Game Theory and Cyber Defense

  • Abderrahmane SokriEmail author
Part of the International Series in Operations Research & Management Science book series (ISOR, volume 280)


The extensive use of information technology systems in military sector has changed the face of the battlefield and the nature of war. A growing body of literature argues that the game-theoretic reasoning is well-suited to many problems in cyber defense. A game between a defender and an attacker trying to gain access to computers remotely is a typical strategic interaction in this domain. This chapter discusses how game theory can be applied in cyberspace. It offers a comprehensive review of literature on the application of game theory in this area. It proposes and illustrates a new game formulation combining game theory and other techniques. The chapter highlights the recognized challenges associated with the applicability of game theory in the cyber world. It discusses how the game-theoretic formalism can be adapted to obtain sound solutions in a reasonable time.


Game theory Cyber defense Cyberattack Cybersecurity Common knowledge 


  1. Acquaviva, J. R. (2017). Optimal cyber-defence strategies for advanced persistent threats: A game theoretical analysis. Master Thesis, The Pennsylvania State University.Google Scholar
  2. Adams, A., Reich, P., & Weinstein, S. (2012). A non-militarised approach to cyber-security. In E. Filiol & R. Erra (Eds.), Proceedings of the 11th European Conference on Information Warfare and Security (pp. 1–8). Laval: Academic Conferences & Publishing International Ltd.Google Scholar
  3. Alpcan, T., & Basar, T. A. (2004). Game theoretic approach to decision and analysis in network intrusion detection. In Proceedings of the 42nd IEEE Conference on Decision and Control. Hawaii: IEEE.Google Scholar
  4. An, B., Tambe, M., Ordonez, F., Shieh, E., & Kiekintveld, C. (2011). Refinement of strong Stackelberg equilibria in security games. In Proceedings of the 25th Conference on Artificial Intelligence (pp. 587–593). Los Alamitos, CA: IEEE.Google Scholar
  5. Aslanoglu, R., & Tekir, S. (2012). Recent cyberwar spectrum and its analysis. In Proceedings of the 11th European Conference on Information Warfare and Security (pp. 45–52). Laval: Academic Conferences & Publishing International Ltd..Google Scholar
  6. Azaiez, N., & Bier, V. M. (2007). Optimal resource allocation for security in reliability systems. European Journal of Operational Research, 181(2), 773–786.CrossRefGoogle Scholar
  7. Bachrach, Y., Porat, E., & Rosenschein, J. S. (2013). Sharing rewards in cooperative connectivity games. Journal of Artificial Intelligence Research, 47, 281–311.CrossRefGoogle Scholar
  8. Baston, V. J., & Bostock, F. A. (1988). Deception games. International Journal of Game Theory, 17(2), 129–134.CrossRefGoogle Scholar
  9. Bernier, M., LeBlanc, S., & Morton, B. (2012). Metrics framework of cyber operations on command and control. In Proceedings of the 11th European Conference on Information Warfare and Security (pp. 53–62). Laval: Academic Conferences & Publishing International Ltd..Google Scholar
  10. Bier, V. M., Cox, L. A., & Azaiez, M. N. (2009). Why both game theory and reliability theory are important in defending infrastructure against intelligent attacks (chapter 1). In V. M. Bier & M. N. Azaiez (Eds.), Game theoretic risk analysis of security threats (pp. 1–11). New York: Springer.CrossRefGoogle Scholar
  11. Bloem, M., Alpcan, T., & Basar, T. (2006). Intrusion response as a resource allocation problem. In IEEE Conference on Decision and Control. Piscataway, NJ: IEEE.Google Scholar
  12. Bowen, P., Hash, J., & Wilson, M. (2006). Information security handbook: A guide for managers. Gaithersburg, MD: NIST Special Publication 800–100.CrossRefGoogle Scholar
  13. Brandenburger, A. (2007). Cooperative game theory: Characteristic functions, allocations, marginal contribution. New York: Stern School of Business, New York University.Google Scholar
  14. Breton, M., Sokri, A., & Zaccour, G. (2008). Incentive equilibrium in an overlapping-generations environmental game. European Journal of Operational Research, 185(2), 687–699.CrossRefGoogle Scholar
