Hypothesis Testing Game for Cyber Deception

Abstract

Deception is a technique to mislead human or computer systems by manipulating beliefs and information. Successful deception is characterized by the information-asymmetric, dynamic, and strategic behaviors of the deceiver and the deceivee. This paper proposes a game-theoretic framework to capture these features of deception in which the deceiver sends the strategically manipulated information to the deceivee while the deceivee makes the best-effort decisions based on the information received and his belief. In particular, we consider the case when the deceivee adopts hypothesis testing to make binary decisions and the asymmetric information is modeled using a signaling game where the deceiver is a privately-informed player called sender and the deceivee is an uninformed player called receiver. We characterize perfect Bayesian Nash equilibrium (PBNE) solution of the game and study the deceivability of the game. Our results show that the hypothesis testing game admits pooling and partially-separating-pooling equilibria. In pooling equilibria, the deceivability depends on the true types, while in partially-separating-pooling equilibria, the deceivability depends on the cost of the deceiver. We introduce the receiver operating characteristic curve to visualize the equilibrium behavior of the deceiver and the performance of the decision making, thereby characterizing the deceivability of the hypothesis testing game.

Appendices

A Appendix A: Proof of Lemma 2

Expand the total Bayes risk in Eq. 7 as follow,

$$\begin{aligned} \begin{aligned} \bar{C}^R( \delta | m, \sigma ^S, \mu ) =&\sum _{j=0}^1 \lambda (\delta | H_j, \sigma ^S ) \mu (H_j | m)\\ =&\sum _{j=0}^1 \sum _{i=0}^1 \sum _{m'\in M_i} c_{ij}\sigma ^S(m'|H_j) \mu (H_j|m). \end{aligned} \end{aligned}$$

(17)

Let \(\varXi (M_i |H_j)\) be defined as

$$ \varXi (M_i |H_j) = \sum _{m\in M_i} p(m|H_j). $$

Then, we have \(\varXi (M_i|H_0) + \varXi (M_i |H_1) = 1\) \(\forall j\in \{0,1\}\). Thus, Eq. 17 can be written as

$$\begin{aligned} \begin{aligned} \bar{C}^R( \delta | m, \sigma ^S, \mu ) =&\sum _{j=0}^1 c_{oj}\mu (H_j |m) + \sum _{j=0}^1 (c_{1j} - c_{0j})\varXi (M_1 |H_j)\mu (H_j|m)\\ =&\sum _{j=0}^1 c_{oj}\mu (H_j |m) + \sum _{m'\in M_1}\big (\sum _{j=0}^1 (c_{1j} - c_{0j})\sigma ^S(m' |H_j)\mu (H_j|m) \big ). \end{aligned} \end{aligned}$$

(18)

Therefore, a decision function \(\delta ^*\) is optimum if it can partition \(\varTheta \) into \(M_0\) and \(M_1\) such that \(M_1\) satisfies

$$ M_1 = \{m\in \theta : \sum _{j=0}^1 (c_{1j} - c_{0j})\sigma ^S(m' |H_j)\mu (H_j|m) \le 0 \}. $$

Under Assumption 1, we have

$$ c_{10} \sigma ^S(m|H_0) \mu (H_0 | m) - c_{01} \sigma ^S(m|H_1) \mu (H_1|m)\le 0. $$

Therefore, \(H_1\) is selected, i.e., \(\delta ^*(m) = 1\) if the following inequality holds,

$$ \frac{ \sigma ^S(m|H_1) }{ \sigma ^S(m|H_0) } \ge \frac{ c_{10} }{c_{01} } \frac{ \mu (H_0 | m) }{\mu (H_1|m)}. $$

Similarly, we can find the condition for \(H_0\).   \(\triangle \)

B Appendix B: Proof of Theorem 2

Suppose the true type is \(H_0\). S wants R to believe the type is \(H_1\), i.e., \(\delta ^*(m) = 1\). This requires the strategy \(\sigma ^{S*}\) of S to satisfy

$$\begin{aligned} \frac{\sigma ^{S*}(m|H_1)}{\sigma ^{S*}(m|H_0)} \ge \frac{ c_{10} }{c_{01} } \frac{ \mu (H_0|m) }{\mu (H_1|m)}. \end{aligned}$$

(19)

Given R’s action a, the corresponding costs are \(C^S(H_0, m, a=0)\) and \(C^S(H_0, m, a=1)\).

Similarly, if the true type is \(H_1\), the successful deception requires \(\sigma ^{S*}\) to satisfy

$$\begin{aligned} \frac{\sigma ^{S*}(m|H_1)}{\sigma ^{S*}(m|H_0)} < \frac{ c_{10} }{c_{01} } \frac{ \mu (H_0|m) }{\mu (H_1|m)}. \end{aligned}$$

(20)

Given R’s action a, the corresponding costs are \(C^S(H_1, m, a=0)\) and \(C^S(H_1, m, a=1)\).

Clearly, (19) and (20) cannot hold at the same time. Therefore, S has to decide between (19) and (20) such that the cost is minimized given the true type \(H_j\), \(\forall j\in \{0,1\}\). Therefore, if \(C^S(H_0,m,1) < C^S(H_1,m,0)\), S chooses the strategy \(\sigma ^{S*}\) that satisfies (19); if \(C^S(H_0,m,1) > C^S(H_1,m,0)\)

S chooses the strategy \(\sigma ^{S*}\) that satisfies (19) if \(C^S(H_0,m,1) < C^S(H_1,m,0)\). In this case, R is deceivable if \(H_0\) holds and is not deceivable if \(H_1\) holds. The corresponding rate of successful deception is the probability of occurrence of \(H_0\), i.e., \(\pi _0\). If \(C^S(H_0,m,1) > C^S(H_1,m,0)\), S chooses \(\sigma ^{S*}\) satisfying (19). In this case, S can deceive R if \(H_1\) holds and cannot deceive her if \(H_0\) holds. The rate of successful deception is \(\pi _1\). If \(C^S(H_0,m,1) = C^S(H_1,m,0)\), and chooses \(\sigma ^{S*}\), S is indifferent between (19) and (20), and he can choose either strategy.   \(\triangle \)