H. Reed,et al.  Defense against Primary User Emulation Attacks in Cognitive Radio Networks , 2008, IEEE Journal on Selected Areas in Communications.

[79]  N. Bambos,et al.  Security investment games of interdependent organizations , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[80]  Nicholas Bambos,et al.  Security Decision-Making among Interdependent Organizations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[81]  Tansu Alpcan,et al.  Security games for vehicular networks , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[82]  Rituparna Chaki,et al.  HIDS: Honesty-Rate Based Collaborative Intrusion Detection System for Mobile Ad-Hoc Networks , 2008, 2008 7th Computer Information Systems and Industrial Management Applications.

[83]  Marc Lelarge,et al.  A local mean field analysis of security investments in networks , 2008, NetEcon '08.

[84]  J. Bolot Cyber Insurance as an Incentive for Internet Security , 2008 .

[85]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[86]  Raouf Boutaba,et al.  Robust and scalable trust management for collaborative intrusion detection , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[87]  H. Varian Economic Aspects of Personal Privacy , 2009 .

[88]  Ekram Hossain,et al.  Dynamic Spectrum Access and Management in Cognitive Radio Networks , 2009 .

[89]  Marc Lelarge,et al.  Cyber Insurance as an Incentivefor Internet Security , 2009, Managing Information Risk and the Economics of Security.

[90]  Eitan Altman,et al.  Jamming in wireless networks: The case of several jammers , 2009, 2009 International Conference on Game Theory for Networks.

[91]  Zhu Han,et al.  Physical layer security: Coalitional games for distributed cooperation , 2009, 2009 7th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks.

[92]  Tansu Alpcan,et al.  Stochastic games for security in networks with interdependent nodes , 2009, 2009 International Conference on Game Theory for Networks.

[93]  Anthony Ephremides,et al.  MAC games for distributed wireless network security with incomplete information of selfish and malicious user types , 2009, 2009 International Conference on Game Theory for Networks.

[94]  Benjamin Johnson,et al.  Uncertainty in the weakest-link security game , 2009, 2009 International Conference on Game Theory for Networks.

[95]  Quanyan Zhu,et al.  Dynamic policy-based IDS configuration , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[96]  Mudhakar Srivatsa,et al.  The fable of the bees: incentivizing robust revocation decision making in ad hoc networks , 2009, CCS.

[97]  Tyler Moore,et al.  The Iterated Weakest Link - A Model of Adaptive Security Investment , 2016, WEIS.

[98]  David C. Parkes,et al.  On non-cooperative location privacy: a game-theoretic analysis , 2009, CCS.

[99]  Ran Canetti,et al.  Cryptography and Game Theory , 2009 .

[100]  Zhu Han,et al.  Physical layer security game: How to date a girl with her boyfriend on the same table , 2009, 2009 International Conference on Game Theory for Networks.

[101]  Ekram Hossain,et al.  Dynamic Spectrum Access and Management in Cognitive Radio Networks: Introduction , 2009 .

[102]  Lin Chen,et al.  A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks , 2009, IEEE Transactions on Information Forensics and Security.

[103]  Quanyan Zhu,et al.  A game-theoretical approach to incentive design in collaborative intrusion detection networks , 2009, 2009 International Conference on Game Theory for Networks.

[104]  Andreas Witzel,et al.  A Generic Approach to Coalition Formation , 2007, IGTR.

[105]  Maxim Raya,et al.  Optimal revocations in ephemeral networks: A game-theoretic framework , 2010, 8th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks.

[106]  Maxim Raya,et al.  Security Games in Online Advertising: Can Ads Help Secure the Web? , 2010, WEIS.

[107]  Sajal K. Das,et al.  gPath: A Game-Theoretic Path Selection Algorithm to Protect Tor's Anonymity , 2010, GameSec.

[108]  Murat Kantarcioglu,et al.  When Do Firms Invest in Privacy-Preserving Technologies? , 2010, GameSec.

[109]  Maxim Raya,et al.  On the tradeoff between trust and privacy in wireless ad hoc networks , 2010, WiSec '10.

[110]  Quanyan Zhu,et al.  Network Security Configurations: A Nonzero-Sum Stochastic Game Approach , 2010, Proceedings of the 2010 American Control Conference.

[111]  Maxim Raya,et al.  ISPs and Ad Networks Against Botnet Ad Fraud , 2010, GameSec.

[112]  Sajal K. Das,et al.  Maintaining Defender's Reputation in Anomaly Detection Against Insider Attacks , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[113]  Quanyan Zhu,et al.  A Stochastic Game Model for Jamming in Multi-Channel Cognitive Radio Systems , 2010, 2010 IEEE International Conference on Communications.

[114]  Rainer Böhme,et al.  Modeling Cyber-Insurance: Towards a Unifying Framework , 2010, WEIS.

[115]  E. Gaygısız,et al.  The Organisation for Economic Co-operation and Development (OECD) , 2022 .

[116]  Tansu Alpcan,et al.  Network Security , 2010 .

[117]  Julien Freudiger,et al.  Tracking Games in Mobile Networks , 2010, GameSec.

[118]  Quanyan Zhu,et al.  Heterogeneous learning in zero-sum stochastic games with incomplete information , 2011, 49th IEEE Conference on Decision and Control (CDC).

[119]  A. Lee Swindlehurst,et al.  Equilibrium Outcomes of Dynamic Games in MIMO Channels with Active Eavesdroppers , 2010, 2010 IEEE International Conference on Communications.

[120]  Quanyan Zhu,et al.  A hierarchical security architecture for smart grid , 2010 .

[121]  Walid Saad,et al.  Eavesdropping and jamming in next-generation wireless networks: A game-theoretic approach , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[122]  M. Dufwenberg Game theory. , 2011, Wiley interdisciplinary reviews. Cognitive science.

[123]  Quanyan Zhu,et al.  Towards a unifying security framework for cyber-physical systems , 2011 .

[124]  Quanyan Zhu,et al.  Distributed strategic learning with application to network security , 2011, Proceedings of the 2011 American Control Conference.

[125]  Quanyan Zhu,et al.  Robust and resilient control design for cyber-physical systems with an application to power systems , 2011, IEEE Conference on Decision and Control and European Control Conference.

[126]  Quanyan Zhu,et al.  Management of Control System Information SecurityI: Control System Patch Management , 2011 .

[127]  Quanyan Zhu,et al.  Indices of Power in Optimal IDS Default Configuration: Theory and Examples , 2011, GameSec.

[128]  William H. Sanders,et al.  Ieee Transactions on Parallel and Distributed Systems Rre: a Game-theoretic Intrusion Response and Recovery Engine , 2022 .