Abstract
Game-theoretic applications in cyber-security are often restricted by the need to simplify complex domains to render them amenable to analysis. In the empirical game-theoretic analysis approach, games are modeled by simulation, thus significantly increasing the level of complexity that can be addressed. We survey applications of this approach to scenarios of adaptive cyber-defense, illustrating how the method operates, and assessing its strengths and limitations .
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albanese, M., Connell, W., Venkatesan, S., Cybenko, G.: Moving target defense quantification. In: Jajodia et al. (2019)
Bowers, K.D., van Dijk, M., Griffin, R., Juels, A., Oprea, A., Rivest, R.L., Triandopoulos, N.: Defending against the unknown enemy: applying FlipIt to system security. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 248–263. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_15
Bushnell, L., Poovendran, R., Başar, T. (eds.): GameSec 2018. LNCS, vol. 11199. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01554-1
Čagalj, M., Ganeriwal, S., Aad, I., Hubaux, J.-P.: On selfish behavior in CSMA/CA networks. In: 24th IEEE International Conference on Computer Communications, pp. 2513–2524 (2005)
Chapman, M.: Cyber Hide-and-Seek. Ph.D. thesis, King’s College London (2016)
Duong, Q., LeFevre, K., Wellman, M.P.: Strategic modeling of information sharing among data privacy attackers. Informatica 34, 151–158 (2010)
Edwards, B., Furnas, A., Forrest, S., Axelrod, R.: Strategic aspects of cyberattack, attribution, and blame. Proc. Natl. Acad. Sci. 114, 2825–2830 (2017)
Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of moving target defenses. In: Jajodia et al. (2011)
Farhang, S., Grossklags, J.: FlipLeakage: a game-theoretic approach to protect against stealthy attackers in the presence of information leakage. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 195–214. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_12
Fearnley, J., Gairing, M., Goldberg, P., Savani, R.: Learning equilibria of games via payoff queries. In: 14th ACM Conference on Electronic Commerce (2013)
Frazier, G., Duong, Q., Wellman, M.P., Petersen, E.: Incentivizing responsible networking via introduction-based routing. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 277–293. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21599-5_21
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Sean Wang, X. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9
Jajodia, S., Cybenko, G., Liu, P., Wang, C., Wellman, M.P. (eds.): Adversarial and Uncertain Reasoning for Adaptive Cyber Defense. Springer, Champ (2019). https://doi.org/10.1007/978-3-030-30719-6
Jia, Q., Sun, K., Stavrou, A.: MOTAG: moving target defense against internet denial of service attacks. In: 22nd International Conference on Computer Communications and Networks (2013)
Jones, S., et al.: Evaluating moving target defense with PLADD. Technical report 8432R, Sandia National Lab (2015)
Jordan, P.R., Schvartzman, L.J., Wellman, M.P.: Strategy exploration in empirical games. In: 9th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 1131–1138 (2010)
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1–38 (2014)
Lanctot, M., et al.: A unified game-theoretic approach to multiagent reinforcement learning. In: 31st Annual Conference on Neural Information Processing Systems (2017)
Laszka, A., Johnson, B., Grossklags, J.: Mitigating covert compromises. In: Chen, Y., Immorlica, N. (eds.) WINE 2013. LNCS, vol. 8289, pp. 319–332. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-45046-4_26
Laszka, A., Horvath, G., Felegyhazi, M., Buttyán, L.: FlipThem: modeling targeted attacks with FlipIt for multiple resources. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 175–194. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_10
Manshaei, M.H., Zhu, Q., Alpcan, T., Başar, T., Hubaux, J.-P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(25), 1–39 (2013)
McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: software tools for game theory, Version 13.1.2 (2014). www.gambit-project.org
Miehling, E., Rasouli, M., Teneketzis, D.: Optimal defense policies for partially observable spreading processes on Bayesian attack graphs. In: Second ACM Workshop on Moving Target Defense, pp. 67–76 (2015)
Naghizadeh, P., Liu, M.: Opting out of incentive mechanisms: a study of security as a non-excludable public good. IEEE Trans. Inf. Forensics Secur. 11, 2790–2803 (2016)
Nguyen, T.H., Wright, M., Wellman, M.P., Singh, S.: Multi-stage attack graph security games: heuristic strategies, with empirical game-theoretic analysis. In: Fourth ACM Workshop on Moving Target Defense, pp. 87–97 (2017)
Pfleeger, C.P., Pfleeger, S.L.: Analyzing Computer Security: A Threat/Vulnerability/Countermeasure Approach. Prentice Hall, Upper Saddle River (2012)
Pham, V., Cid, C.: Are we compromised? Modelling security assessment games. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 234–247. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_14
