Abstract
Until twenty years ago, the application of game theory (GT) was mostly limited to toy examples. Today, as a result of major technological and algorithmic advances, researchers use game-theoretical models to motivate complex security decisions relating to real-life security problems. This requires models that are an accurate reflection of reality. This paper presents a biased bird’s-eye view of the security-related GT research of the past decade. It presents this research as a move towards increasingly accurate and comprehensive models. We discuss the need for adversarial modeling as well as the internalization of externalities due to security interdependencies. Finally, we identify three promising directions for future research: relaxing common game-theoretical assumptions, creating models that model interdependencies as well as a strategic adversary and modelling interdependencies between attackers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The 2015 version of Panama Institute’s yearly cost of data breach study shows (\(\bullet \)) an increased number of data breaches resulting from attacks by malicious attackers (47 % versus 37 % in 2013), (\(\bullet \)) a 23 % increase in total cost of data breach since 2013, and (\(\bullet \)) shows that attacks have increased in frequency as well as in the cost to remediate the consequences [12, 13]. ENISA, the European Union Agency for Network and Information Security, sees a 25 % increase in the number of data breaches in 2014 compared to 2013 and refers to 2014 as “the year of the data breach’ [16]. They list nearly all cyber threats, such as denial of service attacks and cyber espionage, as increasing.
- 2.
We think this is a confusing name, because there are a lot of security-related games that are not security games.
- 3.
- 4.
- 5.
These games do not fit our definition of interdependent game because there is no attack or attacker.
References
Alpcan, T., Başar, T., et al.: Network Security: A Decision and Game-Theoretic Approach. Cambridge University Press, New York (2010)
Anderson, R.J.: Why information security is hard - an economic perspective. In: Proceedings of the ACSAC (2001)
Anderson, R.J., Moore, T., et al.: The economics of information security. Science 314, 610–613 (2006)
Avenhaus, R., Canty, M.J., et al.: Inspection games. In: Meyers, R.A. (ed.) Computational Complexity, pp. 1605–1618. Springer, New York (2012)
Axelrod, R., Iliev, R., et al.: Timing of cyber conflict. Proc. Natl. Acad. Sci. U.S.A 111, 1298–1303 (2014)
Ayres, I., Levitt, S.D., et al.: Measuring Positive Externalities from Unobservable Victim Precaution: An Empirical Analysis of Lojack. Working Paper. National Bureau of Economic Research, Cambridge (1997)
Böhme, R., Nowey, T.: Economic security metrics. In: Eusgeld, I., Freiling, F.C., Reussner, R. (eds.) Dependability Metrics. LNCS, vol. 4909, pp. 176–187. Springer, Heidelberg (2008)
Böhme, R., Schwartz, G., et al.: Modeling cyber-insurance: towards a unifying framework, June 2010
Cavusoglu, H., Raghunathan, S., et al.: Decision-theoretic and game-theoretic approaches to IT security investment. J. Manag. Inf. Syst. 25, 281–304 (2008)
Chan, H., Ceyko, M., et al.: Interdependent defense games: Modeling interdependent security under deliberate attacks. ArXiv Prepr. http://www.ArXiv12104838 (2012)
Christin, N.: Network security games: combining game theory, behavioral economics, and network measurements. In: Baras, J.S., Katz, J., Altman, E. (eds.) GameSec 2011. LNCS, vol. 7037, pp. 4–6. Springer, Heidelberg (2011)
Cost of Data Breach Study: Global Analysis. Ponemon Institute (2013)
Cost of Data Breach Study: Global Analysis. Ponemon Institute (2015)
van Dijk, M., Juels, A., et al.: FlipIt: The game of “stealthy takeover”. J. Cryptol. 26(4), 655–713 (2012)
Dodis, Y., Rabin, T., et al.: Cryptography and game theory. In: Algorithmic Game Theory (2007)
ENISA Threat Landscape 2014 - Overview of current and emerging cyber-threats. Report/Study. ENISA (2015)
Franklin, J., Perrig, A., et al.: An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of the ACM CCS (2007)
Gordon, L.A., Loeb, M.P., et al.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. 5, 438–457 (2002)
Halpern, J.Y., Pass, R., et al.: Game theory with costly computation. In: Innovations in Computer Science, August 2010
Halpern, J., Teague, V., et al.: Rational secret sharing and multiparty computation: extended abstract. In: Proceedings of the ACM STOC (2004)
Johnson, B., Laszka, A., Grossklags, J., Vasek, M., Moore, T.: Game-theoretic analysisof DDoS attacks against bitcoin mining pools. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014 Workshops. LNCS, vol. 8438, pp. 72–86. Springer, Heidelberg (2014)
