Biblio

Currently, mobile ad hoc networks (MANETs) are widely used due to its self-configuring feature. However, it is vulnerable to the malicious jammers in practice. Traditional anti-jamming approaches, such as channel hopping based on deterministic sequences, may not be the reliable solution against intelligent jammers due to its fixed patterns. To address this problem, we propose a distributed game theory-based multi-agent anti-jamming (DMAA) algorithm in this paper. It enables each user to exploit all information from its neighboring users before the network attacks, and derive dynamic local policy knowledge to overcome intelligent jamming attacks efficiently as well as guide the users to cooperatively hop to the same channel with high probability. Simulation results demonstrate that the proposed algorithm can learn an optimal policy to guide the users to avoid malicious jamming more efficiently and rapidly than the random and independent Q-learning baseline algorithms,

This paper considers network protection games for a heterogeneous network system with N nodes against cyber-attackers of two different types of intentions. The first type tries to maximize damage based on the value of each net-worked node, while the second type only aims at successful infiltration. A defender, by applying defensive resources to networked nodes, can decrease those nodes' vulnerabilities. Meanwhile, the defender needs to balance the cost of using defensive resources and potential security benefits. Existing literature shows that, in a Nash equilibrium, the defender should adopt different resource allocation strategies against different types of attackers. However, it could be difficult for the defender to know the type of incoming cyber-attackers. A Bayesian game is investigated considering the case that the defender is uncertain about the attacker's type. We demonstrate that the Bayesian equilibrium defensive resource allocation strategy is a mixture of the Nash equilibrium strategies from the games against the two types of attackers separately.

Cyberspace is vulnerable to continuous malicious attacks. Traceability of network attacks is an effective defense means to curb and counter network attacks. In this paper, the evolutionary game model is used to analyze the network attack and defense behavior. On the basis of the quantification of attack and defense benefits, the replication dynamic learning mechanism is used to describe the change process of the selection probability of attack and defense strategies, and finally the evolutionary stability strategies and their solution curves of both sides are obtained. On this basis, the attack behavior is analyzed, and the probability curve of attack strategy and the optimal attack strategy are obtained, so as to realize the effective traceability of attack behavior.

At present, the research on the network security problem of underwater wireless sensors is still few, and since the underwater environment is exposed, passive security defense technology is not enough to deal with unknown security threats. Aiming at this problem, this paper proposes an offensive and defensive game model from the finite rationality of the network attack and defense sides, combined with evolutionary game theory. The replicated dynamic equation is introduced to analyze the evolution trend of strategies under different circumstances, and the selection algorithm of optimal strategy is designed, which verifies the effectiveness of this model through simulation and provides guidance for active defense technology.

In this short paper, we survey some work at the intersection of Artificial Intelligence (AI) and security that are based on game theoretic considerations, and particularly focus on the author's (our) contribution in these areas. One half of this paper focuses on applications of game theoretic and learning reasoning for addressing security applications such as in public safety and wildlife conservation. In the second half, we present recent work that attacks the learning components of these works, leading to sub-optimal defense allocation. We finally end by pointing to issues and potential research problems that can arise due to data quality in the real world.

Cyber physical system (CPS) Critical infrastructures (CIs) like the power and energy systems are increasingly becoming vulnerable to cyber attacks. Mitigating cyber risks in CIs is one of the key objectives of the design and maintenance of these systems. These CPS CIs commonly use legacy devices for remote monitoring and control where complete upgrades are uneconomical and infeasible. Therefore, risk assessment plays an important role in systematically enumerating and selectively securing vulnerable or high-risk assets through optimal investments in the cybersecurity of the CPS CIs. In this paper, we propose a CPS CI security framework and software tool, CySec Game, to be used by the CI industry and academic researchers to assess cyber risks and to optimally allocate cybersecurity investments to mitigate the risks. This framework uses attack tree, attack-defense tree, and game theory algorithms to identify high-risk targets and suggest optimal investments to mitigate the identified risks. We evaluate the efficacy of the framework using the tool by implementing a smart grid case study that shows accurate analysis and feasible implementation of the framework and the tool in this CPS CI environment.

