Abstract:The discipline of game theory was introduced in the context of economics, and has been applied to study cyber attacker and defender behaviors. While adaptions have been made to accommodate features in the cyber domain, these studies are inherently limited by the root of game theory in economic systems where players (i.e., agents) may be selfish but not malicious. In this SoK, we systematize the major cybersecurity problems that have been studied with the game-theoretic approach, the assumptions that have been made, the models and solution concepts that have been proposed. The systematization leads to a characterization of the technical gaps that must be addressed in order to make game-theoretic cybersecurity models truly useful. We explore bridges to address them.

What problem does this paper attempt to address?

The main problem that this paper attempts to solve is: **How to systematically organize and analyze the application of game theory in the field of network security, identify the assumptions, models and their technical gaps in existing research, and explore ways to bridge these gaps**. Specifically, the paper focuses on the following aspects: 1. **Decision - making problems**: Network defenders lack systematic solutions when facing decision - making problems such as when, where and how to deploy honeypots or Moving Target Defense (MTD) mechanisms. These problems are crucial because once a honeypot is discovered by an attacker, it becomes useless, and MTD may disrupt the services of customers. 2. **Limitations of existing research**: Although many studies have attempted to apply game theory to network security decision - making, these studies are essentially limited by their economic origins. Game theory was originally developed to study the behavior of players (i.e., agents) in economic systems, and these players may be selfish but not malicious. Therefore, existing game theory models have limitations when dealing with network security problems, especially in describing player behavior. Network security requires prescriptive solutions that can guide practical operations. 3. **Technical gaps and bridges**: By systematically organizing 81 related literatures, the paper identifies seven technical gaps in the current application of game theory in the network security field and explores possible solutions (i.e., "bridges") in order to make game theory models more practical in network security. ### Main contributions - **Framework construction**: Propose a novel framework for systematically organizing the application of game theory in network security, including four pillars: application scenarios, assumptions, models and solution concepts, and analysis techniques. - **Status quo combing**: Through the systematic organization of 81 literatures, clearly show the current research situation and identify seven technical gaps that must be solved. - **Future directions**: Explore the research directions that may bridge these technical gaps, providing guidance for future academic research. ### Classification of technical gaps The paper divides the seven technical gaps into three categories: 1. **Usage scenarios and assumptions**: Involving two gaps. 2. **Rationality and collusion robustness**: Involving two gaps. 3. **Uncertainty of player knowledge**: Involving three gaps, which are discussed from the perspectives of the player set, the action set and the utility function respectively. ### Conclusion This paper aims to reveal the deficiencies in the application of game theory in the field of network security through systematic organization and analysis, and provide clear directions for future research. This not only helps to improve the practicality of game theory models in network security, but also provides convenience for researchers and practitioners to evaluate the effectiveness and rationality of new models.

SoK: Game-Theoretic Cybersecurity: Assumptions, Models, Gaps, and Bridges

Stackelberg Interdependent Security Game in Distributed and Hierarchical Cyber-Physical Systems

A Game-Theoretic Method for Cross-Layer Stochastic Resilient Control Design in CPS.

Game Theory Meets Network Security: A Tutorial at ACM CCS

How Effective Are the Prevailing Attack-Defense Models for Cybersecurity Anyway?

Dynamic Games in Cyber-Physical Security: An Overview

A Game-Theoretic Model On Coalitional Attacks In Smart Grid

Game-Theoretic Model and Experimental Investigation of Cyber Wargaming

Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems

The critical node game

A Survey of Cyber-Physical Systems From a Game-Theoretic Perspective

Game-Theoretic Analysis of Attack and Defense in Cyber-Physical Network Infrastructures

Game Theory in Distributed Systems Security: Foundations, Challenges, and Future Directions

Game Theoretical Dynamic Cybersecurity Defense Strategy for Electrical Cyber Physical Systems

A Game Theoretic Perspective on Adversarial Machine Learning and Related Cybersecurity Applications

A Hybrid Game Theory and Reinforcement Learning Approach for Cyber-Physical Systems Security

Science of Cyber Security as a System of Models and Problems

Game-Theoretic Analysis for Security of Various Software-Defined Networking (SDN) Architectures

Application of Cybernetics and Control Theory for a New Paradigm in Cybersecurity

Strategic aspects of cyberattack, attribution, and blame