  15. Browne, R. (2000). C4I defensive infrastructure for survivability against multi-mode attacks. In Proceedings of 21st Century Military Communication-Architectures and Technologies for Information Superiority. Piscataway, NJ: IEEE.Google Scholar
  16. Carroll, T. E., & Grosu, D. (2011). A game theoretic investigation of deception in network security. Security and Communication Networks, 4(10), 1162–1172.CrossRefGoogle Scholar
  17. Cohen, F. (1998). A note on the role of deception in information protection. Computers and Security, 17(6), 483–506.CrossRefGoogle Scholar
  18. Coniglio, S. (2013). Algorithms for finding leader-follower equilibrium with multiple followers. Ph.D. Thesis, Politecnico di Milano.Google Scholar
  19. Do, C. T., Tran, N. H., Hong, C., Kamhoua, C. A., Kwiat, K. A., Blasch, E., Ren, S., Pissinou, N., & Iyengar, S. S. (2017). Game theory for cyber security and privacy. ACM Computing Surveys (CSUR), 50(2), 30.CrossRefGoogle Scholar
  20. Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2014). Game theory meets information security management. In Information Security and Privacy Conference (pp. 15–29). Berlin: Springer.Google Scholar
  21. Guan, Y., & Zhang, L. (2010). Network forensics. In J. R. Vacca (Ed.), Managing information security (pp. 197–212). Rockland, MA: Syngress.Google Scholar
  22. Gueye, A. (2011). A game theoretical approach to communication security. Ph.D. Dissertation, University of California.Google Scholar
  23. Hobbs, J. (2015). Dominion: A game of information exploitation. Master Thesis, University of New Mexico.Google Scholar
  24. Information Resources Management Association. (2018). Game theory: Breakthroughs in research and practice (1st ed.). Hershey PA: IGI Global.CrossRefGoogle Scholar
  25. Jafarian, J. H., Al-Shaer, E., & Duan, Q. (2013). Formal approach for route agility against persistent attackers. In 18th European Symposium on Research in Computer Security. Egham: Springer.Google Scholar
  26. Jain, M., Tsai, J., Pita, J., Kiekintveld, C., Rathi, S., Ordone, F., & Tambe, M. (2010). Software assistants for randomized patrol planning for the LAX airport police and the federal air marshals service. Interfaces, 40(4), 267–290.CrossRefGoogle Scholar
  27. Kiekintveld, C., Lisy, V., & Pibil, R. (2015). Game-theoretic foundations for the strategic use of honeypots in network security. In Cyber warfare (pp. 81–101). Berlin: Springer.CrossRefGoogle Scholar
  28. Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., & Tambe, M. (2011). Stackelberg vs. nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. Journal of Artificial Intelligence Research, 41, 2011.CrossRefGoogle Scholar
  29. Liang, X., & Xiao, Y. (2013). Game theory for network security. IEEE Communications Surveys and Tutorials, 15(1), 472–486.CrossRefGoogle Scholar
  30. Liu, P., Zang, W., & Yu, M. (2005). Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Transactions on Information and System Security, 8(1), 2005.Google Scholar
  31. Matyas, V., & Riha, Z. (2002). Biometric authentication — security and usability. In B. Jerman-Blazic & T. Klobucar (Eds.), Advanced communications and multimedia security. The International Federation for Information Processing (IFIP) (Vol. 100). Boston, MA: Springer.Google Scholar
  32. McCarty, B. (2003). The honeynet arms race. IEEE Security Privacy, 1(6), 79–82.CrossRefGoogle Scholar
  33. McDowell, M. (2009). Understanding denial-of-service attacks. Security Tip (ST04–015). Washington, DC: US-CERT.Google Scholar
  34. Miyachi, T., Narita, H., Yamada, H., & Furuta, H. (2011). Myth and reality on control system security revealed by Stuxnet. In The Society of Instrument and Control Engineers (SICE) Annual Conference (pp. 1537–1540). Piscataway, NJ: IEEE.Google Scholar
  35. Moisan, F., & Gonzalez, C. (2017). Security under uncertainty: Adaptive attackers are more challenging to human defenders than random attackers. Frontiers in Psychology, 8, 982.CrossRefGoogle Scholar
  36. Moore, T., Friedman, A., & Procaccia, A. D. (2010). Would a ‘Cyber Warrior’ protect us? Exploring trade-offs between attack and defense of information systems. In Proceedings of the 2010 Workshop on New Security Paradigms (pp. 85–94). New York: ACM.CrossRefGoogle Scholar
