Abstract
Game-theoretic applications in cyber-security are often restricted by the need to simplify complex domains to render them amenable to analysis. In the empirical game-theoretic analysis approach, games are modeled by simulation, thus significantly increasing the level of complexity that can be addressed. We survey applications of this approach to scenarios of adaptive cyber-defense, illustrating how the method operates, and assessing its strengths and limitations .
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albanese, M., Connell, W., Venkatesan, S., Cybenko, G.: Moving target defense quantification. In: Jajodia et al. (2019)
Bowers, K.D., van Dijk, M., Griffin, R., Juels, A., Oprea, A., Rivest, R.L., Triandopoulos, N.: Defending against the unknown enemy: applying FlipIt to system security. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 248–263. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_15
Bushnell, L., Poovendran, R., Başar, T. (eds.): GameSec 2018. LNCS, vol. 11199. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01554-1
Čagalj, M., Ganeriwal, S., Aad, I., Hubaux, J.-P.: On selfish behavior in CSMA/CA networks. In: 24th IEEE International Conference on Computer Communications, pp. 2513–2524 (2005)
Chapman, M.: Cyber Hide-and-Seek. Ph.D. thesis, King’s College London (2016)
Duong, Q., LeFevre, K., Wellman, M.P.: Strategic modeling of information sharing among data privacy attackers. Informatica 34, 151–158 (2010)
Edwards, B., Furnas, A., Forrest, S., Axelrod, R.: Strategic aspects of cyberattack, attribution, and blame. Proc. Natl. Acad. Sci. 114, 2825–2830 (2017)
Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of moving target defenses. In: Jajodia et al. (2011)
Farhang, S., Grossklags, J.: FlipLeakage: a game-theoretic approach to protect against stealthy attackers in the presence of information leakage. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 195–214. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_12
Fearnley, J., Gairing, M., Goldberg, P., Savani, R.: Learning equilibria of games via payoff queries. In: 14th ACM Conference on Electronic Commerce (2013)
Frazier, G., Duong, Q., Wellman, M.P., Petersen, E.: Incentivizing responsible networking via introduction-based routing. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 277–293. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21599-5_21
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Sean Wang, X. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9
Jajodia, S., Cybenko, G., Liu, P., Wang, C., Wellman, M.P. (eds.): Adversarial and Uncertain Reasoning for Adaptive Cyber Defense. Springer, Champ (2019). https://doi.org/10.1007/978-3-030-30719-6
Jia, Q., Sun, K., Stavrou, A.: MOTAG: moving target defense against internet denial of service attacks. In: 22nd International Conference on Computer Communications and Networks (2013)
Jones, S., et al.: Evaluating moving target defense with PLADD. Technical report 8432R, Sandia National Lab (2015)
Jordan, P.R., Schvartzman, L.J., Wellman, M.P.: Strategy exploration in empirical games. In: 9th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 1131–1138 (2010)
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1–38 (2014)
Lanctot, M., et al.: A unified game-theoretic approach to multiagent reinforcement learning. In: 31st Annual Conference on Neural Information Processing Systems (2017)
Laszka, A., Johnson, B., Grossklags, J.: Mitigating covert compromises. In: Chen, Y., Immorlica, N. (eds.) WINE 2013. LNCS, vol. 8289, pp. 319–332. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-45046-4_26
Laszka, A., Horvath, G., Felegyhazi, M., Buttyán, L.: FlipThem: modeling targeted attacks with FlipIt for multiple resources. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 175–194. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_10
Manshaei, M.H., Zhu, Q., Alpcan, T., Başar, T., Hubaux, J.-P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(25), 1–39 (2013)
McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: software tools for game theory, Version 13.1.2 (2014). www.gambit-project.org
Miehling, E., Rasouli, M., Teneketzis, D.: Optimal defense policies for partially observable spreading processes on Bayesian attack graphs. In: Second ACM Workshop on Moving Target Defense, pp. 67–76 (2015)
Naghizadeh, P., Liu, M.: Opting out of incentive mechanisms: a study of security as a non-excludable public good. IEEE Trans. Inf. Forensics Secur. 11, 2790–2803 (2016)
Nguyen, T.H., Wright, M., Wellman, M.P., Singh, S.: Multi-stage attack graph security games: heuristic strategies, with empirical game-theoretic analysis. In: Fourth ACM Workshop on Moving Target Defense, pp. 87–97 (2017)
Pfleeger, C.P., Pfleeger, S.L.: Analyzing Computer Security: A Threat/Vulnerability/Countermeasure Approach. Prentice Hall, Upper Saddle River (2012)
Pham, V., Cid, C.: Are we compromised? Modelling security assessment games. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 234–247. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_14
