Game theory for cyber security


While there are significant advances in information technology and infrastructure which offer new opportunities, cyberspace is still far from completely secured. In many cases, the employed security solutions are ad hoc and lack a quantitative decision framework. While they are effective in solving the particular problems they are designed for, they generally fail to respond well in a dynamically changing scenario. To this end, we propose a holistic security approach in this paper. We find that game theory provides huge potential to place such an approach on a solid analytical setting. We consider the interaction between the attacks and the defense mechanisms as a game played between the attacker and the defender (system administrator). In particular, we propose a game theory inspired defense architecture in which a game model acts as the brain. We focus on one of our recently proposed game models, namely imperfect information stochastic game. Although this game model seems to be promising, it also faces new challenges which warrant future attention. We discuss our current ideas on extending this model to address such challenges. © 2010 ACM.

Publication Title

ACM International Conference Proceeding Series