Deterrence Model in Cyberspace Based on Bayesian Belief Attack Graph by using Risk Creating Payoff Function

Document Type : Original Article

Authors

1 melli defence university

2 modarres tarbiat university

3 tehran university

Abstract

Today, the rapid growth of dependence of human life on the cyberspace has raised the attention of the enemies of every society to the threats in this space. Several cyberattacks that have taken place in countries such as Estonia, Georgia and the Islamic Republic of Iran in the past, warn that the future of cyberspace will not be free of threats and attacks. Deterrence has always been a very important issue for all countries. In this practical and developmental research, we present Strategical Deterrence model in cyberspace. The game theory will help us model and analyze the deterrent model and descriptive and mathematical          inferences will be used to analyze the model. Finally, in this paper, a strategical model for deterrence in cyberspace will be presented in four stages: the current, optimal, gap analysis and warning stages based on the signaling game with incomplete information. Finally after describing each components of the model and their relationship with each other, it has been shown that the amount of equilibrium can indicate the status of the players in the three situation of conflict, balance and mutual weakness, and only in two situation of balance and mutual weakness, the deterrence will exist.
 

Keywords


1.     C. D. Organization and P. D. Organization, “Cyber defense strategy ducument of iran,” Papsa (monthly journal ), no. 1, May 22, 2014.##
2.     F. C. Zagare and D. M. Kilgour, “Perfect deterrence,” Cambridge University Press, vol. 72, 2000.##
3.     M. C. Libicki, “Cyberdeterrence and cyberwar,” Rand Corporation, 2009.##
4.     V. M. Payappalli, J. Zhuang, and V. R. R. Jose, “Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts,” Risk Analysis, 2017.##
5.     H. Vahidpoor, “The need for cyber defensive and offensive capabilities as deterrence factors,” in The 6th Congress of the Iranian Geopolitical Association Passive Defense, Mashhad, 2013.##
6.     A. Dehghani, “Cyber Deterrence in global modern security: Russia's and China's threats against the critical US infrastructure,” Journal of Quarterly political and international approaches, year. 8 , no.4, pp. 121-147, 2018.##
 
7.     T. Mowbray, “Solution architecture for cyber deterrence,” 2010.##
8.     S. W. Beidleman, “Defining and deterring cyber war,” DTIC Document, 2009.##
9.     R. J. Moore, “Prospects for cyber deterrence,” DTIC Document, 2008.##
10.   K. Hausken and J. Zhuang, “The timing and deterrence of terrorist attacks due to exogenous dynamics,” Journal of the Operational Research Society, vol. 63, no. 6, pp. 726-735, 2012.##
11.   J. S. Liles and J. Davidson, “Modern Cyber Deterrence Theory: Norms,” Assumptions and Implications, 2013.##
12.   E. T. Jensen, “Cyber Deterrence,” 2012.##
13.   K. Taipale, “Cyber-deterrence, Law, Policy and Technology: Cyberterrorism, Information, Warfare, Digital and Internet Immobilization,” IGI Global, 2010.##
14.   J. P. Kesan and C. M. Hayes, “Mitigative counterstriking: Self-defense and deterrence in cyberspace,” Harv. JL & Tech., vol. 25, p. 429, 2011.##
15.   W. Goodman, “Cyber deterrence: Tougher in theory than in practice?,” DTIC Document, 2010.##
16.   P. M. Morgan, “Applicability of Traditional Deterrence Concepts and Theory to the Cyber Realm,” in Proceedings of a Workshop on Deterring Cyber Attacks: Informing Strategies and Developing Options for US Policy, 2010.##
17.   R. L. Kugler, “Deterrence of cyber attacks,” Cyberpower and national security, p. 320, 2009.##
18.   M. Rice, J. Butts, and S. Shenoi, “A signaling framework to deter aggression in cyberspace,” International Journal of Critical Infrastructure Protection, vol. 4, no. 2, pp. 57-65, 2011.##
19.   H. Schramm, et al., “A game theoretic model of strategic conflict in cyberspace,” In Proceedings of the 7th International Conference on Information Warfare and Security, Academic Conferences Limited, 2012.##
20.   E. F. Taquechel and T. G. Lewis, “How to Quantify Deterrence and Reduce Critical Infrastructure Risk,” 2012.##
21.   W. Casey, et al., “Compliance signaling games: toward modeling the deterrence of insider threats,” Computational and Mathematical Organization Theory, pp. 1-32, 2016.##
22.   S. Abbas, M. Merabti, and D. Llewellyn-Jones, “Deterring whitewashing attacks in reputation based schemes for mobile ad hoc networks,” in Wireless Days (WD), 2010 IFIP, IEEE, 2010.##
23.   J. Cui, H. Rosoff, and R. S. John, “Deterrence of Cyber Attackers in a Three-Player Behavioral Game,” in International Conference on Decision and Game Theory for Security, Springer, 2017.##
24.   S. Garg and G. S. Aujla, “An attack tree based comprehensive framework for the risk and security assessment of VANET using the concepts of game theory and fuzzy logic,” Journal of Emerging Technologies in Web Intelligence, vol. 6, no. 2, pp. 247-252, 2014.##
25.   Y. Sun, Z. Li, and W. Chaoxia, “Cloud computing risk assessment method based on game theory,” in Cyberspace Technology (CCT 2015), Third International Conference on, IET, 2015.##
26.   R. Jiang, J. Luo, and X. Wang, “An attack tree based risk assessment for location privacy in wireless sensor networks,” in Wireless Communications, Networking and Mobile Computing (WiCOM), 2012 8th International Conference on, IEEE, 2012.##
27.   E. Furuncu and I. Sogukpinar, “Scalable risk assessment method for cloud computing using game theory (CCRAM),” Computer Standards & Interfaces, vol. 38, pp. 44-50, 2015.##
28.   S. A. Cheharsoghi, et al., “Applicable of Artificial Neural Network in information security risk assessment,” Cyber and electronic defense journal of imam hossein university, pp. 23-33, 2013.##
29.   K. Marjan, A. Hasan, and A. Ahmad, “Providing a framework for preventing network intrusion as low cost,” 20th iranian conferance on electronical engineering, 2012.##
30.   K. Masoud, et al., “Cost-benefit analysis of security risks using decision-making bayesian networks,” 20th yearly national conferance of computer society of iran, 2015.##
31.   M. Khosravi-Farmad, et al., “Network security risk mitigation using Bayesian decision networks,” in Computer and Knowledge Engineering (ICCKE), 2014 4th International eConference on, IEEE, 2014.##