Towards a Science of Security Games

Nguyen, Thanh H.; Kar, Debarun; Brown, Matthew; Sinha, Arunesh; Jiang, Albert Xin; Tambe, Milind

doi:10.1007/978-3-319-31323-8_16

Cited by 23 publications

(10 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such explanation suggests that people may deliberately try to behave more randomly themselves when they play against an Adaptive strategy than when they play against other types of attackers. Intentional random behavior is difficult for humans to detect and perceive (e.g., Rapoport and Budescu, 1997 ), and many current defense strategies rely on randomization of defense resources based on game-theoretic results (Nguyen et al, 2016 ). To test for this explanation we used a common non-parametric test for randomness to measure independent and identically distributed (i.i.d) behavior: the Wald-Wolfowitz runs test.…”

Section: Resultsmentioning

confidence: 99%

“…To build effective dynamic and adaptive defense algorithms we need to address at least two strong assumptions in the science of security games (Nguyen et al, 2016 ) and behavioral game theory more generally (Gonzalez et al, 2015 ): information certainty and human rationality. Current defense algorithms inspired by game theory assume that a defender has perfect information about the payoff matrix and the attacker's behaviors.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security under Uncertainty: Adaptive Attackers Are More Challenging to Human Defenders than Random Attackers

Moisan

González

2017

Front. Psychol.

View full text Add to dashboard Cite

Game Theory is a common approach used to understand attacker and defender motives, strategies, and allocation of limited security resources. For example, many defense algorithms are based on game-theoretic solutions that conclude that randomization of defense actions assures unpredictability, creating difficulties for a human attacker. However, many game-theoretic solutions often rely on idealized assumptions of decision making that underplay the role of human cognition and information uncertainty. The consequence is that we know little about how effective these algorithms are against human players. Using a simplified security game, we study the type of attack strategy and the uncertainty about an attacker's strategy in a laboratory experiment where participants play the role of defenders against a simulated attacker. Our goal is to compare a human defender's behavior in three levels of uncertainty (Information Level: Certain, Risky, Uncertain) and three types of attacker's strategy (Attacker's strategy: Minimax, Random, Adaptive) in a between-subjects experimental design. Best defense performance is achieved when defenders play against a minimax and a random attack strategy compared to an adaptive strategy. Furthermore, when payoffs are certain, defenders are as efficient against random attack strategy as they are against an adaptive strategy, but when payoffs are uncertain, defenders have most difficulties defending against an adaptive attacker compared to a random attacker. We conclude that given conditions of uncertainty in many security problems, defense algorithms would be more efficient if they are adaptive to the attacker actions, taking advantage of the attacker's human inefficiencies.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Security under Uncertainty: Adaptive Attackers Are More Challenging to Human Defenders than Random Attackers

Moisan

González

2017

Front. Psychol.

View full text Add to dashboard Cite

show abstract

“…For example, defenders have limited resources but need to care for many defense spots (weak points) of their assets while attackers are able to successfully launch attacks if they can exploit at least one vulnerability of defenders' assets. For this reason, many computer and network security problems are formulated as unfair games between the attacker and the defender [28][29][30].…”

Section: Defense Strategy: Random Monitoringmentioning

confidence: 99%

“…One of the effective defense strategies is to assign defenders' limited small defense resources to large defense spots in random ways, so that attackers cannot figure out which spots will be monitored [29,30]. For example, in [30], a defender uses a random patrol strategy to capture attackers in many defense spots because the defender cannot patrol all patrol spots at the same time, and a fixed periodic patrol method can be easily avoided by attackers.…”

Section: Defense Strategy: Random Monitoringmentioning

confidence: 99%

Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms

Cho

2019

Electronics

View full text Add to dashboard Cite

Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms and thus avoid the defense systems’ detection and prevention activities. Web defacement attacks refer to a series of attacks that illegally modify web pages for malicious purposes, and are one of the serious ongoing cyber threats that occur globally. Detection methods against such attacks can be classified into either server-based approaches or client-based approaches, and there are pros and cons for each approach. From our extensive survey on existing client-based defense methods, we found a critical security vulnerability which can be exploited by intelligent attackers. In this paper, we report the security vulnerability in existing client-based detection methods with a fixed monitoring cycle and present novel intelligent on-off web defacement attacks exploiting such vulnerability. Next, we propose to use a random monitoring strategy as a promising countermeasure against such attacks, and design two random monitoring defense algorithms: (1) Uniform Random Monitoring Algorithm (URMA), and (2) Attack Damage-Based Random Monitoring Algorithm (ADRMA). In addition, we present extensive experiment results to validate our idea and show the detection performance of our random monitoring algorithms. According to our experiment results, our random monitoring detection algorithms can quickly detect various intelligent web defacement on-off attacks (AM1, AM2, and AM3), and thus do not allow huge attack damage in terms of the number of defaced slots when compared with an existing fixed periodic monitoring algorithm (FPMA).

show abstract

“…More sophisticated defender algorithms can be tried. Game Theory concepts can be applied, specifically treating the problem as a Stackelberg Security Game [31]. Specifically, the allocation of actionblocking "attention resources" can benefit from this.…”

Section: F U T U R E W O R Kmentioning

confidence: 99%

Reinforcement Learning vs Genetic Algorithms in Game-Theoretic Cyber-Security

Niculae¹

2018

Preprint

View full text Add to dashboard Cite

Penetration testing is the practice of performing a simulated attack on a computer system in order to reveal its vulnerabilities. The most common approach is to gain information and then plan and execute the attack manually, by a security expert. This manual method cannot meet the speed and frequency required for efficient, large-scale secu- rity solutions development. To address this, we formalize penetration testing as a security game between an attacker who tries to compro- mise a network and a defending adversary actively protecting it. We compare multiple algorithms for finding the attacker’s strategy, from fixed-strategy to Reinforcement Learning, namely Q-Learning (QL), Extended Classifier Systems (XCS) and Deep Q-Networks (DQN). The attacker’s strength is measured in terms of speed and stealthi- ness, in the specific environment used in our simulations. The results show that QL surpasses human performance, XCS yields worse than human performance but is more stable, and the slow convergence of DQN keeps it from achieving exceptional performance, in addition, we find that all of these Machine Learning approaches outperform fixed-strategy attackers.

show abstract

Towards a Science of Security Games

Cited by 23 publications

References 22 publications

Security under Uncertainty: Adaptive Attackers Are More Challenging to Human Defenders than Random Attackers

Security under Uncertainty: Adaptive Attackers Are More Challenging to Human Defenders than Random Attackers

Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms

Reinforcement Learning vs Genetic Algorithms in Game-Theoretic Cyber-Security

Contact Info

Product

Resources

About