Hao Wu,Wei Wang,Changyun Wen,Zhengguo Li

DOI: https://doi.org/10.1016/j.ins.2018.04.051

IF: 8.1

2018-01-01

Information Sciences

Abstract:In this paper, a game theoretical analysis method is presented to provide the optimal security detection strategies for heterogeneous networked systems. A two-stage game model is firstly established, in which the attacker and defender are considered as two players. In the first stage, the two players make decisions on whether to execute the attack/monitoring actions or to keep silence for each network unit. In the second stage, two important strategic varibles, i.e. the attack intensity and detection threshold, are cautiously determined. The necessary and sufficient conditions to ensure the existence of the Nash equilibriums for the game with complete information are rigorously analyzed. The results reflect that with limited resources and capacities, the defender (attacker) tends to perform defense (attack) actions and further allocate more defense (less attack) resources to the units with larger assets. Besides, Bayesian and robust Nash equilibrium analysis is provided for the game with incomplete information. Finally, a sampling based Nash equilibrium verification and calculation approach is proposed for the game model with continuous kernels. Thus the convexity restrictions can be relaxed and the computational complexity is effectively reduced, with comparison to the existing recursive calculation methods. Numerical examples are given to validate our theoretical results.

Ya-Peng Li,Suo-Yi Tan,Ye Deng,Jun Wu

DOI: https://doi.org/10.1063/1.5029343

2018-01-01

Abstract:Dealing with the protection of critical infrastructures, many game-theoretic methods have been developed to study the strategic interactions between defenders and attackers. However, most game models ignore the interrelationship between different components within a certain system. In this paper, we propose a simultaneous-move attacker-defender game model, which is a two-player zero-sum static game with complete information. The strategies and payoffs of this game are defined on the basis of the topology structure of the infrastructure system, which is represented by a complex network. Due to the complexity of strategies, the attack and defense strategies are confined by two typical strategies, namely, targeted strategy and random strategy. The simulation results indicate that in a scale-free network, the attacker virtually always attacks randomly in the Nash equilibrium. With a small cost-sensitive parameter, representing the degree to which costs increase with the importance of a target, the defender protects the hub targets with large degrees preferentially. When the cost-sensitive parameter exceeds a threshold, the defender switches to protecting nodes randomly. Our work provides a new theoretical framework to analyze the confrontations between the attacker and the defender on critical infrastructures and deserves further study. Published by AIP Publishing.

Rui Peng,Di Wu,Mengyao Sun,Shaomin Wu

DOI: https://doi.org/10.1080/01605682.2020.1784048

IF: 3.6

2020-01-01

Journal of the Operational Research Society

Abstract:This paper analyzes the optimal strategies for an attacker and a defender in an attack-defense game on a network consisting of interdependent subnetworks. The defender moves first and allocates its resource to protect the network nodes. The attacker then moves and allocates its resources to attack the network nodes. The binary decision diagram is employed to obtain all potential states of the network system after attack. Considering each of its opponent's strategies, the game player tries to maximize its own cumulative prospect value. The backward induction method is employed to obtain the game players' optimal strategies, respectively. Different resource relationships are analyzed to testify the robustness of the main conclusions and players' risk attitudes are also investigated. Numerical examples are used to illustrate the analysis.

Pratishtha Shukla,Aranya Chakrabortty,Alexandra Duel-Hallen

DOI: https://doi.org/10.23919/acc.2019.8815018

2019-07-01

Abstract:We formulate a resource-planning game between an attacker and a defender of a Network Control System (NCS). We consider the network to be operating in closed-loop with a linear quadratic regulator (LQR). We construct a general-sum, two-player, mixed strategy (MS) game, where the attacker attempts to destroy communication equipment of some nodes, and thereby render the LQR feedback gain matrix to be sparse, leading to degradation of closed-loop performance. The defender, on the other hand, aims to prevent this loss. Both players trade their control performance objectives for the cost of their actions. A Mixed Strategy Nash Equilibrium (MSNE) of the game represents the allocation of the players' respective resources for attacking or protecting the important network nodes. Numerical results for the New England power system model demonstrate that reliable defense is feasible unless the cost of attack is much smaller than the cost of protection per generator.

