Öz
In this paper, a new game formulation is proposed that combines simulation and game-theoretical approaches to the application of security games in cyberspace. The model presented here builds upon a security economic approach that models the adversary and defender motives and goals in the context of empirically derived countermeasure efficacy metrics. The approach is based on a two-player strategic game to determine optimal strategy selection for both adversary and defender. Besides, not only the solution to the game but also a mathematical and graphical representation of “what if” scenarios in the context of the game.
In this study, it has been shown that game-theoretic calculations can serve as a useful tool for identifying effective strategies in cyberwar games. For scenarios that need to penetrate multiple layers in a defense-in-depth security configuration, the calculation of the attacker's and defensive costs and the probability of infiltration requires the presence of cost-benefit matrices and probability matrices. Inspection of the matrices allows players to deduce preferred strategies based on game-theoretical equilibrium solutions. The matrices also help in analyzing the anticipated effects of potential human-based choices of wargame strategies and counter-strategies. Also, a mathematical game-theoretical form has been defined. This paper shows how game-theoretical calculations can indeed provide a useful tool for effective decision-making during cyber wars.
Anahtar Kelimeler
Kaynakça
- Eren, H. Gençoğlu, M. T. Yenal, S. (2020 )Strateji ve Güvenlik Alanında Temel ve Güncel Yaklaşımlar “Siber Savaş”. Nobel Yayınları.
- Do, C. T. Tran, N. H. Hong, C. Kamhoua, C. A. Kwiat, K. A. Blasch, E. Ren, S. Pissinou, N. Iyengar, S. S.( 2017) Game theory for cybersecurity and privacy. ACM Computing Surveys (CSUR), 50(2), 30.
- Sokri, A. (2019) Game Theory and Cyber Defense. Games in Management Science (pp. 335-352). Springer.
- Guseinov, K.G. Akyar, E. Düzce, S.A. (2010) Oyun Teorisi. Seçkin yayınları.
- Kiekintveld, C. Lisy, V. Pibil, R. (2015) Game-theoretic foundations for the strategic use of honeypots in network security. In Cyber warfare (pp. 81–101). Springer.
- Osborne, M. J. (2004) An Introduction to Game Theory. Oxford University Press.
- Shoham Y.and Leyton-Brown. K. (2009) MultiagentSystems: Algorithmic, Game-Theoretic, and Logical Foundations. Cambridge University Press.
- Harsanyi, J. (1967) Games with Incomplete Information Played by Bayesian Players, I-III, Part I, the Basic Model”, Management Science, Vol 14(3), pp. 159–182.
- Aumann, R. and Maschler M. (1995) Repeated Games with Incomplete Information, MIT Press.
- Hamilton, S. N. Miller, W. L. Ott, A. Saydjari, O. S. (2002) The role of game theory in information warfare. 4th Information survivability workshop (ISW-2001/2002). Vancouver, Canada.
- Burke, J. (1999) Robustness of Optimal Equilibrium Among Overlapping Generations, Economic Theory, Vol. 14, pp. 311–330.
- [Gibbons, R. (1992) Game Theory for Applied Economists, Princeton University Press.
- Libicki, M. (1997) Defending Cyberspace, and Other Metaphors, National Defense University.
- Andrew, F. Emmanouil, P. Pasquale, M. Chris, H. Fabrizio, S. (2014) Game Theory Meets Information Security Management, IFIP International Information Security Conference SEC 2014: ICT Systems Security and Privacy Protection( pp.15-29).
- Sanjay, G. and Yuan, H. (2015) Cyber War Games: Strategic Jostling Among Traditional Adversaries. Cyber Warfare, Advances in Information Security 56.
Öz
In this paper, a new game formulation is proposed that combines simulation and game-theoretical approaches to the application of security games in cyberspace. The model presented here builds upon a security economic approach that models the adversary and defender motives and goals in the context of empirically derived countermeasure efficacy metrics. The approach is based on a two-player strategic game to determine optimal strategy selection for both adversary and defender. Besides, not only the solution to the game but also a mathematical and graphical representation of “what if” scenarios in the context of the game.