Rational and smart decision making by means of strategic interaction and mathematical modelling is the key aspect of Game theory. Security games based on game theory are used extensively in cyberspace for various levels of security. The contemporary security issues can be modelled and analyzed using game theory as a robust mathematical framework. The attackers, defenders and the adversarial as well as defensive interactions can be captured using game theory. The security games equilibrium evaluation can help understand the attackers' strategies and potential threats at a deeper level for efficient defense. Wireless sensor network (WSN) designs are greatly benefitted by game theory. A deep learning adversarial network algorithm is used in combination with game theory enabling energy efficiency, optimal data delivery and security in a WSN. The trade-off between energy resource utilization and security is balanced using this technique.

Disinformation, fake news, and unverified rumors spread quickly in online social networks (OSNs) and manipulate people's opinions and decisions about life events. The solid mathematical solutions of the strategic decisions in OSNs have been provided under game theory models, including multiple roles and features. This work proposes a game-theoretic opinion framework to model subjective opinions and behavioral strategies of attackers, users, and a defender. The attackers use information deception models to disseminate disinformation. We investigate how different game-theoretic opinion models of updating people's subject opinions can influence a way for people to handle disinformation. We compare the opinion dynamics of the five different opinion models (i.e., uncertainty, homophily, assertion, herding, and encounter-based) where an opinion is formulated based on Subjective Logic that offers the capability to deal with uncertain opinions. Via our extensive experiments, we observe that the uncertainty-based opinion model shows the best performance in combating disinformation among all in that uncertainty-based decisions can significantly help users believe true information more than disinformation.

The network attack such as Distributed Denial-of-Service (DDoS) attack could be critical to latency-critical systems such as Mobile Edge Computing (MEC) as such attacks significantly increase the response delay of the victim service. Intrusion prevention system (IPS) is a promising solution to defend against such attacks, but there will be a trade-off between IPS deployment and application resource reservation as the deployment of IPS will reduce the number of computation resources for MEC applications. In this paper, we proposed a game-theoretic framework to study the joint computation resource allocation and IPS deployment in the MEC architecture. We study the pricing strategy of the MEC platform operator and purchase strategy of the application service provider, given the expected attack strength and end user demands. The best responses of both MPO and ASPs are derived theoretically to identify the Stackelberg equilibrium. The simulation results confirm that the proposed solutions significantly increase the social welfare of the system.

In the Bitcoin mining network, miners contribute computation power to solve crypto-puzzles in exchange for financial rewards. Due to the randomness and the competitiveness of mining, individual miners tend to join mining pools for low risks and steady incomes. Usually, a pool is managed by its central operator, who charges fees for providing risk-sharing services. This paper presents a hierarchical distributed computation paradigm where miners can distribute their power among multiple pools. By adding virtual pools, we separate miners’ dual roles of being the operator as well as being the member when solo mining. We formulate a multi-leader multi-follower Stackelberg game to study the joint utility maximization of pool operators and miners, thereby addressing a computation power allocation problem. We investigate two practical pool operation modes, a uniform-share-difficulty mode and a nonuniform-share-difficulty mode. We derive analytical results for the Stackelberg equilibrium of the game under both modes, based on which optimal strategies are designed for all operators and miners. Numerical evaluations are presented to verify the proposed model.

We study a game-theoretic model of the interactions between a Cyber-Physical System’s (CPS) operator (the defender) against an attacker who launches stepping-stone attacks to reach critical assets within the CPS. We consider that, in addition to optimally allocating its security budget to protect the assets, the defender may choose to modify the CPS through network design interventions. In particular, we propose and motivate four ways in which the defender can introduce additional nodes in the CPS: these nodes may be intended as additional safeguards, be added for functional or structural redundancies, or introduce additional functionalities in the system. We analyze the security implications of each of these design interventions, and evaluate their impacts on the security of an automotive network as our case study. We motivate the choice of the attack graph for this case study and elaborate how the parameters in the resulting security game are selected using the CVSS metrics and the ISO-26262 ASIL ratings as guidance. We then use numerical experiments to verify and evaluate how our proposed network interventions may be used to guide improvements in automotive security.