Bastián Bahamondes,Mathieu Dahan

2024-04-18

Abstract:We consider a two-person network inspection game, in which a defender positions a limited number of detectors to detect multiple attacks caused by an attacker. We assume that detection is imperfect, and each detector location is associated with a probability of detecting attacks within its set of monitored network components. The objective of the defender (resp. attacker) is to minimize (resp. maximize) the expected number of undetected attacks. To compute Nash Equilibria (NE) for this large-scale zero-sum game, we formulate a linear program with a small number of constraints, which we solve via column generation. We provide an exact mixed-integer program for the pricing problem, which entails computing a defender's pure best response, and leverage its supermodular structure to derive two efficient approaches to obtain approximate NE with theoretical guarantees: A column generation and a multiplicative weights update (MWU) algorithm with approximate best responses. To address the computational challenges posed by combinatorial attacker strategies, each iteration of our MWU algorithm requires computing a projection under the unnormalized relative entropy. We provide a closed-form solution and a linear-time algorithm for the projection problem. Our computational results in real-world gas distribution networks illustrate the performance and scalability of our solution approaches.

Computer Science and Game Theory

Liang Liu,Cheng Huang,Yong Fang,Zhenxue Wang

DOI: https://doi.org/10.3837/tiis.2019.10.024

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:In the process of constructing the traditional offensive and defensive game theory model, these are some shortages for considering the dynamic change of security risk problem. By analysing the critical indicators of the incomplete information game theory model, incomplete information attack and defense game theory model and the mathematical engineering method for solving Bayes-Nash equilibrium, the risk-averse income function for information assets is summarized as the problem of maximising the return of the equilibrium point. To obtain the functional relationship between the optimal strategy combination of the offense and defense and the information asset security probability and risk probability. At the same time, the offensive and defensive examples are used to visually analyse and demonstrate the incomplete information game and the Harsanyi conversion method. First, the incomplete information game and the Harsanyi conversion problem is discussed through the attack and defense examples and using the game tree. Then the strategy expression of incomplete information static game and the engineering mathematics method of Bayes-Nash equilibrium are given. After that, it focuses on the offensive and defensive game problem of unsafe information network based on risk aversion. The problem of attack and defense is obtained by the issue of maximizing utility, and then the Bayes-Nash equilibrium of offense and defense game is carried out around the security risk of assets. Finally, the application model in network security penetration and defense is analyzed by designing a simulation example of attack and defense penetration. The analysis results show that the constructed income function model is feasible and practical.

Pengxi Yang,Fei Gao,Hua Zhang

DOI: https://doi.org/10.3390/math9233014

IF: 2.4

2021-01-01

Mathematics

Abstract:We formalize the adversarial process between defender and attackers as a game and study the non-cooperative evolutionary game mechanism under bounded rationality. We analyze the long-term dynamic process between the attacking and defending parties using the evolutionary stable strategies derived from the evolutionary game model. First, we construct a multi-player evolutionary game model consisting of a defender and multiple attackers, formally describe the strategies, and construct a three-player game payoff matrix. Then, we propose two punishment schemes, i.e., static and dynamic ones. Moreover, through the combination of mathematical derivation with simulation, we obtain the evolutionary stable strategies of each player. Different from previous work, in this paper, we consider the influence of strategies among different attackers. The simulation shows that (1) in the static punishment scheme, increasing the penalty can quickly control the occurrence of network attacks in the short term; (2) in the dynamic punishment scheme, the game can be stabilized effectively, and the stable state and equilibrium values are not affected by the change of the initial values.

Zhen Ni,Qianmu Li,Gang Liu

DOI: https://doi.org/10.1109/mc.2018.2141032

2018-01-01

Computer

Abstract:Network security decisions must consider how to balance information security risk and output in light of limited resources. Using game theory, the authors propose an optimum attack-defense decision-making algorithm that considers the interaction between attackers and defenders.

Li Liang,Fang Deng,Zhihong Peng,Xinxing Li,Wenzhong Zha

DOI: https://doi.org/10.1016/j.automatica.2018.12.034

IF: 6.4

2019-01-01

Automatica

Abstract:Multi-player pursuit–evasion games are crucial for addressing the maneuver decision problem arising in the cooperative control of multi-agent systems. This work addresses a particular pursuit–evasion game with three players, Target, Attacker, and Defender. The Attacker aims to capture the Target, while avoiding being captured by the Defender and the Defender tries to defend the Target from being captured by the Attacker, while trying to capture the Attacker at an opportune moment. A two-pronged pursuit–evasion problem in this game is considered and we focus on two aspects: the cooperation between the Target and Defender and balancing the roles of the Attacker between pursuer and evader. A barrier based on the explicit policy method and geometric analysis method is constructed to separate the whole state space into two disjoint parts that correspond to two winning regions for the Attacker and Target–Defender team. The main contributions of this work are obtaining the players’ winning regions and providing a complete game solution by analyzing the optimal strategies and trajectories of the players based on the barrier.

