From physical security to cybersecurity

Security is a critical concern around the world. In many domains from cybersecurity to sustainability, limited security resources prevent complete security coverage at all times. Instead, these limited resources must be scheduled (or allocated or deployed), while simultaneously taking into account the importance of different targets, the responses of the adversaries to the security posture, and the potential uncertainties in adversary payoffs and observations, etc. Computational game theory can help generate such security schedules. Indeed, casting the problem as a Stackelberg game, we have developed new algorithms that are now deployed over multiple years in multiple applications for scheduling of security resources. These applications are leading to real-world use-inspired research in the emerging research area of “security games.” The research challenges posed by these applications include scaling up security games to real-world-sized problems, handling multiple types of uncertainty, and dealing with bounded rationality of human adversaries. In cybersecurity domain, the interaction between the defender and adversary is quite complicated with high degree of incomplete information and uncertainty. While solutions have been proposed for parts of the problem space in cybersecurity, the need of the hour is a comprehensive understanding of the whole space including the interaction with the adversary. We highlight the innovations in security games that could be used to tackle the game problem in cybersecurity.

[1]  Milind Tambe,et al.  TRUSTS: Scheduling Randomized Patrols for Fare Inspection in Transit Systems Using Game Theory , 2012, AI Mag..

[2]  B. Stengel,et al.  Leadership with commitment to mixed strategies , 2004 .

[3]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[4]  Milind Tambe,et al.  Stop the compartmentalization: unified robust algorithms for handling uncertainties in security games , 2014, AAMAS.

[5]  Demosthenis Teneketzis,et al.  A Supervisory Control Approach to Dynamic Cyber-Security , 2014, GameSec.

[6]  Milind Tambe,et al.  Robust Protection of Fisheries with COmPASS , 2014, AAAI.

[7]  Milind Tambe,et al.  "A Game of Thrones": When Human Behavior Models Compete in Repeated Stackelberg Security Games , 2015, AAMAS.

[8]  R. McKelvey,et al.  Quantal Response Equilibria for Normal Form Games , 1995 .

[9]  Jens Grossklags,et al.  A Behavioral Investigation of the FlipIt Game , 2013 .

[10]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS 2008.

[11]  E. Brunswik The conceptual framework of psychology , 1952 .

[12]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[13]  Branislav Bosanský,et al.  Game-theoretic resource allocation for malicious packet detection in computer networks , 2012, AAMAS.

[14]  Maxim Raya,et al.  Security Games in Online Advertising: Can Ads Help Secure the Web? , 2010, WEIS.

[15]  D. McFadden Conditional logit analysis of qualitative choice behavior , 1972 .

[16]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[17]  Rong Yang,et al.  Scaling-up Security Games with Boundedly Rational Adversaries: A Cutting-plane Approach , 2013, IJCAI.

[18]  Shouhuai Xu,et al.  Optimizing Active Cyber Defense , 2013, GameSec.

[19]  Amos Azaria,et al.  Analyzing the Effectiveness of Adversary Modeling in Security Games , 2013, AAAI.

[20]  Milind Tambe,et al.  Protecting Moving Targets with Multiple Mobile Resources , 2013, J. Artif. Intell. Res..

[21]  Milind Tambe,et al.  Game-Theoretic Security Patrolling with Dynamic Execution Uncertainty and a Case Study on a Real Transit System , 2014 .

[22]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[23]  Tyler Moore,et al.  The Iterated Weakest Link - A Model of Adaptive Security Investment , 2009, WEIS.

[24]  E. C. O. N. Ometrica Prospect theory: an analysis of decision under risk — Source link , 2007 .

[25]  Manish Jain,et al.  Software Assistants for Randomized Patrol Planning for the LAX Airport Police and the Federal Air Marshal Service , 2010, Interfaces.

[26]  Martin W. P. Savelsbergh,et al.  Branch-and-Price: Column Generation for Solving Huge Integer Programs , 1998, Oper. Res..

