Of Threats and Costs: A Game-Theoretic Approach to Security Risk Management

  • Patrick Maillé
  • Peter Reichl
  • Bruno Tuffin
Part of the Springer Optimization and Its Applications book series (SOIA, volume 46)


Security is one of the main concerns in current telecommunication networks: the service providers and individual users have to protect themselves against attacks, and to this end a careful analysis of their optimal strategies is of essential importance. Indeed, attackers and defenders are typically agents trying strategically to design the most important damages and the most secure use of the resources, respectively, and the natural modelling framework of these interactions is that of noncooperative game theory. This chapter aims at providing a comprehensive review of game-theoretic aspects of security. We first describe the basics on game theory through simple security problems, and then present and discuss some specific problems in more detail. Finally, we also deal with security economics, focusing on the selfish relationships between customers and providers as well as between competing providers, which represents another important aspect of our non-standard approach towards security risk assessement.


Nash Equilibrium Intrusion Detection Mixed Strategy Pure Strategy Malicious Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The authors acknowledge the support of European initiative COST IS0605, Econ@tel. Part of this work has been supported by the Austrian government and the city of Vienna in the framework of the COMET competence centre program and by the French research agency through the FLUOR project.


  1. 1.
    Agah A, Das SK (2007) Preventing DoS attacks in wireless sensor networks: A repeated game theory approach. Int J Netw Secur 5(2):145–153Google Scholar
  2. 2.
    Alpcan T, Başar T (2003) A game theoretic approach to decision and analysis in network intrusion detection. In: Proceedings of the 42nd Conference on Decision and Control, Maui, HIGoogle Scholar
  3. 3.
    Altman E, Boulogne T, El-Azouzi R, Jiménez T, Wynter L (2006) A survey on networking games in telecommunications. Comput Oper Res. 33(2)Google Scholar
  4. 4.
    Anderegg L, Eidenbenz S (2003) Ad hoc-VCG: A truthful and cost-efficient routing protocol for mobile ad hoc networks with selfish agents. In: Proceedings of the 9th Annual International Conference on Mobile Computing and Networking (MobiCom 2003), San Diego, CA, USA, pp 245–259Google Scholar
  5. 5.
    Bistarelli S, Dall’Aglio M, Peretti P (2006) Strategic games on defense trees. In: Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust (FAST’06), LNCS 4691, Hamilton, Ontario, Canada, pp 1–15Google Scholar
  6. 6.
    Bohacek N, Hespanha JP, Lee J, Lim C, Obraczka K (2007) Game theoretic stochastic routing for fault tolerance and security in computer networks. IEEE Trans Parallel Distrib Syst 18(9):1227–1240CrossRefGoogle Scholar
  7. 7.
    Chandramouli R (2007) Economics of security: Research challenges. In: Proceedings of the 16th International Conference on Computer Communications and Networks (ICCCN’2007), Hawaii, USAGoogle Scholar
  8. 8.
    Courcoubetis C, Weber R (2003) Pricing communication networks—economics, technology and modelling. Wiley, ChichesterCrossRefGoogle Scholar
  9. 9.
    Feigenbaum J, Papadimitriou C, Sami R, Shenker S (2002) A BGP-based mechanism for lowest-cost routing. In: Proceedings of the 21st ACM Symposium on Principles of Distributed Computing, Monterey, California, USA, pp 173–182Google Scholar
  10. 10.
    Fudenberg D, Tirole J (1991) Game theory. MIT, Cambridge, MAGoogle Scholar
  11. 11.
    Ganesh A, Gunawardena D, Jey P, Massoulié L, Scott J (2006) Efficient quarantining of scanning worms: Optimal detection and co-ordination. In: Proceedings of IEEE INFOCOM 2006, Barcelona, SpainGoogle Scholar
  12. 12.
    Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans Inf Syst Secur 5(4):438–457CrossRefGoogle Scholar
  13. 13.
    Hershberger J, Suri S (2001) Vickrey prices and shortest paths: What is an edge worth? In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science, Las Vegas, Nevada, USA, pp 252–259Google Scholar
  14. 14.
    Jormakka J, Mölsä J (2005) Modelling information warfare as a game. J Inf Warf 4(2):12–25Google Scholar
  15. 15.
    Kodialam M, Lakshman TV (2003) Detecting network intrusions via sampling: A game theoretic approach. In: Proceedings of IEEE INFOCOM, San Francisco, CA, USAGoogle Scholar
  16. 16.
    Liu P, Zang W, Yu M (2005) Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans Inf Syst Secur 8(1):78–118. doi: CrossRefGoogle Scholar
  17. 17.
    Lye KW, Wing JM (2005) Game strategies in network security. Int J Netw Secur 4(1–2):71–86Google Scholar
  18. 18.
    McKnight L, Solomon R, Reagle J, Carver D, Johnson C, Gerovac B, Gingold D (1997) Information security for internet commerce. In: McKnight LW, Bailey JP (eds) Internet economics. MIT, Cambridge, MA, pp 435–452Google Scholar
  19. 19.
    Michiardi P, Molva R (2002) Game theoretic analysis of security in mobile ad hoc networks. Tech. Rep. RR-02–070, Institut EurécomGoogle Scholar
  20. 20.
    Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) Inside the slammer worm. IEEE Secur Priv 1(4):33–39CrossRefGoogle Scholar
  21. 21.
    Osborne MJ, Rubinstein A (1994) A course in game theory. MIT, Cambridge, MAMATHGoogle Scholar
  22. 22.
    Patcha A, Park JM (2004) A game theoretic approach to modeling intrusion detection in mobile ad hoc networks. In: Proceedings of IEEE Workshop on Information Assurance and Security, West Point, NY, USA, pp 30–34Google Scholar
  23. 23.
    Patcha A, Park JM (2006) A game theoretic formulation for intrusion detection in mobile ad hoc networks. Int J Netw Secur 2(2):131–137Google Scholar
  24. 24.
    Racz P, Stiller B (2006) A service model and architecture in support of ip service accounting. In: Management of integrated end-to-end communications and services, Proceedings of the 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006, Vancouver, Canada, April 3–7, 2006. IEEE, pp 1–12Google Scholar
  25. 25.
    Sallhammar K, Helvik BE, Knapskog SJ (2006) A game-theoretic approach to stochastic security and dependability evaluation. In: Proceedings of the 2nd IEEE Intl Symposium on Dependable, Autonomic and Secure Computing (DASC), Indianapolis, IN, USAGoogle Scholar
  26. 26.
    Seeley D (1989) A tour of the worm. In: Proceedings of the Winter USENIX Conference, San Diego, California, USAGoogle Scholar
  27. 27.
    Somayaji A (2004) How to win an evolutionary arms race. IEEE Secur Priv, 2(6):70–72CrossRefGoogle Scholar
  28. 28.
    Theodorakopoulos G, Baras JS (2008) Game theoretic modeling of malicious users in collaborative networks. IEEE J Select Areas Commun 26(7):1317–1327CrossRefGoogle Scholar
  29. 29.
    Wang H, Liang Y, Liu X (2008) Stochastic game theoretic method of quantification for network situational awareness. In: Proceedings of the International Conference on Internet Computing in Science and Engineering (ICICSE), Harbin, Leilongjiang, China, pp 312–316Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.Institut TelecomCesson-Sévigné CedexFrance
  2. 2.Telecom BretagneCesson-Sévigné CedexFrance
  3. 3.Telecommunications Research Center Vienna (ftw.)WienAustria
  4. 4.INRIA Rennes – Bretagne AtlantiqueRennes CedexFrance

Personalised recommendations