This book constitutes the refereed proceedings of the 14th International Conference on Decision and Game Theory for Security, GameSec 2023, held in Avignon, France, during October 18–20, 2023.
The 19 full papers and 4 short papers included in this book were carefully reviewed and selected from 33 submissions. They were organized in topical sections as follows: Mechanism design and imperfect information, Security Games, Learning in security games, Cyber deception, Economics of security, Information and privacy and Short articles.
Author(s): Jie Fu (editor), Tomas Kroupa (editor), Yezekael Hayel (editor)
Publisher: Springer
Year: 2023
Language: English
Pages: 420
Preface
Organization
Short Papers
Incentive-Based Software Security: Fair Micro-Payments for Writing Secure Code (Extended Abstract)
Using Game Theory Approach for COVID-19 Risk Analysis and Medical Resource Allocation
Shapley Value to Rank Vulnerabilities on Attack Graphs: Applications to Cyberdeception
Solving Security Models with Perfect Observability
Contents
Mechanism Design and Imperfect Information
Observable Perfect Equilibrium
1 Introduction
2 Observable Perfect Equilibrium
3 No-Limit Poker
4 Conclusion
References
Does Cyber-Insurance Benefit the Insured or the Attacker? – A Game of Cyber-Insurance
1 Introduction
2 Related Work
3 Game of Cyber-Insurance
3.1 Inputs and Output of Cybersecurity Investment and Cyber-Insurance
3.2 Organization's Strategy
3.3 Attacker's Strategy
4 Simulation Study
4.1 Attack Success Rate vs. Optimal Cybersecurity Investment with Cyber-Insurance
4.2 Attacker's Expected Net Payoff
4.3 Attack Strategy
4.4 Cybersecurity Portfolio
5 Conclusion
References
Rule Enforcing Through Ordering
1 Introduction
1.1 Main Contribution
1.2 Related Work
2 Problem Definition
2.1 Round: One Step in Queue
2.2 Queue: A Game on Updating Sequences
2.3 Avalanche Effect
2.4 Division Problem
3 Analytic Solution
3.1 Active Participants
3.2 w-Fines: Special Case of Queue
4 Experiments
4.1 Basic Rational Strategy
4.2 Reinforcement Learning
4.3 Results
5 Conclusion
A Proof of Theorem 1
B Learning Algorithm
References
Security Games
Multi-defender Security Games with Schedules
1 Introduction
2 Background and Related Work
3 Nash-Stackelberg Equilibrium with Scheduling
4 Analysis and Algorithms
4.1 Existence and Computation of NSE Assuming SSAS
4.2 Efficiency of NSE
4.3 Exploiting Additional Structure in Vi
5 Experiments
5.1 Computational Costs of Computing NSE
5.2 Quality of NSE Computed
5.3 Number of Targets Included in NSE
6 Conclusion
A Appendix
A.1 Proof of Lemma 1
A.2 Proof of Lemma 2
A.3 Proof of Theorem 1
A.4 Proof of Lemma 3
A.5 Proof of Theorem 2 where F(t)=F(t')
References
Asymmetric Centrality Game Against Network Epidemic Propagation
1 Introduction
2 Related Work
3 General Model Description
3.1 Problem Description
3.2 System Model
3.3 Definition of the Asymmetric Centrality Game
4 Asymmetric Centrality Game Solution
4.1 Players' Rewards Associated with an Action Profile
4.2 Players' Rewards Associated with a Strategy Profile
4.3 Players Solution Approach
4.4 Nash Equilibria Properties
5 Nash Equilibria Analysis
6 Numerical Illustrations
6.1 Optimal Strategic Defense (OSD) Against Optimal Strategic Attack (OSA): Best Centrality Measure for the Attacker
6.2 Sub-optimal Defense Against Optimal Strategic Attack
7 Conclusion
References
