Download pdf
Game Theory Classification in Cybersecurity: A Survey.
- 1 Federal University of Technology, Akure. P.M.B. 704, Akure. Nigeria
* Author to whom correspondence should be addressed.
Abstract
Cyber security is a field designed to protect computers connected to the internet from attacks, and hence prevent unauthorized users from accessing the sensitive data present in it. Lately, it has witnessed intensified research from both academia and the industry. However, traditional cyber security technologies still face inadequacies in tackling the ever-dynamic frontier of cyber-attacks as a result of inability to incorporate behavioral tendencies of adaptive and intelligent adversaries in their security models. Game theory is often the first choice as a mathematical tool among researchers and industry practitioners for modeling conflict and cooperation among intelligent and rational actors. With its rich modeling and analytical techniques, and ability to forecast cyber-attacks and optimal defense strategies accurately, cyber security attacks are much easier to mitigate than traditional approaches. This paper reviews several game theoretic concepts and applications in the never-ending dynamic contradiction between the defender and the attacker. These concepts are classified according to applications and scenarios. Present research challenges are discussed and future directions for the need to incorporate attacker’s risk attitude as a determinant factor of the Nash Equilibrium is emphasized in the malicious insider threat scenario.
Keywords
Game theory, Nash equilibrium, risk attitude, insider threat
[1]. Ghosh, S., Turrini, E.: Cybercrimes: A Multidisciplinary Analysis. Springer-Verlag Berlin Hei-delberg, (2010).
[2]. Gueye, A.: A-Game-Theoretical-Approach-To-Communication-Security. PhD diss., UC Berke-ley, pp 26 (2011).
[3]. Golany, B., Kaplan, E. H., Marmur, A., U. G. Rothblum, U. G.: Nature plays with dice - ter-rorists do not: Allocating resources to counter strategic versus probabilistic risks. In: Eur. J. Oper. Res., vol. 192, no. 1, pp. 198–208 (2009).
[4]. Maschler, M., Solan, E., S. Zamir, S.: Game Theory. Cambridge University Press, Cambridge (2013).
[5]. Bier, V., Cox, L., Azaiez, N.: Game Theoretic Risk Analysis of Security Threats. Springer, New York (2008).
[6]. Cox, L. A.: Game theory and risk analysis. In: Response, Risk Analysis, vol. 29, no. 8, pp. 1062–1068 (2009).
[7]. Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2012).
[8]. Watson, J.: Strategy. W.W. Norton & Company, Inc., 500 Fifth Avenue, New York (2013).
[9]. Owen, G.: Game Theory, 4th edn. Emerald Group Publishing Limited Howard House, Wagon Lane, Bingley BD16 1WA, UK (2013).
[10]. Holt, C. A., Roth, A. E.: The Nash equilibrium: a perspective. In: Proceedings of the National Academy of Science of the United States of America, pp. 3999–4002. vol. 101, no. 12 (2004).
[11]. Kelly, A.: Decision Making using Game Theory: An Introduction for Managers. Cambridge University Press, Cambridge (2003).
[12]. Anwar, F., Khan, B. U. I., Olanrewaju, R. F., Pampori, B. R., Mir, R. N.: A comprehensive insight into game theory in relevance to cyber security. In: Indonesian Journal of Electrical Engineering and Informatics, pp. 189–203 vol. 8, no. 1 (2020).
[13]. Wang, Y., Wang, Y. J., Liu, J., Huang, Z., Xie, P.: A survey of game theoretic methods for cyber security. In: IEEE First International Conference on Data Science in Cyberspace, pp. 631–636. Changsha China (2016).
[14]. An, B., Tambe, M.: Stackelberg security games (SSG) basics and application overview. In: Improving Homeland Security Decisions, pp. 485–507. Cambridge University Press, Cam-bridge (2017).
[15]. Kim, S.: Game theory applications in network design. IGI Global, Hershey, PA, USA (2014).
[16]. Camerer, C. F.: Behavioural studies of strategic thinking in games. In: Trends in Cognitive Sciences, pp. 225–231. vol. 7, no. 5 (2003).
[17]. Rauhut, H.: Game theory. Forbes, vol. 176, no. 10, 93 (2015).
[18]. Yong, J.: Differential games: A concise introduction. World Scientific Publishing Co., Singa-pore (2014).
[19]. Casey, W., Morales, J.A., Nguyen, T., Spring, J., Weaver, R., Wright, E., Metcalf, L., Mishra B.: Cyber security via signaling games: Toward a science of cyber security. In: Proc. Int. Conf. Distr. Comput. Internet Technol., pp. 34 - 42 (2014).
