Abstract
This paper uses agent-based simulation to determine appropriate strategies for attackers and defenders in a simple network security game, using a method which is generalizable to many other security games. In this game, both sides are modeled as strategic entities. The attacker is trying to maximize the amount of damage he causes, and the defender is trying to minimize her loss subject to cost constraints. Through simulation, we derive Nash equilibrium strategies for each side under a variety of cost conditions in order to better inform network administrators about attacker behaviors and possible mitigations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Allais, M.: Le comportement de l’homme rationnel devant le risque: Critique des postulats et axiomes de l’école Américaine. Econometrica 21, 503–546 (1953)
Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)
Ariely, D.: Predictably Irrational: The Hidden Forces That Shape Our Decisions. HarperCollins (February 2008)
Baldwin, A., Beres, Y., Duggan, G.B., Mont, M.C., Johnson, H., Middup, C., Shiu, S.: Economic methods and decision making by security professionals. In: The Tenth Workshop on Economics and Information Security, WEIS 2011 (2011)
Chia, P.H., Chuang, J.: Colonel Blotto in the Phishing War. In: Baras, J.S., Katz, J., Altman, E. (eds.) GameSec 2011. LNCS, vol. 7037, pp. 201–218. Springer, Heidelberg (2011)
Chia, P.H.: Colonel Blotto in web security. In: The Eleventh Workshop on Economics and Information Security, WEIS Rump Session (2012)
Fultz, N., Grossklags, J.: Blue versus Red: Towards a Model of Distributed Security Attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)
Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the 9th ACM Conference on Electronic Commerce, EC 2008, pp. 160–169. ACM, New York (2008)
Grossklags, J., Johnson, B.: Uncertainty in the weakest-link security game. In: Proceedings of the First ICST International Conference on Game Theory for Networks, GameNets 2009, pp. 673–682. IEEE Press, Piscataway (2009)
Hausken, K.: Protecting complex infrastructures against multiple strategic attackers. Intern. J. Syst. Sci. 42(1), 11–29 (2011)
Heal, G., Kunreuther, H.: You only die once: Managing discrete interdependent risks. In: Columbia Business School and Wharton Risk Management and Decision Processes (2002)
Heimann, C.F.L., Nochenson, A.: The effects of loss profiles in interdependent network security. In: The World Congress on Internet Security, WorldCIS (2012)
Heimann, C.F.L., Nochenson, A.: Identifying Tipping Points in a Decision-Theoretic Model of Network Security. ArXiv e-prints (March 2012)
Johnson, B., Böhme, R., Grossklags, J.: Security Games with Market Insurance. In: Baras, J.S., Katz, J., Altman, E. (eds.) GameSec 2011. LNCS, vol. 7037, pp. 117–130. Springer, Heidelberg (2011)
Johnson, B., Grossklags, J., Christin, N., Chuang, J.: Uncertainty in Interdependent Security Games. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 234–244. Springer, Heidelberg (2010)
Kahneman, D., Tversky, A.: Prospect theory: An analysis of decision under risk. Econometrica 47(2), 263–291 (1979)
Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26, 231–249 (2003)
Macal, C.M., North, M.J.: Tutorial on agent-based modeling and simulation. In: 2005 Winter Simulation Conference (2005)
Naraine, R.: Adobe warns of flash player zero-day attack (2011), http://www.zdnet.com/blog/security/adobe-warns-of-flash-player-zero-day-attack/8438
Nochenson, A., Heimann, C.F.L.: Optimal security investments in networks of varying size and topology. In: International Workshop on Socio-Technical Aspects in Security and Trust (2012)
Pratt, J.W.: Risk Aversion in the Small and in the Large. Econometrica 32 (1964)
Stocco, G.F., Cybenko, G.: Exploiting Adversary’s Risk Profiles in Imperfect Information Security Games. In: Baras, J.S., Katz, J., Altman, E. (eds.) GameSec 2011. LNCS, vol. 7037, pp. 22–33. Springer, Heidelberg (2011)
Varian, H.R.: System reliability and free riding. In: Economics of Information Security, Kluwer 2004, pp. 1–15. Kluwer Academic Publishers (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nochenson, A., Heimann, C.F.L. (2012). Simulation and Game-Theoretic Analysis of an Attacker-Defender Game. In: Grossklags, J., Walrand, J. (eds) Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science, vol 7638. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34266-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-34266-0_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34265-3
Online ISBN: 978-3-642-34266-0
eBook Packages: Computer ScienceComputer Science (R0)