Shades of Grey: Strategic Bimatrix Stopping Games for Modelling (Un)Ethical Hacking Roles
1 Introduction
2 Related Work
3 The Grey-Hat Hacker Stage Game
3.1 Game Description
3.2 Equilibrium Analysis
3.3 Discussion
4 On Bimatrix Games with Rational Payoff Functions
4.1 A Sufficient Condition
4.2 On Rank-1 Bimatrix Games
4.3 Application to Bimatrix Stochastic Stopping Games
5 The Shades of Grey Stochastic Game
5.1 Generic Game
5.2 Rank-1 Games
5.3 Rank-2 Games
5.4 Note on Discounted Games
6 Conclusion
References
Learning in Security Games
Characterizing and Improving the Robustness of Predict-Then-Optimize Frameworks
1 Introduction
1.1 Related Work
2 Background
2.1 Predict-Then-Optimize Problems
2.2 Frameworks for Predict-Then-Optimize
3 Robust Algorithms Anticipating Worst-Case Label Drift
3.1 Modeling Worst-Case Label Drift
3.2 Improving Decision Quality by Anticipating Label Drift: Motivating Examples
3.3 Robust Model Formulations
4 Improving Robustness by Anticipating Label Drift
4.1 Robustness via Defendability
4.2 Bounding Decision Quality Regret
4.3 Robust Algorithms in Practice
5 Experiments
5.1 Experimental Domains
5.2 Discussion of Empirical Results
6 Conclusion
A Omitted Proofs
B Runtime Analysis
C Experimental Setup
D Additional Empirical Analysis
References
Quantisation Effects in Adversarial Cyber-Physical Games
1 Introduction
2 Related Work
3 Problem Definition
4 A Complex, Cyclic Decision-Making Model
4.1 Discrete-Time NBKL Model
5 Game Theoretic Formulation
5.1 Solution Methodologies
6 Results
6.1 Experimental Setup
6.2 Analysis of Computed Policies
6.3 Convergence Analysis
7 Conclusion
References
Scalable Learning of Intrusion Response Through Recursive Decomposition
1 Introduction
2 Related Work
3 The Intrusion Response Use Case
4 Formalizing the Intrusion Response Problem
4.1 Modeling the Infrastructure and Services
4.2 Modeling Actors
4.3 Observability and Strategies
4.4 The Intrusion Response Problem
5 The Intrusion Response Game
6 Decomposing the Intrusion Response Game
6.1 Proof of Theorem 2.A
6.2 Proof of Theorem 2.B
6.3 Proof of Theorem 2.C
7 Finding Nash Equilibria of the Decomposed Game
8 Digital Twin and System Identification
9 Experimental Evaluation
9.1 Learning Best Responses Against Static Opponents
9.2 Learning Equilibrium Strategies Through Fictitious Play
9.3 Discussion of the Evaluation Results
10 Conclusions
References
Cyber Deception
Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach
1 Introduction
2 Related Work
2.1 Attack Graph
2.2 Game Theoretic Deception
2.3 Network Deception
2.4 Mobility in Tactical Network
3 System Model
3.1 Attack Graph Model
3.2 Defender Model
3.3 Attacker Model
3.4 Reward Function
4 Dynamic Game Model
4.1 State Space and Game Transitions
4.2 Nash Equilibrium Analysis
5 Numerical Results
6 Conclusion and Future Work
References
Optimal Resource Allocation for Proactive Defense with Deception in Probabilistic Attack Graphs
1 Introduction
2 Preliminaries and Problem Formulation
3 Main Results
3.1 A Bi-level Optimization Formulation
3.2 Synthesizing Proactive Defense Against a Rational Attacker
3.3 Synthesizing Proactive Defense Against a Bounded Rational Attacker
4 Experiment
4.1 Scalability
5 Conclusion and Future Work
References
The Credential is Not Enough: Deception with Honeypots and Fake Credentials
1 Introduction
2 Related Work
