A Decision-Making Model in a Cyber Conflicts Acted Upon Vulnerability, Based on Game Theoretic Analysis

Document Type : Original Article

Authors

Abstract

It is crucial to predict the other side possible actions in any conflict, especially in cyber security and
cyberwars. In this paper, based on game theoretic analytical model, the decision-making process of two
rivals during detection of vulnerability is discussed in cyberspace. Comparing the earlier approaches, the
assumptions are made more realistic, such as possible retaliation of the opposed side, asymmetrical payoffs
and risk of failure during usage of vulnerability and penetration. In order to achieve this goal, a new structure
is proposed based on real conflicts in cyberwar. The proposed game is in extensive form with imperfect
information in which the vulnerability is detected by chance for players. Based on Nash equilibrium concept,
analytical approach proves that whenever players’ ability for cyber-attack are close together, both
sides will attend aggressive acts. The ability to detect vulnerabilities has less impact on strategy.

Keywords

References

   [1]      cenzic“ ,Application Vulnerability Trends Report”, http://www.cenzic.com/, campbell, 2014.##
   [2]      Secunia, “annual report on vulnerabilities exploited, ”2015. http://secunia.com/resources/vulnerability-review/introduction/##
   [3]      S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, and Q. Wu, “A Survey of Game Theory as Applied to Network Security,” in Proceedings of the 43rd Hawaii International Conference on System Sciences, 2010.##
   [4]      J. Jormakka and V. E. Molsa, “Modelling information warfare,” in Journal of Information Warfare, vol. 4(2), 2005.##
   [5]      L. Carin, G. Cybenko, and J. Hughes, “Quantitative evaluation of risk for investment efficient strategies in cybersecurity: The queries methodology,” in IEEE Computer, 2008.##
   [6]      K. Lye and J. Wing, “Game strategies in network security,” in Proceedings of the Foundations of Computer Security, 2002.##
   [7]       C. Xiaolin, T. Xiaobin, and Z. Yong, “A markov game theory-based risk assessment model for network,” in International conference on computer science and software engineering, 2008.##
   [8]      T. Alpcan and T. Baser, “An intrusion detection game with limited observations,” in Proc. of the 12th Int. Symp. on Dynamic Games and Applications, 2006.##
   [9]       C. Nguyen, T. Alpcan, and T. Baser, “Security games with incomplete information,” in Proc. of IEEE Intl. Conf. on Communications(ICC), 2009.##
     [10]      Z. Chen, “Modeling and defending against internet worm attacks,” in Ph.D Dissertation at Georgia Institute Of Technology, 2007.##  
[11]       M. Hasani and M. Forooghy, “The Study and Evaluation of the Effect of Peer-to-peer Network Users’ Behavior in Passive Worm Propagation,” Padafand cyberi, 2014. (In Persian)##
[12]      M. Zhang, Z. Zheng, and N. Shroff, “A Game Theoretic Model for Defending Against Stealthy Attacks with,” In Decision and Game Theory for Security, Springer, Berlin/Heidelberg, Germany, 2015.##
[13]       A. sharifi, M. Zadsar, and M. sheikholeslami, “Effects of cyber attacks on the electricity market using game theory,” National Conference of Technology, Energy and Data on Electrical & Computer Engineering, Kermanshah, Iran, 2016. (In Persian)##
[14]      A. Friedman, T. Moore, and A. Procaccia, “The Dynamics of US Cybersecurity Policy Priorities,” Center for Research on Computation & Society, Harvard University, 2010.##

Files

History

  • Receive Date: 10 March 2017
  • Revise Date: 20 February 2019
  • Accept Date: 19 September 2018
  • Publish Date: 23 July 2018

Share

How to cite

Statistics