  37. Musman, S., & Turner, A. J. (2018). A game oriented approach to minimizing cybersecurity risk. International Journal of Safety and Security Engineering, 8(2), 212–222.CrossRefGoogle Scholar
  38. Myerson, R. B. (1991). Game theory: Analysis of conflict. Cumberland, MD: Harvard University Press.Google Scholar
  39. Nicholson, A., Watson, T., Norris, P., Duffy, A., & Isbell, R. (2012). A taxonomy of technical attribution techniques for cyber attacks. In E. Filiol & R. Erra (Eds.), Proceedings of the 11th European Conference on Information Warfare and Security (pp. 188–197). Laval: Academic Conferences & Publishing International Ltd..Google Scholar
  40. NIST. (2002). Risk management guide for information technology systems (pp. 800–830). Gaithersburg, MD: NIST Special Publication.Google Scholar
  41. Ottis, R. (2008). Analysis of the 2007 cyber attacks against Estonia from the information warfare perspective. In Proceedings of the 7th European Conference on Information Warfare (pp. 163–168). Plymouth: Academic.Google Scholar
  42. Pibil, R., Lisy, V., Kiekintveld, C., Bosansky, B., & Pechoucek, M. (2012). Game theoretic model of strategic honeypot selection in computer networks. In J. Grossklags & J. Walrand (Eds.), Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science (pp. 201–220). Heidelberg: Springer.Google Scholar
  43. Podins, K., & Czosseck, C. (2012). A vulnerability-based model of cyber weapons and its implications for cyber conflict. International Journal of Cyber Warfare and Terrorism, 2(1), 14–26.CrossRefGoogle Scholar
  44. Rasouli, M., Miehling, E., & Teneketzis, D. (2014). A supervisory control approach to dynamic cyber-security. In R. Poovendran & W. Saad (Eds.), Decision and game theory for security (pp. 99–117). New York: Springer International Publishing.Google Scholar
  45. Robinson, M., Jones, K., & Janicke, H. (2015). Cyber warfare: Issues and challenges. Computer and Security, 49, 70–94.CrossRefGoogle Scholar
  46. Rowe, N. C., Custy, E. J., & Duong, B. T. (2007). Defending cyberspace with fake honeypots. Journal of Computers, 2(2), 25–36.CrossRefGoogle Scholar
  47. Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., & Wu, Q. (2010). A survey of game theory as applied to network security. Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS), 43(Part 1), 880–889.Google Scholar
  48. Shamshirband, S., Patel, A., Anuar, N. B., Kiah, M. L. M., & Abraham, A. (2014). Cooperative game theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor networks. Engineering Applications of Artificial Intelligence, 32, 228–241.CrossRefGoogle Scholar
  49. Shiva, S., Bedi, H., Simmons, C., Fisher, M., & Dharam, R. (2012). A holistic game inspired defense architecture. In International Conference on Data Engineering and Internet Technology. Los Alamitos, CA: IEEE.Google Scholar
  50. Sokri, A. (2018). Optimal resource allocation in cyber-security: A game theoretic approach. Procedia Computer Science, 134, 283–288.CrossRefGoogle Scholar
  51. Tambe, M. (2011). Security and game theory: Algorithms, deployed systems, lessons learned. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
  52. The American Department of Defence (DoD). (2011). Cyber Intelligence Preparation of the Environment (CIPE). Technical Task Order 11-0002, Version 1. Google Scholar
  53. van Vuuren, J. J., Phahlamohlaka, J., & Leenen, L. (2012). Governance of Cybersecurity in South Africa. In Proceedings of the 11th European Conference on Information Warfare and Security (pp. 135–144). Laval: Academic Conferences & Publishing International Ltd..Google Scholar
  54. Wheeler, D. A., & Larsen, G. N. (2003). Techniques for cyber attack attribution. Alexandria, VA: Institute for Defense Analysis. IDA Paper P-3792.CrossRefGoogle Scholar
  55. Zakrzewska, A., & Ferragut, E. (2011). Modeling cyber conflicts using an extended petri net formalism. In Proceedings of IEEE Symposium on Computational Intelligence in Cyber Security (pp. 60–67). Piscataway, NJ: IEEE.Google Scholar
  56. Ziolkowski, K. (2010). Computer network operations and the law of armed conflict. Military Law and Law of War Review, 49(2), 47–94.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Government of Canada, Department of National DefenceOttawaCanada

Personalised recommendations