From Physical Security to Cyber Security ?

Security is a critical concern around the world. In many domains from cyber-security to sustainability, limited security resources prevent complete security coverage at all times. Instead, these limited resources must be scheduled (or allocated or deployed), while simultaneously taking into account the importance of different targets, the responses of the adversaries to the security posture, and the potential uncertainties in adversary payoffs and observations, etc. Computational game theory can help generate such security schedules. Indeed, casting the problem as a Stackelberg game, we have developed new algorithms that are now deployed over multiple years in multiple applications for scheduling of security resources. These applications are leading to real-world use-inspired research in the emerging research area of “security games”. The research challenges posed by these applications include scaling up security games to real-world sized problems, handling multiple types of uncertainty, and dealing with bounded rationality of human adversaries. In cyber-security domain, the interaction between the defender and adversary is quite complicated with high degree of incomplete information and uncertainty. While solutions have been proposed for parts of the problem space in cyber-security, the need of the hour is a comphrensive understanding of the whole space including the interaction with the adversary. We highlight the innovations in security games that could be used to tackle the game problem in cyber-security.

[1]  Milind Tambe,et al.  Robust Protection of Fisheries with COmPASS , 2014, AAAI.

[2]  Manish Jain,et al.  Security applications: lessons of real-world deployment , 2009, SECO.

[3]  Manish Jain,et al.  Software Assistants for Randomized Patrol Planning for the LAX Airport Police and the Federal Air Marshal Service , 2010, Interfaces.

[4]  Nicolas Christin,et al.  Audit Games , 2013, IJCAI.

[5]  Nicolas Christin,et al.  Audit Games with Multiple Defender Resources , 2014, AAAI.

[6]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS 2008.

[7]  Manish Jain,et al.  Security Games with Arbitrary Schedules: A Branch and Price Approach , 2010, AAAI.

[8]  Demosthenis Teneketzis,et al.  A Supervisory Control Approach to Dynamic Cyber-Security , 2014, GameSec.

[9]  Rong Yang,et al.  Adaptive resource allocation for wildlife protection against illegal poachers , 2014, AAMAS.

[10]  Milind Tambe,et al.  "A Game of Thrones": When Human Behavior Models Compete in Repeated Stackelberg Security Games , 2015, AAMAS.

[11]  C. Carathéodory Über den variabilitätsbereich der fourier’schen konstanten von positiven harmonischen funktionen , 1911 .

[12]  D. McFadden Conditional logit analysis of qualitative choice behavior , 1972 .

[13]  Branislav Bosanský,et al.  Game-theoretic resource allocation for malicious packet detection in computer networks , 2012, AAMAS.

[14]  G. Nemhauser,et al.  BRANCH-AND-PRICE: GENERATION FOR SOLVING HUGE INTEGER PROGRAMS , 1998 .

[15]  Vincent Conitzer,et al.  A double oracle algorithm for zero-sum security games on graphs , 2011, AAMAS.

[16]  A. Haurie,et al.  Sequential Stackelberg equilibria in two-person games , 1985 .

[17]  D. McFadden Quantal Choice Analysis: A Survey , 1976 .

[18]  Vincent Conitzer,et al.  Security scheduling for real-world networks , 2013, AAMAS.

[19]  Manish Jain,et al.  Risk-Averse Strategies for Security Games with Execution and Observational Uncertainty , 2011, AAAI.

[20]  Rong Yang,et al.  A robust approach to addressing human adversaries in security games , 2012, AAMAS.

[21]  H. Stackelberg,et al.  Marktform und Gleichgewicht , 1935 .

[22]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[23]  Milind Tambe,et al.  TRUSTS: Scheduling Randomized Patrols for Fare Inspection in Transit Systems , 2012, IAAI.

[24]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[25]  Aron Laszka,et al.  Games of Timing for Security in Dynamic Environments , 2015, GameSec.

[26]  Milind Tambe,et al.  Optimal patrol strategy for protecting moving targets with multiple mobile resources , 2013, AAMAS.

[27]  Avrim Blum,et al.  Planning in the Presence of Cost Functions Controlled by an Adversary , 2003, ICML.

[28]  Milind Tambe,et al.  Effective solutions for real-world Stackelberg games: when agents must deal with human uncertainties , 2009, AAMAS 2009.

[29]  Rong Yang,et al.  Computing optimal strategy against quantal response in security games , 2012, AAMAS.

[30]  Rong Yang,et al.  Scaling-up Security Games with Boundedly Rational Adversaries: A Cutting-plane Approach , 2013, IJCAI.

[31]  Amos Azaria,et al.  Analyzing the Effectiveness of Adversary Modeling in Security Games , 2013, AAAI.

[32]  Sarit Kraus,et al.  Game-Theoretic Patrolling with Dynamic Execution Uncertainty and a Case Study on a Real Transit System , 2014, J. Artif. Intell. Res..

[33]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[34]  Jens Grossklags,et al.  A Behavioral Investigation of the FlipIt Game , 2013 .

[35]  G. Leitmann On generalized Stackelberg strategies , 1978 .

[36]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[37]  Vincent Conitzer,et al.  Complexity of Computing Optimal Stackelberg Strategies in Security Resource Allocation Games , 2010, AAAI.

[38]  Shouhuai Xu,et al.  Optimizing Active Cyber Defense , 2013, GameSec.

[39]  Tyler Moore,et al.  The Iterated Weakest Link - A Model of Adaptive Security Investment , 2016, WEIS.

[40]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[41]  B. Stengel,et al.  Leadership with commitment to mixed strategies , 2004 .

[42]  Bo An,et al.  PROTECT: a deployed game theoretic system to protect the ports of the United States , 2012, AAMAS.

[43]  Maxim Raya,et al.  Security Games in Online Advertising: Can Ads Help Secure the Web? , 2010, WEIS.

[44]  Milind Tambe,et al.  Stop the compartmentalization: unified robust algorithms for handling uncertainties in security games , 2014, AAMAS.

[45]  Milind Tambe,et al.  Security games in the field: an initial study on a transit system , 2014, AAMAS.

[46]  Rong Yang,et al.  Improving Resource Allocation Strategy against Human Adversaries in Security Games , 2011, IJCAI.

[47]  Manish Jain,et al.  Computing optimal randomized resource allocations for massive security games , 2009, AAMAS 2009.

[48]  R. McKelvey,et al.  Quantal Response Equilibria for Normal Form Games , 1995 .

[49]  E. Brunswik,et al.  The Conceptual Framework of Psychology , 1954 .

[50]  Sarit Kraus,et al.  Game-theoretic randomization for security patrolling with dynamic execution uncertainty , 2013, AAMAS.

[51]  Milind Tambe,et al.  Monotonic Maximin: A Robust Stackelberg Solution against Boundedly Rational Followers , 2013, GameSec.

[52]  Branislav Bosanský,et al.  Game-Theoretic Algorithms for Optimal Network Security Hardening Using Attack Graphs , 2015, AAMAS.

[53]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[54]  Rong Yang,et al.  Challenges in Patrolling to Maximize Pristine Forest Area (Position Paper) , 2012, AAAI Spring Symposium: Game Theory for Security, Sustainability, and Health.

[55]  Bo An,et al.  Refinement of Strong Stackelberg Equilibria in Security Games , 2011, AAAI.