[27]  Nicolas Christin,et al.  Audit Games with Multiple Defender Resources , 2015, AAAI.

[28]  Manish Jain,et al.  Security Games with Arbitrary Schedules: A Branch and Price Approach , 2010, AAAI.

[29]  Rong Yang,et al.  Adaptive resource allocation for wildlife protection against illegal poachers , 2014, AAMAS.

[30]  Milind Tambe,et al.  Security games in the field: an initial study on a transit system , 2014, AAMAS.

[31]  Rong Yang,et al.  Challenges in Patrolling to Maximize Pristine Forest Area (Position Paper) , 2012, AAAI Spring Symposium: Game Theory for Security, Sustainability, and Health.

[32]  Bo An,et al.  Refinement of Strong Stackelberg Equilibria in Security Games , 2011, AAAI.

[33]  Douglass C. North,et al.  Violence and Social Orders: The Conceptual Framework , 2009 .

[34]  Milind Tambe,et al.  Optimal patrol strategy for protecting moving targets with multiple mobile resources , 2013, AAMAS.

[35]  Avrim Blum,et al.  Planning in the Presence of Cost Functions Controlled by an Adversary , 2003, ICML.

[36]  Milind Tambe,et al.  Effective solutions for real-world Stackelberg games: when agents must deal with human uncertainties , 2009, AAMAS 2009.

[37]  Rong Yang,et al.  Computing optimal strategy against quantal response in security games , 2012, AAMAS.

[38]  Vincent Conitzer,et al.  A double oracle algorithm for zero-sum security games on graphs , 2011, AAMAS.

[39]  G. Leitmann On generalized Stackelberg strategies , 1978 .

[40]  Vincent Conitzer,et al.  Complexity of Computing Optimal Stackelberg Strategies in Security Resource Allocation Games , 2010, AAAI.

[41]  A. Haurie,et al.  Sequential Stackelberg equilibria in two-person games , 1985 .

[42]  D. McFadden Quantal Choice Analysis: A Survey , 1976 .

[43]  Manish Jain,et al.  Risk-Averse Strategies for Security Games with Execution and Observational Uncertainty , 2011, AAAI.

[44]  Rong Yang,et al.  A robust approach to addressing human adversaries in security games , 2012, AAMAS.

[45]  Aron Laszka,et al.  Games of Timing for Security in Dynamic Environments , 2015, GameSec.

[46]  Bo An,et al.  PROTECT: a deployed game theoretic system to protect the ports of the United States , 2012, AAMAS.

[47]  Vincent Conitzer,et al.  Security scheduling for real-world networks , 2013, AAMAS.

[48]  H. Stackelberg,et al.  Marktform und Gleichgewicht , 1935 .

[49]  C. Carathéodory Über den variabilitätsbereich der fourier’schen konstanten von positiven harmonischen funktionen , 1911 .

[50]  Sarit Kraus,et al.  Game-theoretic randomization for security patrolling with dynamic execution uncertainty , 2013, AAMAS.

[51]  Milind Tambe,et al.  Monotonic Maximin: A Robust Stackelberg Solution against Boundedly Rational Followers , 2013, GameSec.

[52]  Branislav Bosanský,et al.  Game-Theoretic Algorithms for Optimal Network Security Hardening Using Attack Graphs , 2015, AAMAS.

[53]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[54]  Manish Jain,et al.  Security applications: lessons of real-world deployment , 2009, SECO.

[55]  Nicolas Christin,et al.  Audit Games , 2013, IJCAI.

[56]  A. Tversky,et al.  Prospect theory: analysis of decision under risk , 1979 .

[57]  Rong Yang,et al.  Improving Resource Allocation Strategy against Human Adversaries in Security Games , 2011, IJCAI.

[58]  Manish Jain,et al.  Computing optimal randomized resource allocations for massive security games , 2009, AAMAS 2009.