Learning to Signal in the Goldilocks Zone: Improving Adversary Compliance in Security Games

Many real-world security scenarios can be modeled via a game-theoretic framework known as a security game in which there is a defender trying to protect potential targets from an attacker. Recent work in security games has shown that deceptive signaling by the defender can convince an attacker to withdraw his attack. For instance, a warning message to commuters indicating speed enforcement is in progress ahead might lead to them driving more slowly, even if it turns out no enforcement is in progress. However, the results of this work are limited by the unrealistic assumption that the attackers will behave with perfect rationality, meaning they always choose an action that gives them the best expected reward. We address the problem of training boundedly rational (human) attackers to comply with signals via repeated interaction with signaling without incurring a loss to the defender, and offer the four following contributions: (i) We learn new decision tree and neural network-based models of attacker compliance with signaling. (ii) Based on these machine learning models of a boundedly rational attacker’s response to signaling, we develop a theory of signaling in the Goldilocks zone, a balance of signaling and deception that increases attacker compliance and improves defender utility. (iii) We present game-theoretic algorithms to solve for signaling schemes based on the learned models of attacker compliance with signaling. (iv) We conduct extensive human subject experiments using an online game. The game simulates the scenario of an inside attacker trying to steal sensitive information from company computers, and results show that our algorithms based on learned models of attacker behavior lead to better attacker compliance and improved defender utility compared to the state-of-the-art algorithm for rational attackers with signaling.

[1]  Milind Tambe,et al.  Adversary Models Account for Imperfect Crime Data: Forecasting and Planning against Real-world Poachers , 2018, AAMAS.

[2]  Milind Tambe,et al.  Cloudy with a Chance of Poaching: Adversary Behavior Modeling and Forecasting with Real-World Poaching Data , 2017, AAMAS.

[3]  Joel Sobel,et al.  Signaling Games , 2009, Encyclopedia of Complexity and Systems Science.

[4]  Roman Timofeev,et al.  Classification and Regression Trees(CART)Theory and Applications , 2004 .

[5]  Richeng Jin,et al.  Foresighted deception in dynamic security games , 2017, 2017 IEEE International Conference on Communications (ICC).

[6]  Vincent Conitzer,et al.  Complexity of Computing Optimal Stackelberg Strategies in Security Resource Allocation Games , 2010, AAAI.

[7]  Amos Azaria,et al.  Analyzing the Effectiveness of Adversary Modeling in Security Games , 2013, AAAI.

[8]  Cynthia Lum,et al.  "Don't Work"? , 2003 .

[9]  Milind Tambe,et al.  Defending Against Opportunistic Criminals: New Game-Theoretic Frameworks and Algorithms , 2014, GameSec.

[10]  Juliane Hahn,et al.  Security And Game Theory Algorithms Deployed Systems Lessons Learned , 2016 .

[11]  Bo An,et al.  Refinement of Strong Stackelberg Equilibria in Security Games , 2011, AAAI.

[12]  Joanna Kolodziej,et al.  Stackelberg security games: models, applications and computational aspects , 2016 .

[13]  Oguzhan Alagöz,et al.  Modeling secrecy and deception in a multiple-period attacker-defender signaling game , 2010, Eur. J. Oper. Res..

[14]  Rong Yang,et al.  Improving Resource Allocation Strategy against Human Adversaries in Security Games , 2011, IJCAI.

[15]  Yongzhao Wang,et al.  Deception in Finitely Repeated Security Games , 2019, AAAI.

[16]  Milind Tambe,et al.  Keeping Pace with Criminals: Designing Patrol Allocation Against Adaptive Opportunistic Criminals , 2015, AAMAS.

[17]  Branislav Bosanský,et al.  Comparing Strategic Secrecy and Stackelberg Commitment in Security Games , 2017, IJCAI.

[18]  Milind Tambe,et al.  Game-theoretic patrol strategies for transit systems: the TRUSTS system and its mobile app , 2013, AAMAS.

[19]  Nicola Basilico,et al.  Strategic guard placement for optimal response toalarms in security games , 2014, AAMAS.

[20]  Rong Yang,et al.  Improving resource allocation strategies against human adversaries in security games: An extended study , 2013, Artif. Intell..

[21]  Milind Tambe,et al.  Toward Personalized Deceptive Signaling for Cyber Defense Using Cognitive Models , 2020, Top. Cogn. Sci..

[22]  Haifeng Xu,et al.  Strategic Coordination of Human Patrollers and Mobile Sensors With Signaling for Security Games , 2018, AAAI.

[23]  Steven Okamoto,et al.  Solving non-zero sum multiagent network flow security games with attack costs , 2012, AAMAS.

[24]  Milind Tambe,et al.  Effective solutions for real-world Stackelberg games: when agents must deal with human uncertainties , 2009, AAMAS 2009.

[25]  Milind Tambe,et al.  Security games in the field: an initial study on a transit system , 2014, AAMAS.

[26]  Haifeng Xu,et al.  Exploring Information Asymmetry in Two-Stage Security Games , 2015, AAAI.

[27]  Sheng Zhong,et al.  On repeated stackelberg security game with the cooperative human behavior model for wildlife protection , 2018, Applied Intelligence.

[28]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[29]  Kevin Leyton-Brown,et al.  Deep Learning for Predicting Human Strategic Behavior , 2016, NIPS.

[30]  Hans D. Schotten,et al.  Demystifying Deception Technology: A Survey , 2018, ArXiv.

[31]  Long Tran-Thanh,et al.  Don't Put All Your Strategies in One Basket: Playing Green Security Games with Imperfect Prior Knowledge , 2019, AAMAS.

[32]  Sarit Kraus,et al.  Predicting Human Decision-Making: From Prediction to Action , 2018, Predicting Human Decision-Making.

[33]  Paul Davidsson,et al.  Social Phenomena Simulation , 2009, Encyclopedia of Complexity and Systems Science.

[34]  Michel Cukier,et al.  RESTRICTIVE DETERRENT EFFECTS OF A WARNING BANNER IN AN ATTACKED COMPUTER SYSTEM , 2014 .

[35]  Milind Tambe,et al.  Learning about Cyber Deception through Simulations: Predictions of Human Decision Making with Deceptive Signals in Stackelberg Security Games , 2018, CogSci.

[36]  Robert G. Abbott,et al.  The Tularosa Study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception , 2019, HICSS.

[37]  Sean W. Smith,et al.  Security and Cognitive Bias: Exploring the Role of the Mind , 2012, IEEE Security & Privacy.

[38]  Kat Krol,et al.  Don't work. Can't work? Why it's time to rethink security warnings , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).