Considered is a network of parallel wireless channels in which individual parties are engaged in secret communication under the protection of cooperative jamming. A strategic eavesdropper selects the most vulnerable channels to attack. Existing works usually suggest the defender allocate limited cooperative jamming power to various channels. However, it usually requires some strong assumptions and complex computation to find such an optimal power control policy. This paper proposes a probabilistic cooperative jamming scheme such that the defender focuses on protecting randomly selected channels. Two different cases regarding each channel’s eavesdropping capacity are discussed. The first case studies the general scenario where each channel has different eavesdropping capacity. The second case analyzes an extreme scenario where all channels have the same eavesdropping capacity. Two non-zero-sum Nash games model the competition between the network defender and an eavesdropper in each case. Furthermore, considering the case that the defender does not know the eavesdropper’s channel state information (CSI) leads to a Bayesian game. For all three games, we derive conditions for the existence of a unique Nash equilibrium (NE), and obtain the equilibria and the value functions in closed form.

5G and beyond 5G low power wireless networks make Internet of Things (IoT) and Cyber-Physical Systems (CPS) applications capable of serving massive amounts of devices and machines. Due to the broadcast nature of wireless networks, it is crucial to secure the communication between these devices and machines from spoofing and interception attacks. This paper is concerned with the security of carrier frequency offset (CFO) based continuous physical layer authentication. The interaction between an attacker and a defender is modeled as a dynamic discrete leader-follower game with imperfect information. In the considered model, a legitimate user (Alice) communicates with the defender/operator (Bob) and is authorized by her CFO continuously. The attacker (Eve), by listening/eavesdropping the communication between Alice and Bob, tries to learn the CFO characteristics of Alice and aims to inject malicious packets to Bob by impersonating Alice. First, by showing that the optimal attacker strategy is a threshold policy, an optimization problem of the attacker with exponentially growing action space is reduced to a tractable integer optimization problem with a single parameter, then the corresponding defender cost is derived. Extensive simulations illustrate the characteristics of optimal strategies/utilities of the players depending on the actions, and show that the defender’s optimal false positive rate causes attack success probabilities to be in the order of 0.99. The results show the importance of the parameters while finding the balance between system security and efficiency.

The user's access history can be used as an important reference factor in determining whether to allow the current access request or not. And it is often ignored by the existing access control models. To make up for this defect, a Dynamic Trust - game theoretic Access Control model is proposed based on the previous work. This paper proposes a method to quantify the user's trust in the cloud environment, which uses identity trust, behavior trust, and reputation trust as metrics. By modeling the access process as a game and introducing the user's trust value into the pay-off matrix, the mixed strategy Nash equilibrium of cloud user and service provider is calculated respectively. Further, a calculation method for the threshold predefined by the service provider is proposed. Authorization of the access request depends on the comparison of the calculated probability of the user's adopting a malicious access policy with the threshold. Finally, we summarize this paper and make a prospect for future work.

Cyber-Physical Power Systems (CPPSs) currently face an increasing number of security attacks and lack methods for optimal proactive security decisions to defend the attacks. This paper proposed an optimal defensive method based on game theory to minimize the system performance deterioration of CPPSs under cyberspace attacks. The reinforcement learning algorithmic solution is used to obtain the Nash equilibrium and a set of metrics of system vulnerabilities are adopted to quantify the cost of defense against cyber-attacks. The minimax-Q algorithm is utilized to obtain the optimal defense strategy without the availability of the attacker's information. The proposed solution is assessed through experiments based on a realistic power generation microsystem testbed and the numerical results confirmed its effectiveness.

Distributed Denial-of-Service (DDoS) attacks pose a huge risk to the network and threaten its stability. A game theoretic approach for intrusion detection and prevention is proposed to avoid DDoS attacks in the internet. Game theory provides a control mechanism that automates the intrusion detection and prevention process within a network. In the proposed system, system-subject interaction is modeled as a 2-player Bayesian signaling zero sum game. The game's Nash Equilibrium gives a strategy for the attacker and the system such that neither can increase their payoff by changing their strategy unilaterally. Moreover, the Intent Objective and Strategy (IOS) of the attacker and the system are modeled and quantified using the concept of incentives. In the proposed system, the prevention subsystem consists of three important components namely a game engine, database and a search engine for computing the Nash equilibrium, to store and search the database for providing the optimum defense strategy. The framework proposed is validated via simulations using ns3 network simulator and has acquired over 80% detection rate, 90% prevention rate and 6% false positive alarms.

