Game Theory Meets Network Security: A Tutorial at ACM CCS

TL;DR

This tutorial explores how game theory offers a strategic, quantitative framework for understanding and designing cybersecurity solutions amidst complex, evolving threats, bridging cybersecurity with economics and decision sciences.

Contribution

It provides an overview of game theory methodologies applied to cybersecurity, highlighting new theoretical approaches and open research challenges in the field.

Findings

Game theory models can predict attacker and defender behaviors.

Mechanism design enables security-by-design strategies.

Game-theoretic approaches address complex, incomplete information scenarios.

Abstract

The increasingly pervasive connectivity of today's information systems brings up new challenges to security. Traditional security has accomplished a long way toward protecting well-defined goals such as confidentiality, integrity, availability, and authenticity. However, with the growing sophistication of the attacks and the complexity of the system, the protection using traditional methods could be cost-prohibitive. A new perspective and a new theoretical foundation are needed to understand security from a strategic and decision-making perspective. Game theory provides a natural framework to capture the adversarial and defensive interactions between an attacker and a defender. It provides a quantitative assessment of security, prediction of security outcomes, and a mechanism design tool that can enable security-by-design and reverse the attacker's advantage. This tutorial provides an overview of diverse methodologies from game theory that includes games of incomplete information, dynamic games, mechanism design theory to offer a modern theoretic underpinning of a science of cybersecurity. The tutorial will also discuss open problems and research challenges that the CCS community can address and contribute with an objective to build a multidisciplinary bridge between cybersecurity, economics, game and decision theory.