Development and analysis of game-theoretical models of security systems agents interaction

Authors

DOI:

https://doi.org/10.15587/1729-4061.2020.201418

Keywords:

game theory, cybersecurity, Stackelberg games, Nash games, game equilibrium, strategy

Abstract

A game-theoretic approach is presented, which claims to be a universal method for solving most problems in the field of cybersecurity. As arguments to confirm the superiority of game theory, mathematical validity and provability of the optimality of decisions made, unlike the widely used heuristics, the possibility of developing reliable protection based on analytical results, ensuring a timely response to cyberattacks in conditions of limited resources, as well as distributed nature of decision making are highlighted.

The definitions of the basic concepts used in security tasks based on game-theoretic models are introduced.

The features of the application of game theory methods in the field of cybersecurity are listed and the limitations of research in this area are formulated, namely: a restriction on game strategies, simultaneous moves of players in the behavior patterns of security system agents, uncertainty in the time the players take the move, uncertainty in the final goal of the enemy, unpredictability of further player moves, lack of players’ assessment of enemy resources. as well as its ultimate goals, the inability to timely assess the current state of the game.

The game-theoretic models are aligned with the listed security problems, and the main solutions obtained as a result of using the corresponding models are also determined.

Many methods of game theory have been formed, for each of which a relationship is determined between the game model, its scope, simulation result and security services that the method under consideration supports.

The limitations of the classical representation of game theory models are determined, the need to overcome which follows from the requirements for providing basic security services. Such limitations include: the ability of the defender to detect attacks, the certainty of the probabilities of a change of state before the start of the game, the synchronism of the players’ moves, the inability to scale the model due to the size and complexity of the system under consideration.

Models of the main tasks of the interaction of antagonistic agents of security systems have been developed. The resulting models made it possible to obtain solutions to two of the most common tasks in the field of cybersecurity, namely, the interaction of the system administrator and the attacker in organizing the protection of information resources. The tasks are solved for various conditions – the game matrix contains cost estimates of resources and the matrix reflects the probability of threat realization. Pure and mixed strategies are defined for various initial conditions, which allows to exclude from the consideration strategies that are not included in the solution.

A synergistic approach to the use of game-theoretic modeling was formed taking into account the behavior of agents of security systems, based on an analysis of the diversity and characteristics of game-theoretic models, their inherent limitations and scope

Author Biographies

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

Doctor of Technical Sciences, Professor

Department of Cyber Security and Information Technology

Oleksandr Milov, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Professor

Department of Cyber Security and Information Technology

Stanislav Milevskyi, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Cyber Security and Information Technology

Oleksandr Voitko, National Defence University of Ukraine named after Ivan Cherniakhovskyi Povitroflotskiy ave., 28, Kyiv, Ukraine, 03049

PhD, Deputy Head of Department

Department of Information Technology and Information Security Employment

Institute of the Troops (Forces) Support and Information Technologies

Maksym Kasianenko, National Defence University of Ukraine named after Ivan Cherniakhovskyi Povitroflotskiy ave., 28, Kyiv, Ukraine, 03049

PhD

Department of Radio Technical and Special Troops

Yevgen Melenti, Juridical Personnel Training Institute for the Security Service of Ukraine Yaroslav Mudryi National Law University Myronosytska str., 71, Kharkiv, Ukraine, 61002

PhD

Special Department No. 2 «Tactical-Special Training, Marksmanship Training and Special Physical Training»

Serhii Pohasii, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD

Department of Cyber Security and Information Technology

Hrygorii Stepanov, National Defence University of Ukraine named after Ivan Cherniakhovskyi Povitroflotskiy ave., 28, Kyiv, Ukraine, 03049

PhD, Associate Professor, Professor

Department of Air Force

Oleksandr Turinskyi, Ivan Kozhedub Kharkiv National Air Force University Sumska str., 77/79, Kharkiv, Ukraine, 61023

PhD, Head of University

Serhii Faraon, National Defence University of Ukraine named after Ivan Cherniakhovskyi Povitroflotskiy ave., 28, Kyiv, Ukraine, 03049