Gaoxin Qi,Jichao Li,Chi Xu,Gang Chen,Kewei Yang

DOI: https://doi.org/10.3390/e25010057

IF: 2.738

2022-12-29

Entropy

Abstract:Today, people rely heavily on infrastructure networks. Attacks on infrastructure networks can lead to significant property damage and production stagnation. The game theory provides a suitable theoretical framework for solving the problem of infrastructure protection. Existing models consider only the beneficial effects that the defender obtains from information gaps. If the attacker's countermeasures are ignored, the defender will become passive. Herein, we consider that a proficient attacker with a probability in the game can fill information gaps in the network. First, we introduce the link-hiding rule and the information dilemma. Second, based on the Bayesian static game model, we establish an attack–defense game model with multiple types of attackers. In the game model, we consider resource-consistent and different types of distributions of the attacker. Then, we introduce the solution method of our model by combining the Harsanyi transformation and the bi-matrix game. Finally, we conduct experiments using a scale-free network. The result shows that the defender can be benefited by hiding some links when facing a normal attacker or by estimating the distribution of the attacker correctly. The defender will experience a loss if it ignores the proficient attacker or misestimates the distribution.

physics, multidisciplinary

Jiaqi Ren,Jin Liu,Yibo Dong,Zhe Li,Weili Li

DOI: https://doi.org/10.3390/e26080624

IF: 2.738

2024-07-25

Entropy

Abstract:Recently, research interest in the field of infrastructure attack and defense scenarios has increased. Numerous methods have been proposed for studying strategy interactions that combine complex network theory and game theory. However, the unavoidable effect of constrained strategies in complex situations has not been considered in previous studies. This study introduces a novel approach to analyzing these interactions by including the effects of constrained strategies, a factor often neglected in traditional analyses. First, we introduce the rule of constraints on strategies, which depends on the average distance between selected nodes. As the average distance increases, the probability of choosing the corresponding strategy decreases. Second, we establish an attacker–defender game model with constrained strategies based on the above rule and using information theory to evaluate the uncertainty of these strategies. Finally, we present a method for solving this problem and conduct experiments based on a target network. The results highlight the unique characteristics of the Nash equilibrium when setting constraints, as these constraints influence decision makers' Nash equilibria. When considering the constrained strategies, both the attacker and the defender tend to select strategies with lower average distances. The effect of the constraints on their strategies becomes less apparent as the number of attackable or defendable nodes increases. This research advances the field by introducing a novel framework for examining strategic interactions in infrastructure defense and attack scenarios. By incorporating strategy constraints, our work offers a new perspective on the critical area of infrastructure security.

physics, multidisciplinary

Gao Qiuyue,Wu Huici,Zhang Yunfei,Tao Xiaofeng

DOI: https://doi.org/10.1007/s11432-020-3228-8

2021-01-01

Science China Information Sciences

Abstract:Due to the increasing number of wireless terminals and progressively extensive interconnections among them, interaction between the attack group and defense group is becoming a dominant security manifestation in future wireless networks. This paper focuses on the modeling and analysis of multi-attacker to multi-defender interaction. First, considering the continuous interaction between the attack group and defense group in real-time, a differential game-based multi-attacker to multi-defender interaction model is explicated with paralysis threshold introduced to reduce the ping-pong effect in paralysis. Optimal control theory is then introduced to obtain the equilibrium strategy with Hamilton best control method and a proposed optimal strategy selection algorithm for multi-attacker to multi-defender interaction. Finally, simulations are provided to demonstrate the evolutionary trajectory of optimal attack and defensive strategies and the relationship between the paralysis threshold and the group strength evolution results. Numerical results show the attackers and defenders are aggressive to strengthen their groups initially and then gradually decrease their strength to obtain ideal cost-effectiveness ratios. Moreover, increasing the defense paralysis threshold within a certain range will be more conducive to improving the defense effectiveness.

