Game strategies in network security

  • Kong-wei Lye
  • Jeannette M. Wing
Regular contribution


This paper presents a game-theoretic method for analyzing the security of computer networks. We view the interactions between an attacker and the administrator as a two-player stochastic game and construct a model for the game. Using a nonlinear program, we compute Nash equilibria or best-response strategies for the players (attacker and administrator). We then explain why the strategies are realistic and how administrators can use these results to enhance the security of their network.


Stochastic games Nonlinear programming Network security  


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bell MGH (2001) The measurement of reliability in stochastic transport networks. In: Proceedings, IEEE Intelligent Transportation Systems, pp 1183–1188Google Scholar
  2. 2.
    Browne R (2000) C4I defensive infrastructure for survivability against multi-mode attacks. In: Proceedings of the conference on 21st century military communications: architectures and technologies for information superiority, 1:417–424Google Scholar
  3. 3.
    Burke D (1999) Towards a game theory model of information warfare. Master’s thesis, Graduate School of Engineering and Management, Airforce Institute of Technology, Air UniversityGoogle Scholar
  4. 4.
    Butler SA (2002) Security attribute evaluation method: a cost-benefit approach. In: Proceedings of the international conference on software engineering, Orlando, FL, May 2002Google Scholar
  5. 5.
    Butler SA (2003) Security attribute evaluation method. PhD thesis, Carnegie Mellon University, Computer Science Department, PittsburghGoogle Scholar
  6. 6.
    Crume J (2000) Inside Internet security. Addison-Wesley, Reading, MAGoogle Scholar
  7. 7.
    Filar J, Vrieze K (1996) Competitive Markov decision processes. Springer, Berlin Heidelberg New YorkGoogle Scholar
  8. 8.
    Fudenberg D, Tirole J (1991) Game Theory. MIT Press, Cambridge, MAGoogle Scholar
  9. 9.
    Hespanha JP, Bohacek S (2001) Preliminary results in routing games. In: Proceedings of the 2001 American Control conference, 3:1904–1909Google Scholar
  10. 10.
    Jha S, Sheyner O, Wing J (2002) Minimization and reliability analyses of attack graphs. Carnegie Mellon University Technical Report CS-02-109, FebruaryGoogle Scholar
  11. 11.
    McInerney J, Stubberud S, Anwar S, Hamilton S (2001) Friars: a feedback control system for information assurance using a markov decision process. In: Proceedings of the IEEE 35th annual international Carnahan conference on security technology, pp 223–228Google Scholar
  12. 12.
    Meadows C (2001) A cost-based framework for analysis of denial of service in networks. J Comput Secur 9(1–2):143–164Google Scholar
  13. 13.
    Sheyner O, Jha S, Wing J (2002) Automated generation and analysis of attack graphs. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CAGoogle Scholar
  14. 14.
    Stoneburner G, Goguen A, Feringa A (2001) Risk management guide for information technology systems. National Institute of Standards and Technology Special Publication, 800(30)Google Scholar
  15. 15.
    Syverson PF (1997) A different look at secure distributed computation. In: Proceedings of the 10th workshop on computer security foundations, pp 109–115Google Scholar

Copyright information

© Springer-Verlag 2005

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringCarnegie Mellon UniversityPittsburghUSA
  2. 2.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations