Security Strategies and Multi-Criteria Decision Making

The essence of security is defending assets against an adversary that may behave almost arbitrarily. Game theory can help finding optimal strategies against any possible behavior, provided that the attacker stays within a known action space. This is the typical domain and case of security risk management, where a set of threats is identified, against which a uniformly best defense is sought. In game-theoretic terms, the threat list corresponds to an action space, and the best defense against that list is a security strategy. This chapter discusses how such strategies can be computed for single and multiple protection goals, even when the effects of the defense actions are nondeterministic (random). The latter especially admits a treatment of uncertainty in three forms, being about the adversary (form and number), the attacker(s) incentives, and – to a limited extent – also the action space (threat list) itself. Suitable game-theoretic models are introduced, and methods are presented to compute bests defenses under uncertainty.

[1]  Martin L. Puterman,et al.  Markov Decision Processes: Discrete Stochastic Dynamic Programming , 1994 .

[2]  Stefan Rass,et al.  On Game-Theoretic Network Security Provisioning , 2012, Journal of Network and Systems Management.

[3]  Stephen P. Brooks,et al.  Markov Decision Processes. , 1995 .

[4]  Sushil Jajodia,et al.  k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks , 2010, ESORICS.

[5]  Frank L. Lewis,et al.  Reinforcement Learning and Approximate Dynamic Programming for Feedback Control , 2012 .

[6]  Stefan Rass,et al.  Numerical Computation of Multi-goal Security Strategies , 2014, GameSec.

[7]  Stefan Rass On Game-Theoretic Risk Management (Part Two) - Algorithms to Compute Nash-Equilibria in Games with Distributions as Payoffs , 2015, ArXiv.

[8]  R Core Team,et al.  R: A language and environment for statistical computing. , 2014 .

[9]  Stefan Rass,et al.  Defending Against Advanced Persistent Threats Using Game-Theory , 2017, PloS one.

[10]  Peter Chesson,et al.  Families of discrete kernels for modeling dispersal. , 2005, Theoretical population biology.

[11]  D. Avis,et al.  Enumeration of Nash equilibria for two-player games , 2010 .

[12]  Viliam Lisý,et al.  Online Learning Methods for Border Patrol Resource Allocation , 2014, GameSec.

[13]  Stefan Rass,et al.  On the Cost of Game Playing: How to Control the Expenses in Mixed Strategies , 2017, GameSec.

[14]  J. Robinson AN ITERATIVE METHOD OF SOLVING A GAME , 1951, Classics in Game Theory.

[15]  Gábor Lugosi,et al.  Prediction, learning, and games , 2006 .

[16]  Balaji Rajagopalan,et al.  A KERNEL ESTIMATOR FOR DISCRETE DISTRIBUTIONS , 1995 .

[17]  Aner Sela Fictitious play in ‘one-against-all’ multi-player games , 1999 .

[18]  Tim Roughgarden,et al.  Twenty Lectures on Algorithmic Game Theory , 2016, Bull. EATCS.

[19]  Christian P. Robert,et al.  The Bayesian choice , 1994 .

[20]  Carles Rafels,et al.  Security Strategies and Equilibria in Multiobjective Matrix Games , 2002 .

[21]  D. Fudenberg,et al.  The Theory of Learning in Games , 1998 .