Adjunct

Department of Communications and Automated Control Systems

References

  1. Attiah, A., Chatterjee, M., Zou, C. C. (2018). A Game Theoretic Approach to Model Cyber Attack and Defense Strategies. 2018 IEEE International Conference on Communications (ICC). doi: https://doi.org/10.1109/icc.2018.8422719
  2. Alpcan, T., Baser, T. An intrusion detection game with limited observations. Available at: https://www.tansu.alpcan.org/oldhomepage/papers/isdg06.pdf
  3. Security measurement. White Paper. Available at: http://www.psmsc.com/Downloads/TechnologyPapers/SecurityWhitePaper_v3.0.pdf
  4. He, W., Xia, C., Wang, H., Zhang, C., Ji, Y. (2008). A Game Theoretical Attack-Defense Model Oriented to Network Security Risk Assessment. 2008 International Conference on Computer Science and Software Engineering. doi: https://doi.org/10.1109/csse.2008.1651
  5. Yazar, Z. (2002). A Qualitative Risk Analysis and Management Tool - CRAMM. SANS.
  6. Aigbokhaevbolo, O. (2011). Application of Game Theory to Business Strategy in Undeveloped Countries: A Case for Nigeria. Journal of Social Sciences, 27 (1), 1–5. doi: https://doi.org/10.1080/09718923.2011.11892900
  7. Manshaei, M. H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.-P. (2013). Game theory meets network security and privacy. ACM Computing Surveys, 45 (3), 1–39. doi: https://doi.org/10.1145/2480741.2480742
  8. Akinwumi, D. A., Iwasokun, G. B., Alese, B. K., Oluwadare, S. A. (2018). A review of game theory approach to cyber security risk management. Nigerian Journal of Technology, 36 (4), 1271. doi: https://doi.org/10.4314/njt.v36i4.38
  9. Kesselman, A., Leonardi, S. (2012). Game-theoretic analysis of Internet switching with selfish users. Theoretical Computer Science, 452, 107–116. doi: https://doi.org/10.1016/j.tcs.2012.05.029
  10. Akella, A., Seshan, S., Karp, R., Shenker, S., Papadimitriou, C. (2002). Selfish behavior and stability of the internet: a game-theoretic analysis of TCP. Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications - SIGCOMM ’02. doi: https://doi.org/10.1145/633025.633037
  11. Alpcan, T., Basar, T., Dey, S. (2004). A power control game based on outage probabilities for multicell wireless data networks. Proceedings of the 2004 American Control Conference. doi: https://doi.org/10.23919/acc.2004.1386817
  12. Bencsth, B., Buttyn, L., Vajda, I. (2003). A game based analysis of the client puzzle approach to defend against dos attacks. In Soft- COM 2003 11th International conference on software, telecommunications and computer networks, 763–767.
  13. Michiardi, P., Molva, R. (2002). Core: A Collaborative Reputation Mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks. IFIP Advances in Information and Communication Technology, 107–121. doi: https://doi.org/10.1007/978-0-387-35612-9_9
  14. Murali Kodialam, Lakshman, T. V. (2003). Detecting network intrusions via sampling: a game theoretic approach. IEEE INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428). doi: https://doi.org/10.1109/infcom.2003.1209210
  15. Patcha, A., Park, J.-M. (2004). A game theoretic approach to modeling intrusion detection in mobile ad hoc networks. Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. doi: https://doi.org/10.1109/iaw.2004.1437828
  16. Alazzawe, A., Nawaz, A., Bayaraktar, M. M. (2006). Game theory and intrusion detection systems.
  17. Hamilton, S. N., Miller, W. L., Ott, A., Saydjari, O. S. (2002). Challenges in applying game theory to the domain of information warfare. Proceedings of the 4th Information survivability workshop (ISW-2001/2002).
  18. Hamilton, S. N., Miller, W. L., Ott, A., Saydjari, O. S. (2002). The role of game theory in information warfare. Proceedings of the 4th information survivability workshop (ISW- 2001/2002).
