How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games

被引:8
作者
Bao, Tiffany [1 ]
Shoshitaishvili, Yan [2 ]
Wang, Ruoyu [2 ]
Kruegel, Christopher [2 ]
Vigna, Giovanni [2 ]
Brumley, David [1 ]
机构
[1] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA
[2] UC Santa Barbara, Santa Barbara, CA USA
来源
2017 IEEE 30TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF) | 2017年
基金
美国国家科学基金会;
关键词
D O I
10.1109/CSF.2017.34
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Automated techniques and tools for finding, exploiting and patching vulnerabilities are maturing. In order to achieve an end goal such as winning a cyber-battle, these techniques and tools must be wielded strategically. Currently, strategy development in cyber - even with automated tools is done manually, and is a bottleneck in practice. In this paper, we apply game theory toward the augmentation of the human decision-making process. Our work makes two novel contributions. First, previous work is limited by strong assumptions regarding the number of actors, actions, and choices in cyber-warfare. We develop a novel model of cyber-warfare that is more comprehensive than previous work, removing these limitations in the process. Second, we present an algorithm for calculating the optimal strategy of the players in our model. We show that our model is capable of finding better solutions than previous work within seconds, making computer-time strategic reasoning a reality. We also provide new insights, compared to previous models, on the impact of optimal strategies.
引用
收藏
页码:7 / 21
页数:15
相关论文
共 34 条
[1]   The economics of information security [J].
Anderson, Ross ;
Moore, Tyler .
SCIENCE, 2006, 314 (5799) :610-613
[2]  
[Anonymous], P ACM C COMP COMM SE
[3]   Subversion-Resilient Signature Schemes [J].
Ateniese, Giuseppe ;
Magri, Bernardo ;
Venturi, Daniele .
CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, :364-375
[4]   Timing of cyber conflict [J].
Axelrod, Robert ;
Iliev, Rumen .
PROCEEDINGS OF THE NATIONAL ACADEMY OF SCIENCES OF THE UNITED STATES OF AMERICA, 2014, 111 (04) :1298-1303
[5]  
Bao T., 2017, P 38 IEEE S SEC PRIV
[6]   Automatic patch-based exploit generation is possible: Techniques and implications [J].
Brumley, David ;
Poosankam, Pongsin ;
Song, Dawn ;
Zheng, Jiang .
PROCEEDINGS OF THE 2008 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2008, :143-+
[7]  
Cavusoglu H., 2005, Fourth Workshop on the Economics of Information Security, P1
[8]  
Clarke R.A., 2010, Cyber War The Next Threat To National Security and What To Do About It
[9]  
Costa M., 2005, P 21 ACM SIGOPS S OP, P133
[10]   A Vulnerability-Based Model of Cyber Weapons and its Implications for Cyber Conflict [J].
Czosseck, Christian ;
Podins, Karlis .
INTERNATIONAL JOURNAL OF CYBER WARFARE AND TERRORISM, 2012, 2 (01) :14-26