Mean-field-game model for Botnet defense in Cyber-security

TL;DR

This paper develops a mean-field game model to analyze how computer owners respond to cybersecurity threats like botnets, considering infection spread and decision-making processes, and provides an exactly solvable stationary version.

Contribution

It introduces a novel mean-field game framework for botnet defense that captures infection dynamics and user decisions, with an explicit stationary solution.

Findings

The stationary mean-field game model is exactly solvable under certain assumptions.

The model captures the interaction between infection spread and user defense decisions.

Provides insights into optimal defense strategies in large-scale cyber-security scenarios.

Abstract

We initiate the analysis of the response of computer owners to various offers of defence systems against a cyber-hacker (for instance, a botnet attack), as a stochastic game of a large number of interacting agents. We introduce a simple mean-field game that models their behavior. It takes into account both the random process of the propagation of the infection (controlled by the botner herder) and the decision making process of customers. Its stationary version turns out to be exactly solvable (but not at all trivial) under an additional natural assumption that the execution time of the decisions of the customers (say, switch on or out the defence system) is much faster that the infection rates.