[20]. Pawlick, J., Zhu, Q.: Quantitative models of imperfect deception in network security using sig-naling games with evidence. In: IEEE Conf. Commun. Netw. Secur. CNS, vol. 2. pp. 394–395 (2017).
[21]. Feng, X., Zheng, Z., Cansever, D., Swami, A., Mohapatra, P.: A signaling game model for moving target defense. In: Proc. - IEEE INFOCOM (2017).
[22]. Tosh, D., Sengupta, S., Kamhoua, C., Kwiat, K., Martin, A.: An evolutionary game-theoretic framework for cyber-threat information sharing. In: IEEE Int. Conf. Commun., vol. 2015-Septe, pp. 7341–7346 (2015).
[23]. Tosh, D., Sengupta, S., Kamhoua, C. A., Kwiat, K.A.: Establishing evolutionary game models for CYBer security information EXchange (CYBEX). J. In: Comput. Syst. Sci., vol. 98, no. August, pp. 27–52 (2018).
[24]. Abass, A. A. A., Xiao, L., Mandayam, N. B. Gajic, Z.: Evolutionary Game Theoretic Analysis of Advanced Persistent Threats Against Cloud Storage. In: IEEE Access, vol. 5, pp. 8482–8491 (2017).
[25]. Bouhaddi, M., Adi, K., Radjef, M.S.: Evolutionary game-based defense mechanism in the MANETs. In: ACM Int. Conf. Proceeding Ser., vol. 20-22-July, pp. 88–95 (2016).
[26]. Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against ad-vanced persistent threat with insiders. In: Proc. - IEEE INFOCOM, vol. 26, pp. 747–755 (2015).
[27]. Bensoussan, A., Kantarcioglu, M., Hoe, S.: A game-theoretical approach for finding optimal strategies in a botnet defense model. In: Lect. Notes Comput. Sci., vol. 6442 LNCS, pp. 135–148 (2010).
[28]. Laszka, A., Johnson, B., Schöttle, P., Grossklags, J., Böhme, R.: Managing the weakest link: A game-theoretic approach for the mitigation of insider threats. In: Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS), vol. 8134 LNCS, pp. 273–290 (2013).
[29]. Elmrabit, N., Yang, S. H., Yang, L.: Insider threats in information security categories and ap-proaches. In: 21st Int. Conf. Autom. Comput. Autom. Comput. Manuf. New Econ. Growth, ICAC, Glasgow (2015).
[30]. Tambo, E., Adama, K.: Promoting Cybersecurity Awareness and Resilience Approaches, Ca-pabilities and Actions Plans Against Cybercrimes and Frauds in Africa. In: International Journal of Cyber-Security and Digital Forensics (IJCSDF), pp 126 – 138, Vol. 6, No. 3. Hong Kong (2017).
[31]. Liu, D., Wang, X. F., Camp, J.: Game-theoretic modeling and analysis of insider threats. In: Int. J. Crit. Infrastruct. Prot., vol. 1, pp. 75–80 (2008).
[32]. Kim, K. N., Young, S., Schneider, E., Yim, M. S.: A Game Theoretic Approach to Nuclear Security Analysis against Insider Threat. Trans. In: Korean Nucl. Soc. Spring Meeting, pp. 1CD-ROM, Korea, Republic of (2014).
[33]. Jose, V. R. R., Zhuang, J.: Incorporating risk preferences in stochastic noncooperative games. In: IISE Trans., vol. 50, no. 1, pp. 1–13 (2018).
[34]. Farahmand, F., Spafford, E. H.: Understanding insiders: An analysis of risk-taking behavior. In: Inf. Syst. Front., vol. 15, no. 1, pp. 5–15 (2013).
[35]. Farahmand, F., Spafford, E.H.: Insider behavior: An analysis of decision under risk. In: CEUR Workshop Proc., vol. 469, pp. 22–33, (2009).
Cite this article
Ogunbodede,O.O. (2023). Game Theory Classification in Cybersecurity: A Survey.. Applied and Computational Engineering,2,835-843.
Data availability
The datasets used and/or analyzed during the current study will be available from the authors upon reasonable request.
Disclaimer/Publisher's Note
The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of EWA Publishing and/or the editor(s). EWA Publishing and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.
About volume
Volume title: Proceedings of the 4th International Conference on Computing and Data Science (CONF-CDS 2022)
© 2024 by the author(s). Licensee EWA Publishing, Oxford, UK. This article is an open access article distributed under the terms and
conditions of the Creative Commons Attribution (CC BY) license. Authors who
publish this series agree to the following terms:
1. Authors retain copyright and grant the series right of first publication with the work simultaneously licensed under a Creative Commons
Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this
series.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the series's published
version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial
publication in this series.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and
during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See
Open access policy for details).