  19. Liu, P., Zang, W., Yu, M. (2005). Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Transactions on Information and System Security, 8 (1), 78–118. doi: https://doi.org/10.1145/1053283.1053288
  20. Nguyen, K. C., Alpcan, T., Basar, T. (2009). Stochastic games for security in networks with interdependent nodes. 2009 International Conference on Game Theory for Networks. doi: https://doi.org/10.1109/gamenets.2009.5137463
  21. Nguyen, K. C., Alpcan, T., Basar, T. (2009). Security Games with Incomplete Information. 2009 IEEE International Conference on Communications. doi: https://doi.org/10.1109/icc.2009.5199443
  22. Chen, Z. (2007). Modeling and defending against internet worm attacks. Georgia Institute of Technology.
  23. Hryshchuk, R. V. (2013). Dyferentsialno-ihrovi modeli ta metody modeliuvannia protsesiv kibernapadu. Kyiv, 411.
  24. Bursztein, E., & Goubault-Larrecq, J. (2007). A Logical Framework for Evaluating Network Resilience Against Faults and Attacks. Advances in Computer Science – ASIAN 2007. Computer and Network Security, 212–227. doi: https://doi.org/10.1007/978-3-540-76929-3_20
  25. Sun, W., Kong, X., He, D., You, X. (2008). Information Security Problem Research Based on Game Theory. 2008 International Symposium on Electronic Commerce and Security. doi: https://doi.org/10.1109/isecs.2008.147
  26. Sun, W., Kong, X., He, D., You, X. (2008). Information Security Investment Game with Penalty Parameter. 2008 3rd International Conference on Innovative Computing Information and Control. doi: https://doi.org/10.1109/icicic.2008.319
  27. Hansman, S., Hunt, R. (2005). A taxonomy of network and computer attacks. Computers & Security, 24 (1), 31–43. doi: https://doi.org/10.1016/j.cose.2004.06.011
  28. Charles, A. K., Pissinou, N. (2010). Mitigating selfish misbehavior in multi-hop networks using stochastic game theory. IEEE Local Computer Network Conference. doi: https://doi.org/10.1109/lcn.2010.5735709
  29. Charles, A. K., Pissinou, N., Busovaca, A., Makki, K. (2010). Belief-free equilibrium of packet forwarding game in ad hoc networks under imperfect monitoring. International Performance Computing and Communications Conference. doi: https://doi.org/10.1109/pccc.2010.5682295
  30. Xiaohui Liang, Xu Li, Tom H. Luan, Rongxing Lu, Xiaodong Lin, and Xuemin Shen. 2012. Morality-driven data forwarding with privacy preservation in mobile social networks. IEEE Tran. Vehic. Technol. 61, 7 (Sep. 2012), 3209-3222.
  31. Ara, M., Reboredo, H., Ghanem, S. A. M., Rodrigues, M. R. D. (2012). A zero-sum power allocation game in the parallel Gaussian wiretap channel with an unfriendly jammer. 2012 IEEE International Conference on Communication Systems (ICCS). doi: https://doi.org/10.1109/iccs.2012.6406109
  32. Spyridopoulos, T., Karanikas, G., Tryfonas, T., Oikonomou, G. (2013). A game theoretic defence framework against DoS/DDoS cyber attacks. Computers & Security, 38, 39–50. doi: https://doi.org/10.1016/j.cose.2013.03.014
  33. Kamhoua, C. A., Kwiat, L., Kwiat, K. A., Park, J. S., Zhao, M., Rodriguez, M. (2014). Game Theoretic Modeling of Security and Interdependency in a Public Cloud. 2014 IEEE 7th International Conference on Cloud Computing. doi: https://doi.org/10.1109/cloud.2014.75
  34. Minghui Zhu, Martinez, S. (2011). Stackelberg-game analysis of correlated attacks in cyber-physical systems. Proceedings of the 2011 American Control Conference. doi: https://doi.org/10.1109/acc.2011.5991463
  35. Djebaili, B., Kiennert, C., Leneutre, J., Chen, L. (2014). Data Integrity and Availability Verification Game in Untrusted Cloud Storage. Decision and Game Theory for Security, 287–306. doi: https://doi.org/10.1007/978-3-319-12601-2_16
  36. Akkarajitsakul, K., Hossain, E., Niyato, D. (2013). Cooperative Packet Delivery in Hybrid Wireless Mobile Networks: A Coalitional Game Approach. IEEE Transactions on Mobile Computing, 12 (5), 840–854. doi: https://doi.org/10.1109/tmc.2012.46
