Abstract
It is typically infeasible to use automated intrusion detection systems to scan every single host in a network with high sensitivity and frequency due to high costs and large network sizes. We present a game-theoretic model between a network administrator and a worm using normal form games with a particular structure where the network admin wants to maximize the security of the network using limited resources, and the attacker wants to infect the network without getting caught. However, a large number of hosts in a network can result in a massive game, making it problematic to compute standard solutions like Nash equilibrium. We propose an abstraction approach for solving large games that have a subgame structure and show that it can be used to solve much larger instances of this cybersecurity scenario than standard algorithms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alpcan, T., Basar, T.: An intrusion detection game with limited observations. In: 12th International Symposium on Dynamic Games and Applications, Sophia Antipolis, France, vol. 26 (2006)
Bard, N., Nicholas, D., Szepesvári, C., Bowling, M.: Decision-theoretic clustering of strategies. In: AAMAS (2015)
Bosansky, B., Kiekintveld, C., Lisy, V., Pechoucek, M.: An exact double-oracle algorithm for zero-sum extensive-form games with imperfect information. J. Artif. Intell. Res. 51, 829–866 (2014)
Brown, N., Ganzfried, S., Sandholm, T.: Hierarchical abstraction, distributed equilibrium computation, and post-processing, with application to a champion no-limit Texas Hold’em agent, Technical report (2014)
Conitzer, V., Sandholm, T.: A technique for reducing normal-form games to compute a nash equilibrium. In: AAMAS, pp. 537–544 (2006)
Fabrikant, A., Papadimitriou, C., Talwar, K.: The complexity of pure nash equilibria. In: Proceedings of the Thirty-sixth Annual ACM Symposium on the Theory of Computing, pp. 604–612 (2004)
Ganzfried, S., Sandholm, T.: Potential-aware imperfect-recall abstraction with earth mover’s distance in imperfect-information games. In: Conference on Artificial Intelligence (AAAI) (2014)
Gilpin, A., Sandholm, T.: A competitive Texas Hold’em poker player via automated abstraction and real-time equilibrium computation. In: Proceedings of the National Conference on Artificial Intelligence (AAAI), vol. 21, p. 1007 (2006)
Gilpin, A., Sandholm, T.: Better automated abstraction techniques for imperfect information games, with application to Texas Hold’em poker. In: AAMAS, p. 192 (2007)
Gilpin, A., Sandholm, T., Sørensen, T.B.: Potential-aware automated abstraction of sequential games, and holistic equilibrium analysis of Texas Hold’em poker. In: Proceedings of the Conference on Artificial Intelligence (AAAI), vol. 22, p. 50 (2007)
Gilpin, A., Sandholm, T., Sørensen, T.B.: A heads-up no-limit Texas Hold’em poker player: discretized betting models and automatically generated equilibrium-finding programs. In: AAMAS, pp. 911–918 (2008)
Goeree, J.K., Holt, C.A., Palfrey, T.R.: Quantal response equilibrium. In: The New Palgrave Dictionary of Economics. Palgrave Macmillan, Basingstoke (2008)
Matta, V., Di Mauro, M., Longo, M.: DDoS attacks with randomized traffic innovation: Botnet identification challenges and strategies. IEEE Trans. Inf. Forensics Secur. 12(8), 1844–1859 (2017)
McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: software tools for game theory (2006)
McMahan, H.B., Gordon, G.J., Blum, A.: Planning in the presence of cost functions controlled by an adversary. In: Proceedings of the 20th International Conference on Machine Learning (ICML-03), pp. 536–543 (2003)
Shoham, Y., Leyton-Brown, K.: Multiagent Systems: Algorithmic, Game-theoretic, and Logical Foundations. Cambridge University Press, Cambridge (2008)
Venkatesan, S., Albanese, M., Shah, A., Ganesan, R., Jajodia, S.: Detecting stealthy Botnets in a resource-constrained environment using reinforcement learning. In: Proceedings of the 2017 Workshop on Moving Target Defense, pp. 75–85. ACM (2017)
Zinkevich, M., Johanson, M., Bowling, M., Piccione, C.: Regret minimization in games with incomplete information. In: Advances in neural information processing systems, pp. 1729–1736 (2008)
Acknowledgement
This research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes not with standing any copyright notation here on.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Basak, A., Gutierrez, M., Kiekintveld, C. (2018). Algorithms for Subgame Abstraction with Applications to Cyber Defense. In: Bushnell, L., Poovendran, R., BaÅŸar, T. (eds) Decision and Game Theory for Security. GameSec 2018. Lecture Notes in Computer Science(), vol 11199. Springer, Cham. https://doi.org/10.1007/978-3-030-01554-1_32
Download citation
DOI: https://doi.org/10.1007/978-3-030-01554-1_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01553-4
Online ISBN: 978-3-030-01554-1
eBook Packages: Computer ScienceComputer Science (R0)