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Workshop on New Security Paradigms, pp. 71–79 (1998)
Prakash, A., Wellman, M.P.: Empirical game-theoretic analysis for moving target defense. In: Second ACM Workshop on Moving Target Defense, pp. 57–65 (2015)
Qi, C., Jiangxing, W., Cheng, G., Ai, J., Zhao, S.: Security analysis of dynamic SDN architectures based on game theory. Secur. Commun. Netw. 4123736, 2018 (2018)
Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.): Decision and Game Theory for Security. LNCS, vol. 10575. Springer, Cham (2017a). https://doi.org/10.1007/978-3-319-68711-7
Rass, S., König, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PLoS ONE 12, e0168675 (2017b)
Roy, S., Ellis, C., Shiva, S.G., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: 43rd Hawaii International Conference on System Sciences (2010)
Schvartzman, L.J., Wellman, M.P.: Stronger CDA strategies through empirical game-theoretic analysis and reinforcement learning. In: 8th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 249–256, Budapest (2009)
Silver, D.: Mastering chess and shogi by self-play with a general reinforcement learning algorithm. Technical report, arXiv 1712.01815 (2017)
Sinha, A., Fang, F., An, B., Kiekintveld, C., Tambe, M.: Stackelberg security games: looking beyond a decade of success. In: 27th International Joint Conference on Artificial Intelligence, pp. 5494–5501 (2018)
Sokota, S., Ho, C., Wiedenbeck, B.: Learning deviation payoffs in simulation-based games. In: 33rd AAAI Conference on Artificial Intelligence, pp. 1266–1273 (2019)
Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)
Tavafoghi, H., Yi, O., Teneketzis, D., Wellman, M.P.: Game theoretic approaches to cyber security: issues, results and challenges. In: Jajodia et al. (2019)
van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: the game of “stealthy takeover”. J. Cryptol. 26, 655–713 (2013)
Venkatesan, S., Albanese, M., Amin, K., Jajodia, S., Wright, M.: A moving target defense approach to mitigate DDoS attacks against proxy-based architectures. In: IEEE Conference on Communications and Network Security (2016)
Vorobeychik, Y.: Probabilistic analysis of simulation-based games. ACM Trans. Model. Comput. Simul. 20(3), 16:1–16:25 (2010)
Vorobeychik, Y., Wellman, M.P., Singh, S.: Learning payoff functions in infinite games. Mach. Learn. 67, 145–168 (2007)
Wang, Y.: Deep reinforcement learning for green security games with real-time information. In: 33rd AAAI Conference on Artificial Intelligence (2019)
Wellman, M.P.: Putting the agent in agent-based modeling. Auton. Agents Multi-Agent Syst. 30, 1175–1189 (2016)
Wellman, M.P., Prakash, A.: Empirical game-theoretic analysis of an adaptive cyber-defense scenario (preliminary report). In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 43–58. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_3
Wellman, M.P., Reeves, D.M., Lochner, K.M., Cheng, S.-F., Suri, R.: Approximate strategic reasoning through hierarchical reduction of large symmetric games. In: 20th National Conference on Artificial Intelligence, pp. 502–508 (2005)
Wellman, M.P., Kim, T.H., Duong, Q.: Analyzing incentives for protocol compliance in complex domains: a case study of introduction-based routing. In: Twelfth Workshop on the Economics of Information Security (2013)
Wiedenbeck, B., Cassell, B.-A., Wellman, M.P.: Bootstrap techniques for empirical games. In: 13th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 597–604 (2014)
Wiedenbeck, B., Yang, F., Wellman, M.P.: A regression approach for modeling games with many symmetric players. In: 32nd AAAI Conference on Artificial Intelligence, pp. 1266–1273 (2018)
Wright, M., Wellman, M.P.: Evaluating the stability of non-adaptive trading in continuous double auctions. In: 17th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 614–622 (2018)
Wright, M., Venkatesan, S., Albanese, M., Wellman, M.P.: Moving target defense against DDoS attacks: an empirical game-theoretic analysis. In: Third ACM Workshop on Moving Target Defense (2016)
Wright, M., Wang, Y., Wellman, M.P.: Iterated deep reinforcement learning in games: history-aware training for improved stability. In: 20th ACM Conference on Economics and Computation (2019)
Acknowledgment
This work was partially supported by the Army Research Office under grant W911NF-13-1-0421.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Wellman, M.P., Nguyen, T.H., Wright, M. (2019). Empirical Game-Theoretic Methods for Adaptive Cyber-Defense. In: Jajodia, S., Cybenko, G., Liu, P., Wang, C., Wellman, M. (eds) Adversarial and Uncertain Reasoning for Adaptive Cyber Defense. Lecture Notes in Computer Science(), vol 11830. Springer, Cham. https://doi.org/10.1007/978-3-030-30719-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-30719-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30718-9
Online ISBN: 978-3-030-30719-6
eBook Packages: Computer ScienceComputer Science (R0)