  37. Saad, W., Zhu Han, Basar, T., Debbah, M., Hjorungnes, A. (2009). Physical layer security: Coalitional games for distributed cooperation. 2009 7th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks. doi: https://doi.org/10.1109/wiopt.2009.5291619
  38. Zhu, Q., Basar, T. (2011). Robust and resilient control design for cyber-physical systems with an application to power systems. IEEE Conference on Decision and Control and European Control Conference. doi: https://doi.org/10.1109/cdc.2011.6161031
  39. Johnson, B., Schöttle, P., Böhme, R. (2012). Where to Hide the Bits? Decision and Game Theory for Security, 1–17. doi: https://doi.org/10.1007/978-3-642-34266-0_1
  40. Jin, X., Pissinou, N., Pumpichet, S., Kamhoua, C. A., Kwiat, K. (2013). Modeling cooperative, selfish and malicious behaviors for Trajectory Privacy Preservation using Bayesian game theory. 38th Annual IEEE Conference on Local Computer Networks. doi: https://doi.org/10.1109/lcn.2013.6761339
  41. Liu, Y., Feng, D., Lian, Y., Chen, K., Zhang, Y. (2013). Optimal Defense Strategies for DDoS Defender Using Bayesian Game Model. Lecture Notes in Computer Science, 44–59. doi: https://doi.org/10.1007/978-3-642-38033-4_4
  42. Kamhoua, C. A., Kwiat, K. A., Park, J. S. (2012). Surviving in Cyberspace: A Game Theoretic Approach. Journal of Communications, 7 (6). doi: https://doi.org/10.4304/jcm.7.6.436-450
  43. Ji, Z., Yu, W., Liu, K. J. R. (2010). A Belief Evaluation Framework in Autonomous MANETs under Noisy and Imperfect Observation: Vulnerability Analysis and Cooperation Enforcement. IEEE Transactions on Mobile Computing, 9 (9), 1242–1254. doi: https://doi.org/10.1109/tmc.2010.87
  44. Shen, D., Chen, G., Blasch, E., Tadda, G. (2007). Adaptive Markov Game Theoretic Data Fusion Approach for Cyber Network Defense. MILCOM 2007 - IEEE Military Communications Conference. doi: https://doi.org/10.1109/milcom.2007.4454758
  45. Ma, C. Y. T., Yau, D. K. Y., Rao, N. S. V. (2013). Scalable Solutions of Markov Games for Smart-Grid Infrastructure Protection. IEEE Transactions on Smart Grid, 4 (1), 47–55. doi: https://doi.org/10.1109/tsg.2012.2223243
  46. Shivshankar, S., Jamalipour, A. (2015). An Evolutionary Game Theory-Based Approach to Cooperation in VANETs Under Different Network Conditions. IEEE Transactions on Vehicular Technology, 64 (5), 2015–2022. doi: https://doi.org/10.1109/tvt.2014.2334655
  47. Kamhoua, C. A., Pissinou, N., Makki, K. (2011). Game Theoretic Modeling and Evolution of Trust in Autonomous Multi-Hop Networks: Application to Network Security and Privacy. 2011 IEEE International Conference on Communications (ICC). doi: https://doi.org/10.1109/icc.2011.5962511
  48. He, F., Zhuang, J., Rao, N. S. V. (2012). Game-theoretic analysis of attack and defense in cyber-physical network infrastructures. Proceedings of the 2012 Industrial and Systems Engineering Research Conference.
  49. He, F., Zhuang, J., Rao, N. S. V., Ma, C. Y. T., Yau, D. K. Y. (2013). Game-theoretic resilience analysis of Cyber-Physical Systems. 2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA). doi: https://doi.org/10.1109/cpsna.2013.6614252
  50. Ma, C. Y. T., Rao, N. S. V., Yau, D. K. Y. (2011). A game theoretic study of attack and defense in cyber-physical systems. 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). doi: https://doi.org/10.1109/infcomw.2011.5928904
  51. Gupta, A., Langbort, C., Basar, T. (2010). Optimal control in the presence of an intelligent jammer with limited actions. 49th IEEE Conference on Decision and Control (CDC). doi: https://doi.org/10.1109/cdc.2010.5717544
  52. Shoukry, Y., Araujo, J., Tabuada, P., Srivastava, M., Johansson, K. H. (2013). Minimax control for cyber-physical systems under network packet scheduling attacks. Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems - HiCoNS’13. doi: https://doi.org/10.1145/2461446.2461460
