Cyber Security might as well be one of the largest and most interesting fields in the tech world. In this series we would be looking at how Cyber Security relates to Tame Theory and Adversarial thinking. But first of all we need to understand what Cyber Security and the Game Theory is.
Cyber Security is the term used to collectively denote the technologies, processes and controls that are intended to protect systems, networks and data from cyber attackers. To further understand Cyber Security as a whole you should check out this article, Cyber Security: A run through.
Game Theory, branch of applied mathematics that provides tools for analyzing situations in which parties, called players, make decisions that are interdependent. This interdependence causes each player to consider the other player’s possible decisions, or strategies, in formulating strategy.
The Game Theory was originally developed by the Hungarian-born American mathematician John von Neumann and his Princeton University colleague Oskar Morgenstern, a German-born American economist, to solve problems in economics. Though originally meant to be used to solve problems in economics, the Game Theory has nowadays being used in different fields such as cyber security and even warfare.
Cyber security problems that require rational decision making can be solved in a better way using game theory. But game theory has a limitation if the defender is provided only with limited information on the opponent’s strategy and decisions. Game theory enhances the ability to anticipate the actions of the hackers. To make game theory a practicable approach to solve cyber security issues strategies of hackers should be a finite and predictive set. Ideally it is very difficult to predict the strategies for both attacker and defender in real time.
Game Theory is a promising research field in the cyber security sector. One very important skill that is acknowledged by researchers is "Adversarial Skill" as described as think like a hacker. This can be used to avoid security threats to the system connected to internet. This skill is widely acknowledged because now a day’s cyber security is dependent on guessing or analyzing the attacker’s strategies.
Game theory and Cyber security share similar concerns in various aspects of their application. In which payoff with respect to players is not only contingent of the decision he made but it also depends upon the opponent’s behavior. Based on this resemblance, we can use Game theory as a mathematical tool to deal with cyber security problems based on multi agent behaviors.
Game theory has many components such as:
The players: who make decisions with respect to the game.
Actions: which are the decisions made by each player.
Payoffs: which is the amount of satisfaction either positive or negative derived from each action.
Strategies: which are the future actions set in place with respect to the past and expected actions of the opponent.
Their are several types of games in the game theory. We have Cooperative games, Non-cooperative games, Static games, Dynamic games, Complete information games, Incomplete information games, Perfect information games, Imperfect information games. Cyber security can be described under the non-cooperative, incomplete information and Imperfect information types of games.
Game Theory for cyber security applications can be divided
into six categories:
- Physical Layer Security.
- Self-Organised Network Security.
- Intrusion Detection and Prevention.
- Privacy preservation and Anonymity.
- Economics of Cyber Security
- Cloud Computing Security.
Consider Self-Organized Network Security and Cloud computing Security.
Self-Organised Network Security (SON):
Game theoretic approaches that are used for designing security protocols for SONs are Vehicular Networks (VANETs), Wireless Sensor Networks and Mobile Ad Hoc Networks (MANETs). Most of the game theoretic approaches consider that only two players will be there in the game.
Attacker: The attacker is an opponent who makes malicious entry into the system with the intendment of threatening its security. The strategies of the attacker can vary from a single action to a sequence of differed counter activities. In this study, we limit our interests to such attacks that consist of a series of activities that directs towards an ultimate goal.
Defender: The defender on the other side is responsible for applying proper defense techniques to secure the system from various malicious attacks from attacker. The defender has a set of counter strategies to monitor and protect the system. The main aim of this player is to make pre-emptive responses in a manner where he has limited knowledge of the system status, purely relying on the counter strategies.
These assumptions on players are not practical in MANETs. The strategic decisions of each node in MANETs can be computed in a fully distributed approach, where the decision can be made without centralized administration and each node only needs to know the information of its own state and thereby aggregate effect of the other node in the MANET. In few networks Digital signature is widely used, it may provide security but it introduces delay due to signature verification which in turn reduces Quality of Service QoS.
Cloud Computing Security:
Traditional security is not suitable for Cloud computing concepts such as multi-tenancy, resource sharing and resource outsourcing. These are the new challenges for security researches.
Security-aware virtual machines (VM) have been proposed by researchers with the combination of game theory in public cloud, where multiple Nash Equlibria has been included for security game in public cloud i.e., defender has counter actions for each one of the attackers strategies. Nash Equilibrium is a combination of Set of strategies and payoffs which results in stable state where no player has benefit when there is change in strategies on any player in the game.
Scalable security risk assessment model using game theory has also been proposed for cloud computing in order to evaluate the risk. Main aim of this risk assessment is to decide who should fix the risk in the system i.e. by the cloud provider or tenant of the system.
The main challenges faced while designing the game theory model are:
Defining payoff function for each player in the game is practically impossible. But payoff function is a key procedure in game theory because result of the game is directly dependent on the result of payoff function.
All the game models and strategies are based upon assumptions. But in reality the strategies involves in cyber security problems are infinite and dynamic. Based on assumptions result of the payoff function may be good. But if it is implemented practically it is difficult to achieve good result from payoff function.
Defining payoff functions for attacker and defender is practically impossible. Strategies based on assumptions cannot be implemented in real time.
The proof for existence of Nash Equilibrium is only logical not constructive. There are not methods available to implement Nash Equilibrium practically. All these assumptions cannot be used without proof because it may result in security compromise.
For now the concept of game theory in cyber security is purely theoretical and remains an open research area.