A Game-Theoretical Approach for Finding Optimal Strategies in an Intruder Classification Game

TL;DR

This paper models an intruder classification game between a defender and an attacker using game theory, characterizing Nash equilibria and providing polynomial-time computation methods, with insights into strategic behaviors.

Contribution

It introduces a novel game-theoretic model for intruder classification, characterizes Nash equilibria, and offers efficient algorithms for computing optimal strategies.

Findings

Nash equilibria involve the defender randomizing over a range of thresholds.

The spy's optimal attack distribution is a truncated version of the spammer's distribution.

Strategies at equilibrium reveal non-intuitive randomization patterns.

Abstract

We consider a game in which a strategic defender classifies an intruder as spy or spammer. The classification is based on the number of file server and mail server attacks observed during a fixed window. The spammer naively attacks (with a known distribution) his main target: the mail server. The spy strategically selects the number of attacks on his main target: the file server. The defender strategically selects his classification policy: a threshold on the number of file server attacks. We model the interaction of the two players (spy and defender) as a nonzero-sum game: The defender needs to balance missed detections and false alarms in his objective function, while the spy has a tradeoff between attacking the file server more aggressively and increasing the chances of getting caught. We give a characterization of the Nash equilibria in mixed strategies, and demonstrate how the Nash equilibria can be computed in polynomial time. Our characterization gives interesting and non-intuitive insights on the players' strategies at equilibrium: The defender uniformly randomizes between a set of thresholds that includes very large values. The strategy of the spy is a truncated version of the spammer's distribution. We present numerical simulations that validate and illustrate our theoretical results.