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Workshop on New Security Paradigms, pp. 71–79 (1998)
Prakash, A., Wellman, M.P.: Empirical game-theoretic analysis for moving target defense. In: Second ACM Workshop on Moving Target Defense, pp. 57–65 (2015)
Qi, C., Jiangxing, W., Cheng, G., Ai, J., Zhao, S.: Security analysis of dynamic SDN architectures based on game theory. Secur. Commun. Netw. 4123736, 2018 (2018)
Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.): Decision and Game Theory for Security. LNCS, vol. 10575. Springer, Cham (2017a). https://doi.org/10.1007/978-3-319-68711-7
Rass, S., König, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PLoS ONE 12, e0168675 (2017b)
Roy, S., Ellis, C., Shiva, S.G., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: 43rd Hawaii International Conference on System Sciences (2010)
Schvartzman, L.J., Wellman, M.P.: Stronger CDA strategies through empirical game-theoretic analysis and reinforcement learning. In: 8th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 249–256, Budapest (2009)
Silver, D.: Mastering chess and shogi by self-play with a general reinforcement learning algorithm. Technical report, arXiv 1712.01815 (2017)
Sinha, A., Fang, F., An, B., Kiekintveld, C., Tambe, M.: Stackelberg security games: looking beyond a decade of success. In: 27th International Joint Conference on Artificial Intelligence, pp. 5494–5501 (2018)
Sokota, S., Ho, C., Wiedenbeck, B.: Learning deviation payoffs in simulation-based games. In: 33rd AAAI Conference on Artificial Intelligence, pp. 1266–1273 (2019)
Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)
Tavafoghi, H., Yi, O., Teneketzis, D., Wellman, M.P.: Game theoretic approaches to cyber security: issues, results and challenges. In: Jajodia et al. (2019)
van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: the game of “stealthy takeover”. J. Cryptol. 26, 655–713 (2013)
Venkatesan, S., Albanese, M., Amin, K., Jajodia, S., Wright, M.: A moving target defense approach to mitigate DDoS attacks against proxy-based architectures. In: IEEE Conference on Communications and Network Security (2016)
Vorobeychik, Y.: Probabilistic analysis of simulation-based games. ACM Trans. Model. Comput. Simul. 20(3), 16:1–16:25 (2010)
Vorobeychik, Y., Wellman, M.P., Singh, S.: Learning payoff functions in infinite games. Mach. Learn. 67, 145–168 (2007)
Wang, Y.: Deep reinforcement learning for green security games with real-time information. In: 33rd AAAI Conference on Artificial Intelligence (2019)
Wellman, M.P.: Putting the agent in agent-based modeling. Auton. Agents Multi-Agent Syst. 30, 1175–1189 (2016)
Wellman, M.P., Prakash, A.: Empirical game-theoretic analysis of an adaptive cyber-defense scenario (preliminary report). In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 43–58. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_3
Wellman, M.P., Reeves, D.M., Lochner, K.M., Cheng, S.-F., Suri, R.: Approximate strategic reasoning through hierarchical reduction of large symmetric games. In: 20th National Conference on Artificial Intelligence, pp. 502–508 (2005)
Wellman, M.P., Kim, T.H., Duong, Q.: Analyzing incentives for protocol compliance in complex domains: a case study of introduction-based routing. In: Twelfth Workshop on the Economics of Information Security (2013)
Wiedenbeck, B., Cassell, B.-A., Wellman, M.P.: Bootstrap techniques for empirical games. In: 13th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 597–604 (2014)
Wiedenbeck, B., Yang, F., Wellman, M.P.: A regression approach for modeling games with many symmetric players. In: 32nd AAAI Conference on Artificial Intelligence, pp. 1266–1273 (2018)
Wright, M., Wellman, M.P.: Evaluating the stability of non-adaptive trading in continuous double auctions. In: 17th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 614–622 (2018)
Wright, M., Venkatesan, S., Albanese, M., Wellman, M.P.: Moving target defense against DDoS attacks: an empirical game-theoretic analysis. In: Third ACM Workshop on Moving Target Defense (2016)
Wright, M., Wang, Y., Wellman, M.P.: Iterated deep reinforcement learning in games: history-aware training for improved stability. In: 20th ACM Conference on Economics and Computation (2019)
Acknowledgment
This work was partially supported by the Army Research Office under grant W911NF-13-1-0421.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Wellman, M.P., Nguyen, T.H., Wright, M. (2019). Empirical Game-Theoretic Methods for Adaptive Cyber-Defense. In: Jajodia, S., Cybenko, G., Liu, P., Wang, C., Wellman, M. (eds) Adversarial and Uncertain Reasoning for Adaptive Cyber Defense. Lecture Notes in Computer Science(), vol 11830. Springer, Cham. https://doi.org/10.1007/978-3-030-30719-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-30719-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30718-9
Online ISBN: 978-3-030-30719-6
eBook Packages: Computer ScienceComputer Science (R0)