Empirical Game-Theoretic Methods for Adaptive Cyber-Defense

Game-theoretic applications in cyber-security are often restricted by the need to simplify complex domains to render them amenable to analysis. In the empirical game-theoretic analysis approach, games are modeled by simulation, thus significantly increasing the level of complexity that can be addressed. We survey applications of this approach to scenarios of adaptive cyber-defense, illustrating how the method operates, and assessing its strengths and limitations .

[1]  Michael P. Wellman,et al.  Analyzing Incentives for Protocol Compliance in Complex Domains: A Case Study of Introduction-Based Routing , 2013, ArXiv.

[2]  Michael P. Wellman,et al.  Evaluating the Stability of Non-Adaptive Trading in Continuous Double Auctions: A Reinforcement Learning Approach , 2018, AAAI Workshops.

[3]  Michael P. Wellman,et al.  Multi-Stage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis , 2017, MTD@CCS.

[4]  Paul W. Goldberg,et al.  Learning equilibria of games via payoff queries , 2013, EC '13.

[5]  Ronald L. Rivest,et al.  Defending against the Unknown Enemy: Applying FlipIt to System Security , 2012, GameSec.

[6]  Aron Laszka,et al.  Mitigating Covert Compromises - A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks , 2013, WINE.

[7]  Michael P. Wellman,et al.  Approximate Strategic Reasoning through Hierarchical Reduction of Large Symmetric Games , 2005, AAAI.

[8]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[9]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[10]  Jens Grossklags,et al.  FlipLeakage: A Game-Theoretic Approach to Protect Against Stealthy Attackers in the Presence of Information Leakage , 2016, GameSec.

[11]  Michael P. Wellman,et al.  Strategic Modeling of Information Sharing among Data Privacy Attackers , 2010, Informatica.

[12]  Michael P. Wellman,et al.  Learning payoff functions in infinite games , 2005, Machine Learning.

[13]  Michael P. Wellman,et al.  Strategy exploration in empirical games , 2010, AAMAS.

[14]  David Silver,et al.  A Unified Game-Theoretic Approach to Multiagent Reinforcement Learning , 2017, NIPS.

[15]  Michael P. Wellman,et al.  Empirical Game-Theoretic Analysis of an Adaptive Cyber-Defense Scenario (Preliminary Report) , 2014, GameSec.

[16]  Michael P. Wellman,et al.  A Regression Approach for Modeling Games With Many Symmetric Players , 2018, AAAI.

[17]  Sushil Jajodia,et al.  A moving target defense approach to mitigate DDoS attacks against proxy-based architectures , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[18]  Stefan Rass,et al.  Decision and Game Theory for Security , 2017, Lecture Notes in Computer Science.

[19]  Saurabh Ganeriwal,et al.  On selfish behavior in CSMA/CA networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[20]  Michael P. Wellman,et al.  Bootstrap statistics for empirical games , 2014, AAMAS.

[21]  Michael P. Wellman,et al.  Moving Target Defense against DDoS Attacks: An Empirical Game-Theoretic Analysis , 2016, MTD@CCS.

[22]  Demosthenis Teneketzis,et al.  Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs , 2015, MTD@CCS.

[23]  Demis Hassabis,et al.  Mastering Chess and Shogi by Self-Play with a General Reinforcement Learning Algorithm , 2017, ArXiv.

[24]  Michael P. Wellman,et al.  Game Theoretic Approaches to Cyber Security: Challenges, Results, and Open Problems , 2019, Adversarial and Uncertain Reasoning for Adaptive Cyber Defense.

[25]  Yevgeniy Vorobeychik,et al.  Probabilistic analysis of simulation-based games , 2010, TOMC.

[26]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[27]  Parinaz Naghizadeh Ardabili,et al.  Opting Out of Incentive Mechanisms: A Study of Security as a Non-Excludable Public Good , 2016, IEEE Transactions on Information Forensics and Security.

[28]  Angelos Stavrou,et al.  MOTAG: Moving Target Defense against Internet Denial of Service Attacks , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[29]  Stefan Rass,et al.  Defending Against Advanced Persistent Threats Using Game-Theory , 2017, PloS one.

[30]  Samuel Sokota,et al.  Learning Deviation Payoffs in Simulation-Based Games , 2019, AAAI.

[31]  Stephanie Forrest,et al.  Strategic aspects of cyberattack, attribution, and blame , 2017, Proceedings of the National Academy of Sciences.

[32]  Michael P. Wellman Putting the agent in agent-based modeling , 2016, Autonomous Agents and Multi-Agent Systems.

[33]  Michael P. Wellman,et al.  Empirical Game-Theoretic Analysis for Moving Target Defense , 2015, MTD@CCS.

[34]  Michael P. Wellman,et al.  Multistage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis , 2018, Secur. Commun. Networks.

[35]  Michael P. Wellman,et al.  Iterated Deep Reinforcement Learning in Games: History-Aware Training for Improved Stability , 2019, EC.

[36]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[37]  Dong Zhou,et al.  Translation techniques in cross-language information retrieval , 2012, CSUR.

[38]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[39]  Michael P. Wellman,et al.  Stronger CDA strategies through empirical game-theoretic analysis and reinforcement learning , 2009, AAMAS.

[40]  Milind Tambe,et al.  Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[41]  Michael P. Wellman,et al.  Incentivizing Responsible Networking via Introduction-Based Routing , 2011, TRUST.

[42]  Lantao Yu,et al.  Deep Reinforcement Learning for Green Security Games with Real-Time Information , 2018, AAAI.

[43]  Barbara Kordy,et al.  DAG-based attack and defense modeling: Don't miss the forest for the attack trees , 2013, Comput. Sci. Rev..

[44]  Gábor Horváth,et al.  FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources , 2014, GameSec.

[45]  Alexander V. Outkin,et al.  Evaluating Moving Target Defense with PLADD , 2015 .

[46]  Shuo Zhao,et al.  Security Analysis of Dynamic SDN Architectures Based on Game Theory , 2018, Secur. Commun. Networks.

[47]  George Cybenko,et al.  Moving Target Defense Quantification , 2019, Adversarial and Uncertain Reasoning for Adaptive Cyber Defense.

[48]  Bo An,et al.  Stackelberg Security Games: Looking Beyond a Decade of Success , 2018, IJCAI.

[49]  Carlos Cid,et al.  Are We Compromised? Modelling Security Assessment Games , 2012, GameSec.

[50]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.