The intranets in modern organizations are facing severe data breaches and critical resource misuses. By reusing user credentials from compromised systems, Advanced Persistent Threat (APT) attackers can move laterally within the internal network. A promising new approach called deception technology makes the network administrator (i.e., defender) able to deploy decoys to deceive the attacker in the intranet and trap him into a honeypot. Then the defender ought to reasonably allocate decoys to potentially insecure hosts. Unfortunately, existing APT-related defense resource allocation models are infeasible because of the neglect of many realistic factors.In this paper, we make the decoy deployment strategy feasible by proposing a game-theoretic model called the APT Deception Game to describe interactions between the defender and the attacker. More specifically, we decompose the decoy deployment problem into two subproblems and make the problem solvable. Considering the best response of the attacker who is aware of the defender’s deployment strategy, we provide an elitist reservation genetic algorithm to solve this game. Simulation results demonstrate the effectiveness of our deployment strategy compared with other heuristic strategies.

In recent years, integrated circuits (ICs) have become significant for various industries and their security has been given greater priority, specifically in the supply chain. Budgetary constraints have compelled IC designers to offshore manufacturing to third-party companies. When the designer gets the manufactured ICs back, it is imperative to test for potential threats like hardware trojans (HT). In this paper, a novel multi-level game-theoretic framework is introduced to analyze the interactions between a malicious IC manufacturer and the tester. In particular, the game is formulated as a non-cooperative, zero-sum, repeated game using prospect theory (PT) that captures different players' rationalities under uncertainty. The repeated game is separated into a learning stage, in which the defender learns about the attacker's tendencies, and an actual game stage, where this learning is used. Experiments show great incentive for the attacker to deceive the defender about their actual rationality by "playing dumb" in the learning stage (deception). This scenario is captured using hypergame theory to model the attacker's view of the game. The optimal deception rationality of the attacker is analytically derived to maximize utility gain. For the defender, a first-step deception mitigation process is proposed to thwart the effects of deception. Simulation results show that the attacker can profit from the deception as it can successfully insert HTs in the manufactured ICs without being detected.

Privacy preservation is one of the greatest concerns when data is shared between different organizations. On the one hand, releasing data for research purposes is inevitable. On the other hand, sharing this data can jeopardize users' privacy. An effective solution, for the sharing organizations, is to use anonymization techniques to hide the users' sensitive information. One of the most popular anonymization techniques is k-Anonymization in which any data record is indistinguishable from at least k-1 other records. However, one of the fundamental challenges in choosing the value of k is the trade-off between achieving a higher privacy and the information loss associated with the anonymization. In this paper, the problem of choosing the optimal anonymization level for k-anonymization, under possible attacks, is studied when multiple organizations share their data to a common platform. In particular, two common types of attacks are considered that can target the k-anonymization technique. To this end, a novel game-theoretic framework is proposed to model the interactions between the sharing organizations and the attacker. The problem is formulated as a static game and its different Nash equilibria solutions are analytically derived. Simulation results show that the proposed framework can significantly improve the utility of the sharing organizations through optimizing the choice of k value.

Cyber-Physical Systems (CPSs) play an increasingly significant role in many critical applications. These valuable applications attract various sophisticated attacks. This paper considers a stealthy estimation attack, which aims to modify the state estimation of the CPSs. The intelligent attackers can learn defense strategies and use clandestine attack strategies to avoid detection. To address the issue, we design a Chi-square detector in a Digital Twin (DT), which is an online digital model of the physical system. We use a Signaling Game with Evidence (SGE) to find the optimal attack and defense strategies. Our analytical results show that the proposed defense strategies can mitigate the impact of the attack on the physical estimation and guarantee the stability of the CPSs. Finally, we use an illustrative application to evaluate the performance of the proposed framework.