In this study, it has been shown that game-theoretic calculations can serve as a useful tool for identifying effective strategies in cyberwar games. For scenarios that need to penetrate multiple layers in a defense-in-depth security configuration, the calculation of the attacker's and defensive costs and the probability of infiltration requires the presence of cost-benefit matrices and probability matrices. Inspection of the matrices allows players to deduce preferred strategies based on game-theoretical equilibrium solutions. The matrices also help in analyzing the anticipated effects of potential human-based choices of wargame strategies and counter-strategies. Also, a mathematical game-theoretical form has been defined. This paper shows how game-theoretical calculations can indeed provide a useful tool for effective decision-making during cyber wars.
Anahtar Kelimeler
Game theory Cyberdefense Cyberattack Cybersecurity Cybersecurity Game Model Cybersecurity mathematical model Game theory, Cyberdefense, Cyberattack, Cybersecurity, Cybersecurity Game Model, Cybersecurity mathematical model
Kaynakça
- Eren, H. Gençoğlu, M. T. Yenal, S. (2020 )Strateji ve Güvenlik Alanında Temel ve Güncel Yaklaşımlar “Siber Savaş”. Nobel Yayınları.
- Do, C. T. Tran, N. H. Hong, C. Kamhoua, C. A. Kwiat, K. A. Blasch, E. Ren, S. Pissinou, N. Iyengar, S. S.( 2017) Game theory for cybersecurity and privacy. ACM Computing Surveys (CSUR), 50(2), 30.
- Sokri, A. (2019) Game Theory and Cyber Defense. Games in Management Science (pp. 335-352). Springer.
- Guseinov, K.G. Akyar, E. Düzce, S.A. (2010) Oyun Teorisi. Seçkin yayınları.
- Kiekintveld, C. Lisy, V. Pibil, R. (2015) Game-theoretic foundations for the strategic use of honeypots in network security. In Cyber warfare (pp. 81–101). Springer.
- Osborne, M. J. (2004) An Introduction to Game Theory. Oxford University Press.
- Shoham Y.and Leyton-Brown. K. (2009) MultiagentSystems: Algorithmic, Game-Theoretic, and Logical Foundations. Cambridge University Press.
- Harsanyi, J. (1967) Games with Incomplete Information Played by Bayesian Players, I-III, Part I, the Basic Model”, Management Science, Vol 14(3), pp. 159–182.
- Aumann, R. and Maschler M. (1995) Repeated Games with Incomplete Information, MIT Press.
- Hamilton, S. N. Miller, W. L. Ott, A. Saydjari, O. S. (2002) The role of game theory in information warfare. 4th Information survivability workshop (ISW-2001/2002). Vancouver, Canada.
- Burke, J. (1999) Robustness of Optimal Equilibrium Among Overlapping Generations, Economic Theory, Vol. 14, pp. 311–330.
- [Gibbons, R. (1992) Game Theory for Applied Economists, Princeton University Press.
- Libicki, M. (1997) Defending Cyberspace, and Other Metaphors, National Defense University.
- Andrew, F. Emmanouil, P. Pasquale, M. Chris, H. Fabrizio, S. (2014) Game Theory Meets Information Security Management, IFIP International Information Security Conference SEC 2014: ICT Systems Security and Privacy Protection( pp.15-29).
- Sanjay, G. and Yuan, H. (2015) Cyber War Games: Strategic Jostling Among Traditional Adversaries. Cyber Warfare, Advances in Information Security 56.
Ayrıntılar
| Birincil Dil | İngilizce |
|---|---|
| Konular | Bilgisayar Yazılımı |
| Bölüm | Araştırma Makaleleri |
| Yazarlar | |
| Yayımlanma Tarihi | 1 Ağustos 2022 |
| Gönderilme Tarihi | 20 Eylül 2021 |
| Kabul Tarihi | 22 Ocak 2022 |
| Yayımlandığı Sayı | Yıl 2022 |