Eleni C. Akrida,Argyrios Deligkas,Themistoklis Melissourgos,Paul G. Spirakis

DOI: https://doi.org/10.48550/arXiv.1906.02774

2019-06-07

Abstract:We study a security game over a network played between a $defender$ and $k$ $attackers$. Every attacker chooses, probabilistically, a node of the network to damage. The defender chooses, probabilistically as well, a connected induced subgraph of the network of $\lambda$ nodes to scan and <a class="link-external link-http" href="http://clean.Each" rel="external noopener nofollow">this http URL</a> attacker wishes to maximize the probability of escaping her cleaning by the defender. On the other hand, the goal of the defender is to maximize the expected number of attackers that she catches. This game is a generalization of the model from the seminal paper of Mavronicolas et al. "The price of defense" (MFCS'06). We are interested in Nash equilibria (NE) of this game, as well as in characterizing $defense$-$optimal$ networks which allow for the best $equilibrium$ $defense$ $ratio$, termed Price of Defense; this is the ratio of $k$ over the expected number of attackers that the defender catches in a NE. We provide characterizations of the NEs of this game and defense-optimal networks. This allows us to show that the NEs of the game coincide independently from the coordination or not of the attackers. In addition, we give an algorithm for computing NEs. Our algorithm requires exponential time in the worst case, but it is polynomial-time for $\lambda$ constantly close to 1 or $n$. For the special case of tree-networks, we refine our characterization which allows us to derive a polynomial-time algorithm for deciding whether a tree is defense-optimal and if this is the case it computes a defense-optimal NE. On the other hand, we prove that it is NP-hard to find a best-defense strategy if the tree is not defense-optimal. We complement this negative result with a polynomial-time constant-approximation algorithm that computes solutions that are close to optimal ones for general graphs. Finally, we provide asymptotically (almost) tight bounds for the Price of Defense for any $\lambda$.

Computer Science and Game Theory

Jason Tsai,Zhengyu Yin,Jun-young Kwak,David Kempe,Christopher Kiekintveld,Milind Tambe

DOI: https://doi.org/10.1609/aaai.v24i1.7612

2010-07-04

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:Law enforcement agencies frequently must allocate limited resources to protect targets embedded in a network, such as important buildings in a city road network. Since intelligent attackers may observe and exploit patterns in the allocation, it is crucial that the allocations be randomized. We cast this problem as an attacker-defender Stackelberg game: the defender’s goal is to obtain an optimal mixed strategy for allocating resources. The defender’s strategy space is exponential in the number of resources, and the attacker’s exponential in the network size. Existing algorithms are therefore useless for all but the smallest networks. We present a solution approach based on two key ideas: (i) A polynomial-sized game model obtained via an approximation of the strategy space, solved efficiently using a linear program; (ii) Two efficient techniques that map solutions from the approximate game to the original, with proofs of correctness under certain assumptions. We present in-depth experimental results, including an evaluation on part of the Mumbai road network.

Yapeng Li,Ye Deng,Yu Xiao,Jun Wu

DOI: https://doi.org/10.1007/s11424-019-7420-0

2019-01-01

Journal of Systems Science and Complexity

Abstract:To investigate the attack and defense strategies in complex networks, the authors propose a two-player zero-sum static game model with complete information which considers attack and defense strategies simultaneously. The authors assume that both the attacker and defender have two typical strategies: Targeted strategy and random strategy. The authors explore the Nash equilibriums of the attacker-defender game and demonstrate that when the attacker’s attack resources are not so significantly abundant as the defender?s resources, there exists a pure-strategy Nash equilibrium in both model networks and real-world networks, in which the defender protects the hub targets with large degrees preferentially, while the attacker prefers selecting the targets randomly. When the attack resources are much higher than defense resources, both the attacker and the defender adopt the targeted strategy in equilibriums. This paper provides a new theoretical framework for the study of attack and defense strategies in complex networks.

Yan Ding,Xian-wei Zhou,Zhi-mi Cheng,Fu-hong Lin

DOI: https://doi.org/10.1007/s11277-013-1018-y

IF: 2.017

2013-01-01

Wireless Personal Communications

Abstract:A particular challenging problem in designing Internet of Things is that how to detect and prevent internal attacks, because all nodes try their best to save their limited network resource. So it is difficult to achieve optimal objectives simultaneously, game theory provides an appropriate tool. In this paper, we propose a non-cooperative differential game model, which allows all nodes to choose the optimal amount of network resource to invest in information security contingent upon the state of game. In our model, we specifically consider how the vulnerability of information and the potential loss from such vulnerability affects the optimal amount of resources that should be devoted to securing that information. In the paper, the optimal strategies of selfish nodes and malicious nodes are obtained respectively. The simulation results show that our game model has a good performance in stability of the probability that the selfish nodes discover the malicious nodes under the optimal strategies of the selfish and the malicious nodes.

