Game Theory and Security: Recent History and Future Directions

Until twenty years ago, the application of game theory (GT) was mostly limited to toy examples. Today, as a result of major technological and algorithmic advances, researchers use game-theoretical models to motivate complex security decisions relating to real-life security problems. This requires models that are an accurate reflection of reality. This paper presents a biased bird’s-eye view of the security-related GT research of the past decade. It presents this research as a move towards increasingly accurate and comprehensive models. We discuss the need for adversarial modeling as well as the internalization of externalities due to security interdependencies. Finally, we identify three promising directions for future research: relaxing common game-theoretical assumptions, creating models that model interdependencies as well as a strategic adversary and modelling interdependencies between attackers.

[1]  Rainer Böhme,et al.  Modeling Cyber-Insurance: Towards a Unifying Framework , 2010, WEIS.

[2]  Jonathan Katz,et al.  Bridging Game Theory and Cryptography: Recent Results and Future Directions , 2008, TCC.

[3]  Christopher J. Coyne,et al.  THE ECONOMICS OF COMPUTER HACKING , 2005 .

[4]  Aron Laszka,et al.  Mitigation of Targeted and Non-targeted Covert Attacks as a Timing Game , 2013, GameSec.

[5]  Luis E. Ortiz,et al.  Interdependent Defense Games: Modeling Interdependent Security under Deliberate Attacks , 2012, UAI.

[6]  Huseyin Cavusoglu,et al.  Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment , 2008, J. Manag. Inf. Syst..

[7]  Sarit Kraus,et al.  Robust solutions to Stackelberg games: Addressing bounded rationality and limited observations in human cognition , 2010, Artif. Intell..

[8]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[9]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[10]  Douglas R. Stinson,et al.  Socio-Rational Secret Sharing as a New Direction in Rational Cryptography , 2012, GameSec.

[11]  Joseph Y. Halpern,et al.  Rational secret sharing and multiparty computation: extended abstract , 2004, STOC '04.

[12]  Sarit Kraus,et al.  Using Game Theory for Los Angeles Airport Security , 2009, AI Mag..

[13]  Aron Laszka,et al.  A Survey of Interdependent Security Games , 2012 .

[14]  Rong Yang,et al.  A robust approach to addressing human adversaries in security games , 2012, AAMAS.

[15]  Tansu Alpcan,et al.  Network Security , 2010 .

[16]  Rong Yang,et al.  Improving Resource Allocation Strategy against Human Adversaries in Security Games , 2011, IJCAI.

[17]  Rong Yang,et al.  Improving resource allocation strategies against human adversaries in security games: An extended study , 2013, Artif. Intell..

[18]  T. Rabin,et al.  Algorithmic Game Theory: Cryptography and Game Theory , 2007 .

[19]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[20]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[21]  Yevgeniy Vorobeychik,et al.  Securing interdependent assets , 2012, Autonomous Agents and Multi-Agent Systems.

[22]  Milind Tambe,et al.  "A Game of Thrones": When Human Behavior Models Compete in Repeated Stackelberg Security Games , 2015, AAMAS.

[23]  Manish Jain,et al.  Risk-Averse Strategies for Security Games with Execution and Observational Uncertainty , 2011, AAAI.

[24]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[25]  Milind Tambe,et al.  Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[26]  Steven D. Levitt,et al.  Measuring Positive Externalities from Unobservable Victim Precaution: An Empirical Analysis of Lojack , 1997 .

[27]  Robert Axelrod,et al.  Timing of cyber conflict , 2014, Proceedings of the National Academy of Sciences.

[28]  Rong Yang,et al.  Adaptive resource allocation for wildlife protection against illegal poachers , 2014, AAMAS.

[29]  Stefan Savage,et al.  An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[30]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[31]  Rainer Böhme,et al.  Economic Security Metrics , 2005, Dependability Metrics.

[32]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[33]  Ross J. Anderson,et al.  The Economics of Online Crime , 2009 .

[34]  Nicolas Christin,et al.  Network Security Games: Combining Game Theory, Behavioral Economics, and Network Measurements , 2011, GameSec.

[35]  Milind Tambe,et al.  Comparing human behavior models in repeated Stackelberg security games: An extended study , 2016, Artif. Intell..

[36]  Peter Reichl,et al.  Interplay between Security Providers, Consumers, and Attackers: A Weighted Congestion Game Approach , 2011, GameSec.

[37]  Tyler Moore,et al.  Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools , 2014, Financial Cryptography Workshops.

[38]  Milind Tambe,et al.  Robust Strategy against Unknown Risk-averse Attackers in Security Games , 2015, AAMAS.

[39]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS 2008.

[40]  J. Neumann,et al.  Theory of games and economic behavior , 1945, 100 Years of Math Milestones.

[41]  Srinivasan Raghunathan,et al.  Cyber Insurance and IT Security Investment: Impact of Interdependence Risk , 2005, WEIS.

[42]  Manish Jain,et al.  Computing optimal randomized resource allocations for massive security games , 2009, AAMAS 2009.

[43]  Amos Azaria,et al.  Analyzing the Effectiveness of Adversary Modeling in Security Games , 2013, AAAI.

[44]  Yevgeniy Vorobeychik,et al.  Multidefender Security Games , 2015, IEEE Intelligent Systems.

[45]  Levente Buttyán,et al.  A Survey of Interdependent Information Security Games , 2014, ACM Comput. Surv..

[46]  Joseph Y. Halpern,et al.  Game Theory with Costly Computation , 2008, ArXiv.