3 Setup and Structure
4 Attacker Strategy
4.1 Determining Server and Credential Identities - Worst Case
4.2 Determining Server and Credential Identities - Average Case
4.3 Attacker Random Access Strategy
5 Defender Strategy
5.1 Theoretical Results
5.2 Simulation
References
Economics of Security
Playing Repeated Coopetitive Polymatrix Games with Small Manipulation Cost
1 Introduction
1.1 Related Work
2 Preliminaries
3 Problem Setting
4 Winning Policies
4.1 Designing Dominance Solvable Games
4.2 Dominance Solvable Policies
4.3 Batch Coordination Policies
5 Additional Objectives
5.1 Winning by the Largest Margin
5.2 Winning with the Lowest Inefficiency Ratio
5.3 Maximizing the Egalitarian Social Welfare
6 Three-Player Iterated Prisoner's Dilemma
6.1 Winning Strategy for a Manipulator
7 Social Distancing Game
7.1 Winning Strategy for a Manipulator
7.2 Maximizing Egalitarian Social Welfare
8 Conclusions
References
Rational Broadcast Protocols Against Timid Adversaries
1 Introduction
2 Preliminaries
3 Rational Broadcast Protocols
4 Our Protocol
4.1 Security Proofs
4.2 Detecting Cheaters
5 Discussion
References
FlipPath Game to Counter Stealthy Attacks in SDN-Based Tactical Networks
1 Introduction
2 Related Work
3 Network Architecture and Operation
4 Problem Formulation
5 Proposed FlipPath Game Model
5.1 Players' Actions
5.2 Players' Strategies
5.3 Game Formulation
5.4 Payoff Functions
5.5 Nash Equilibrium Analysis
6 Computational Simulation
7 Conclusion and Future Work
References
Information and Privacy
Double-Sided Information Asymmetry in Double Extortion Ransomware
1 Introduction
2 Signaling Game
3 Results
3.1 Separating Equilibrium
3.2 Pooling Equilibrium
3.3 The Value of Private Information
4 Conclusion
References
Opacity-Enforcing Active Perception and Control Against Eavesdropping Attacks
1 Introduction
2 Preliminaries and Problem Formulation
3 Main Result: Opacity-Enforcing Winning with 2-Beliefs
3.1 Computing an Opacity-Enforcing Strategy
3.2 When to Stop Tracking P2's Beliefs?
4 Experimental Validation
5 Conclusion and Future Work
A Proof for Lemma 4
B Proof for Theorem 2
References
A Game-Theoretic Analysis of Auditing Differentially Private Algorithms with Epistemically Disparate Herd
1 Introduction
2 Related Work
3 Herd Auditors with Epistemic Disparity
3.1 Bayes Hypothesis Testing as the Auditor's Decision Rule
3.2 Auditor's Choice of the Information Strategy
4 Stackelberg Herd Audit Game
4.1 Connection to Differential Privacy
4.2 Problem Setting for the Developer
4.3 Revisiting the Auditor's Problem
4.4 Revisit the Irresponsible Developer's Problem
5 Equilibrium Analysis
5.1 The Auditor's Optimal Strategy
5.2 The Irresponsible Developer's Optimal Strategy
5.3 Multiple Choices of Privacy Budgets
6 Discussion and Conclusions
References
Modeling and Analysis of a Nonlinear Security Game with Mixed Armament
1 Introduction
1.1 Problem Statement
1.2 Main Contributions
2 The Mixed Armament Competition Model
2.1 Dynamics of Arms Building
2.2 Strategic Relationship
2.3 Target Value
2.4 Security Functions
3 Analysis of the One-Shot Game
3.1 Existence of a Nash Equilibrium
3.2 Uniqueness of the Interior Point Nash Equilibrium
3.3 Distributed Nash Equilibrium Seeking
4 Analysis and Simulations in Case of a Duopoly
4.1 Analytical Analysis
4.2 Numerical Results and Discussions
5 Conclusion
References
Author Index