Bram de Witte,Paolo Frasca,Bastiaan Overvest,Judith Timmer

DOI: https://doi.org/10.48550/arXiv.1906.09486

2019-06-23

Abstract:A digital security breach, by which confidential information is leaked, does not only affect the agent whose system is infiltrated, but is also detrimental to other agents socially connected to the infiltrated system. Although it has been argued that these externalities create incentives to under-invest in security, this presumption is challenged by the possibility of strategic adversaries that attack the least protected agents. In this paper we study a new model of security games in which agents share tokens of sensitive information in a network of contacts. The agents have the opportunity to invest in security to protect against an attack that can be either strategically or randomly targeted. We show that, in the presence of random attack, under-investments always prevail at the Nash equilibrium in comparison with the social optimum. Instead, when the attack is strategic, either under-investments or over-investments are possible, depending on the network topology and on the characteristics of the process of the spreading of information. Actually, agents invest more in security than socially optimal when dependencies among agents are low (which can happen because the information network is sparsely connected or because the probability that information tokens are shared is small). These over-investments pass on to under-investments when information sharing is more likely (and therefore, when the risk brought by the attack is higher).

Social and Information Networks,Computer Science and Game Theory

Kun Lv,Yun Chen,Changzhen Hu

DOI: https://doi.org/10.1016/j.inffus.2019.01.001

IF: 18.6

2019-01-01

Information Fusion

Abstract:Advanced persistent threats (APTs) pose a grave threat in cyberspace because of their long latency and concealment. In this paper, we propose a hybrid strategy game-based dynamic defense model to optimally allocate constrained secure resources for the target network. In addition, values of profits of players in this game are computed by a novel data-fusion method called NetF. Based on network protocols and log documents, the NetF deciphers data packets collected from different networks to natural language to make them comparable. Using this algorithm, data observed from the Internet and wireless sensor networks (WSNs) can be fused to calculate the comprehensive payoff of every node precisely. The Nash equilibrium can be computed using the value to detect the possibility of a node being a malicious node. Using this method, the dynamic optimal defense strategy can be allocated to every node at different times, which enhances the security of the target network obviously. In experiments, we illustrate the obtained results via case studies of a cluster of heterogeneous networks. The results guide planning of optimal defense strategies for different kinds of nodes at different times.

Guangru Shao,Xue-Fang Wang,Maojiao Ye,Rui Wang

DOI: https://doi.org/10.1109/tnse.2022.3197816

IF: 6.6

2022-01-01

IEEE Transactions on Network Science and Engineering

Abstract:This paper investigates the Nash equilibrium (NE) seeking problem of the game in which the dynamics of all players are affected by external disturbances and the communication network among players may be influenced by persistent attacks. To solve this problem, a distributed robust switched algorithm is proposed. This distributed switched strategy consists of two modules: One is the internal-model based dynamics that can be used to compensate the effects caused by external disturbances; the other is gradient-based optimization module which can utilize the local information to estimate the players' decisions and dynamically seek the optimal solution. By utilizing average dwell-time and time-ratio constraints to characterize the network attacks, the proposed switched strategy is modeled into a hybrid dynamical system. Moreover, employing the hybrid systems approach, we prove that the decisions of all players can exponentially converge to the NE of the considered game. Finally, an example is provided to illustrate the theoretical results.

Liang Liu,Lei Zhang,Shan Liao,Jiayong Liu,Zhenxue Wang

DOI: https://doi.org/10.1016/j.ins.2021.06.078

IF: 8.1

2021-01-01

Information Sciences

Abstract:To address the incomplete information dynamic network attack and defense game in practice, this paper proposes a generalized approach to solve for perfect Bayesian Nash equilibrium (BNE) for practical network attack and defense. To consider "role-shifting" in the practical network attack and defense environment, the proposed approach substitutes solving the Nash equilibrium (NE) problem with a payoff (reward) maximization problem via a profound combination between the subgame perfect NE of the complete information dynamic game and the BNE of the incomplete information static game. Furthermore, to evaluate the effectiveness of the proposed approach, a representative signaling game with specific values is examined from a theoretical perspective. Finally, a real penetration test case targeting a web server is implemented to substantiate the effectiveness of the proposed approach from a practical perspective with some visual verifications and crucial penetration codes, where the attacker successfully obtains the ROOT authority (the highest authority) of the target web server. (c) 2021 Elsevier Inc. All rights reserved.