Kar, D., Fang, F., et al.: “A game of thrones”: when human behavior models compete in repeated stackelberg security games. In: Proceedings of the AAMAS (2015)
Katz, J.: Bridging game theory and cryptography: recent results and future directions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 251–272. Springer, Heidelberg (2008)
Kiekintveld, C., Jain, M., et al.: Computing optimal randomized resource allocations for massive security games. In: Proceedings of the AAMAS (2009)
Kunreuther, H., Heal, G., et al.: Interdependent security. J. Risk Uncertain. 26, 231–249 (2003)
Laszka, A., Felegyhazi, M., et al.: A survey of interdependent security games. ACM Comput. Surv. CSUR 47 (2014)
Laszka, A., Johnson, B., Grossklags, J.: Mitigation of targeted and non-targeted covert attacks as a timing game. In: Das, S.K., Nita-Rotaru, C., Kantarcioglu, M. (eds.) GameSec 2013. LNCS, vol. 8252, pp. 175–191. Springer, Heidelberg (2013)
Leeson, P.T., Coyne, C.J., et al.: The Economics of Computer Hacking. SSRN Scholarly Paper, Social Science Research Network (2005)
Lou, J., Smith, A.M., et al.: Multidefender Security Games (2015)
Maillé, P., Tuffin, B., Reichl, P.: Interplay between security providers, consumers, and attackers: a weighted congestion game approach. In: Altman, E., Katz, J., Baras, J.S. (eds.) GameSec 2011. LNCS, vol. 7037, pp. 67–86. Springer, Heidelberg (2011)
Manshaei, M., Zhu, Q., et al.: Game theory meets network security and privacy. ACM Comput. Surv. CSUR 45, 25:1–25:39 (2013)
Moore, T., Clayton, R., et al.: The economics of online crime. J. Econ. Perspect. 23, 3–20 (2009)
Neumann, J.V., Morgenstern, O., et al.: Theory of Games and Economic Behavior. Princeton University Press, Princeton (1944)
Nguyen, T.H., Yang, R., et al.: Analyzing the effectiveness of adversary modeling in security games. In: Proceedings of the AAAI (2013)
Nojoumian, M., Stinson, D.R.: Socio-rational secret sharing as a new direction in rational cryptography. In: Walrand, J., Grossklags, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 18–37. Springer, Heidelberg (2012)
Ogut, H., Menon, N., et al.: Cyber insurance and IT security investment: impact of interdependent risk. In: WEIS (2005)
Pita, J., Jain, M., et al.: Deployed ARMOR protection: the application of a game theoretic model for security at the los angeles international airport. In: Proceedings of the AAMAS (2007)
Pita, J., Jain, M., et al.: Los angeles airport security. AI Mag. 30, 43–57 (2009)
Pita, J., Jain, M., et al.: Robust solutions to stackelberg games: addressing bounded rationality and limited observations in human cognition. Artif. Intell. 174, 1142–1171 (2010)
Pita, J., John, R., et al.: A robust approach to addressing human adversaries in security games. In: Proceedings of the AAMAS (2012)
Qian, Y., Haskell, W.B., et al.: Robust strategy against unknown risk-averse attackers in security games. In: Proceedings of the AAMAS (2015)
Roy, S., Ellis, C., et al.: A survey of game theory as applied to network security. In: Proceedings of the 43rd Hawaii International Conference on System Sciences (2010)
Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, New York (2011)
Varian, H.: System reliability and free riding. In: Camp, L.J., Lewis, S. (eds.) Economics of Information Security, pp. 1–15. Springer, Heidelberg (2004)
Vorobeychik, Y., Letchford, J., et al.: Securing interdependent assets. Auton. Agent. Multi-Agent Syst. 29(2), 305–333 (2014)
Yang, R., Ford, B., et al.: Adaptive resource allocation for wildlife protection against illegal poachers. In: Proceedings of the AAMAS (2014)
Yang, R., Kiekintveld, C., et al.: Improving resource allocation strategies against human adversaries in security games: an extended study. Artif. Intell. 195, 440–469 (2013)
Yang, R., Kiekintveld, C., et al.: Improving resource allocation strategy against human adversaries in security games. In: Proceedings of the IJCAI (2011)
Yin, Z., Jain, M., et al.: Risk-averse strategies for security games with execution and observational uncertainty. In: Proceedings of the AAAI, April 2011
Acknowledgements
This research is partially funded by the Research Fund KU Leuven.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Merlevede, J.S.A., Holvoet, T. (2015). Game Theory and Security: Recent History and Future Directions. In: Khouzani, M., Panaousis, E., Theodorakopoulos, G. (eds) Decision and Game Theory for Security. GameSec 2015. Lecture Notes in Computer Science(), vol 9406. Springer, Cham. https://doi.org/10.1007/978-3-319-25594-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-25594-1_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25593-4
Online ISBN: 978-3-319-25594-1
eBook Packages: Computer ScienceComputer Science (R0)