Software Defined Networking (SDN) focus on the isolation of control plane and data plane, greatly enhancing the network's support for heterogeneity and flexibility. However, although the programmable network greatly improves the performance of all aspects of the network, flexible load balancing across controllers still challenges the current SDN architecture. Complex application scenarios lead to flexible and changeable communication requirements, making it difficult to guarantee the Quality of Service (QoS) for SDN users. To address this issue, this paper proposes a paradigm that uses blockchain to incentive safe load balancing for multiple controllers. We proposed a controller consortium blockchain for secure and efficient load balancing of multi-controllers, which includes a new cryptographic currency balance coin and a novel consensus mechanism Proof-of-Balance (PoB). In addition, we have designed a novel game theory-based incentive mechanism to incentive controllers with tight communication resources to offload tasks to idle controllers. The security analysis and performance simulation results indicate the superiority and effectiveness of the proposed scheme.

The paper presents the concept of applying a game theory approach in infrastructure of wireless dynamic networks to counter computer attacks. The applying of this approach will allow to create mechanism for adaptive reconfiguration of network structure in the context of implementation various types of computer attacks and to provide continuous operation of network even in conditions of destructive information impacts.

Cyber incidents are occurring every day using various attack strategies. Deploying security solutions with strong configurations will reduce the attack surface and improve the forensic readiness, but will increase the security overhead and cost. In contrast, using moderate or low security configurations will reduce that overhead, but will inevitably decrease the investigation readiness. To avoid the use of cost-prohibitive approaches in developing forensic-ready systems, we present in this paper a game theoretic approach for deploying an investigation-ready infrastructure. The proposed game is a non-cooperative two-player game between an adaptive cyber defender that uses a cognitive security solution to increase the investigation readiness and reduce the attackers' untraceability, and a cyber attacker that wants to execute non-provable attacks with a low cost. The cognitive security solution takes its strategic decision, mainly based on its ability to make forensic experts able to differentiate between provable identifiable, provable non-identifiable, and non-provable attack scenarios, starting from the expected evidences to be generated. We study the behavior of the two strategic players, looking for a mixed Nash equilibrium during competition and computing the probabilities of attacking and defending. A simulation is conducted to prove the efficiency of the proposed model in terms of the mean percentage of gained security cost, the number of stepping stones that an attacker creates and the rate of defender false decisions compared to two different approaches.

Intelligent Transportation Systems (ITS) play a vital role in the development of smart cities. They enable various road safety and efficiency applications such as optimized traffic management, collision avoidance, and pollution control through the collection and evaluation of traffic data from Road Side Units (RSUs) and connected vehicles in real time. However, these systems are highly vulnerable to data corruption attacks which can seriously influence their decision-making abilities. Traditional attack detection schemes do not account for attackers' sophisticated and evolving strategies and ignore the ITS's constraints on security resources. In this paper, we devise a security game model that allows the defense mechanism deployed in the ITS to optimize the distribution of available resources for attack detection while considering mixed attack strategies, according to which the attacker targets multiple RSUs in a distributed fashion. In our security game, the utility of the ITS is quantified in terms of detection rate, attack damage, and the relevance of the information transmitted by the RSUs. The proposed approach will enable the ITS to mitigate the impact of attacks and increase its resiliency. The results show that our approach reduces the attack impact by at least 20% compared to the one that fairly allocates security resources to RSUs indifferently to attackers' strategies.

The intelligent electronic devices widely deployed across the distribution network are inevitably making the feeder automation (FA) system more vulnerable to cyber-attacks, which would lead to disastrous socio-economic impacts. This paper proposes a three-stage game-theoretic framework that the defender allocates limited security resources to minimize the economic impacts on FA system while the attacker deploys limited attack resources to maximize the corresponding impacts. Meanwhile, the probability of successful attack is calculated based on the Bayesian attack graph, and a fault-tolerant location technique for centralized FA system is elaborately considered during analysis. The proposed game-theoretic framework is converted into a two-level zero-sum game model and solved by the particle swarm optimization (PSO) combined with a generalized reduced gradient algorithm. Finally, the proposed model is validated on distribution network for RBTS bus 2.