  53. Ma, C. Y. T., Yau, D. K. Y., Lou, X., Rao, N. S. V. (2013). Markov Game Analysis for Attack-Defense of Power Networks Under Possible Misinformation. IEEE Transactions on Power Systems, 28 (2), 1676–1686. doi: https://doi.org/10.1109/tpwrs.2012.2226480
  54. Zonouz, S., Haghani, P. (2013). Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior. Computers & Security, 39, 190–200. doi: https://doi.org/10.1016/j.cose.2013.07.003
  55. Goryashko, A. (2014). Game theory: from analysis to synthesis (survey of the markets design results). Cloud of Science, 1 (1), 112–154.
  56. Shing, M.-L., Shing, C.-C., Chen, K. L., Lee, H. (2011). A Game Theory Approach in Information Security Risk Study. 2010 International Conference on E-business, Management and Economics IPEDR, 3, 201–203.
  57. Petrenko, S., Simonov, S., Kislov, R. (2003). Informatsionnaya bezopasnost': ekonomicheskie aspekty. Jet Info, 10 (125).
  58. McKelvey, R., McLennan, A., Turocy, T. (2002). Gambit: Software Tools for Game Theory.
  59. Yevseiev, S., Rzayev, K., Mammadova, T., Samedov, F., Romashchenko, N. (2018). Classification of cyber cruise of informational resources of automated banking systems. Cybersecurity: Education, Science, Technique, 2 (2), 47–67. doi: https://doi.org/10.28925/2663-4023.2018.2.4767
  60. Fon Neyman, D., Morgenshtern, O. (1970). Teoriya igr i ekonomicheskoe povedenie. Moscow: Nauka, 983.
  61. Özgür, A., Erdem, H. (2016). A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015. doi: https://doi.org/10.7287/peerj.preprints.1954v1
  62. Milov, O., Voitko, A., Husarova, I., Domaskin, O., Ivanchenko, Y., Ivanchenko, I. et. al. (2019). Development of methodology for modeling the interaction of antagonistic agents in cybersecurity systems. Eastern-European Journal of Enterprise Technologies, 2 (9 (98)), 56–66. doi: https://doi.org/10.15587/1729-4061.2019.164730
  63. Yevseiev, S., Aleksiyev, V., Balakireva, S., Peleshok, Y., Milov, O., Petrov, O. et. al. (2019). Development of a methodology for building an information security system in the corporate research and education system in the context of university autonomy. Eastern-European Journal of Enterprise Technologies, 3 (9 (99)), 49–63. doi: https://doi.org/10.15587/1729-4061.2019.169527
  64. Milov, O., Yevseiev, S., Ivanchenko, Y., Milevskyi, S., Nesterov, O., Puchkov, O. et. al. (2019). Development of the model of the antagonistic agents behavior under a cyber conflict. Eastern-European Journal of Enterprise Technologies, 4 (9 (100)), 6–19. doi: https://doi.org/10.15587/1729-4061.2019.175978
  65. Milov, O., Yevseiev, S., Aleksiyev, V., Berdnik, P., Voitko, O., Dyptan, V. et. al. (2019). Development of the interacting agents behavior scenario in the cyber security system. Eastern-European Journal of Enterprise Technologies, 5 (9 (101)), 46–57. doi: https://doi.org/10.15587/1729-4061.2019.181047

Downloads

Published

2020-04-30

How to Cite

Yevseiev, S., Milov, O., Milevskyi, S., Voitko, O., Kasianenko, M., Melenti, Y., Pohasii, S., Stepanov, H., Turinskyi, O., & Faraon, S. (2020). Development and analysis of game-theoretical models of security systems agents interaction. Eastern-European Journal of Enterprise Technologies, 2(4 (104), 15–29. https://doi.org/10.15587/1729-4061.2020.201418

Issue

Vol. 2 No. 4 (104) (2020): Mathematics and Cybernetics - applied aspects

Section

Mathematics and Cybernetics - applied aspects

License

Copyright (c) 2020 Serhii Yevseiev, Oleksandr Milov, Stanislav Milevskyi, Oleksandr Voitko, Maksym Kasianenko, Yevgen Melenti, Serhii Pohasii, Hrygorii Stepanov, Oleksandr Turinskyi, Serhii Faraon

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.