On a Generic Security Game Model

TL;DR

This paper introduces a generic stochastic security game model with imperfect information, capturing complex attacker-defender interactions and sensor errors, and demonstrates its application through numerical simulations.

Contribution

It presents a novel, flexible game model for cybersecurity interactions incorporating sensor errors and multi-attacker scenarios, advancing prior game-theoretic approaches.

Findings

Model captures various interaction modes with imperfect information.

Sensor errors are represented using Euclidean distances between sensor outputs.

Simulation illustrates strategy evaluation and reward optimization.

Abstract

To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network administrators as games. Building on such works, we present a game model which is generic enough to capture various modes of such interactions. The model facilitates stochastic games with imperfect information. The information is imperfect due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over other multiple states, we use Euclidean distances between the outputs of the sensors. We build a 5-state game to represent the interaction of the administrator with the user. The states correspond to 1) the user being out of the system in the Internet, and after logging in to the system; 2) having low privileges; 3) having high privileges; 4) when he successfully attacks and 5) gets trapped in a honeypot by the administrator. Each state has its own action set. We present the game with a distinct perceived action set corresponding to each distinct information set of these states. The model facilitates stochastic games with imperfect information. The imperfect information is due to erroneous sensors leading to incorrect perception of the current state by the players. To model this error in perception distributed over the states, we use Euclidean distances between outputs of the sensors. A numerical simulation of an example game is presented to show the evaluation of rewards to the players and the preferred strategies. We also present the conditions for formulating the strategies when dealing with more than one attacker and making collaborations.