How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games

Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, David Brumley

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Automated techniques and tools for finding, exploiting and patching vulnerabilities are maturing. In order to achieve an end goal such as winning a cyber-battle, these techniques and tools must be wielded strategically. Currently, strategy development in cyber - even with automated tools - is done manually, and is a bottleneck in practice. In this paper, we apply game theory toward the augmentation of the human decision-making process.Our work makes two novel contributions. First, previous work is limited by strong assumptions regarding the number of actors, actions, and choices in cyber-warfare. We develop a novel model of cyber-warfare that is more comprehensive than previous work, removing these limitations in the process. Second, we present an algorithm for calculating the optimal strategy of the players in our model. We show that our model is capable of finding better solutions than previous work within seconds, making computer-time strategic reasoning a reality. We also provide new insights, compared to previous models, on the impact of optimal strategies.

Original languageEnglish (US)
Title of host publicationProceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017
PublisherIEEE Computer Society
Pages7-21
Number of pages15
ISBN (Electronic)9781538632161
DOIs
StatePublished - Sep 25 2017
Externally publishedYes
Event30th IEEE Computer Security Foundations Symposium, CSF 2017 - Santa Barbara, United States
Duration: Aug 21 2017Aug 25 2017

Other

Other30th IEEE Computer Security Foundations Symposium, CSF 2017
CountryUnited States
CitySanta Barbara
Period8/21/178/25/17

Fingerprint

Military operations
Game theory
Decision making

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Bao, T., Shoshitaishvili, Y., Wang, R., Kruegel, C., Vigna, G., & Brumley, D. (2017). How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games. In Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017 (pp. 7-21). [8049648] IEEE Computer Society. https://doi.org/10.1109/CSF.2017.34

How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games. / Bao, Tiffany; Shoshitaishvili, Yan; Wang, Ruoyu; Kruegel, Christopher; Vigna, Giovanni; Brumley, David.

Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017. IEEE Computer Society, 2017. p. 7-21 8049648.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bao, T, Shoshitaishvili, Y, Wang, R, Kruegel, C, Vigna, G & Brumley, D 2017, How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games. in Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017., 8049648, IEEE Computer Society, pp. 7-21, 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, United States, 8/21/17. https://doi.org/10.1109/CSF.2017.34
Bao T, Shoshitaishvili Y, Wang R, Kruegel C, Vigna G, Brumley D. How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games. In Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017. IEEE Computer Society. 2017. p. 7-21. 8049648 https://doi.org/10.1109/CSF.2017.34
Bao, Tiffany ; Shoshitaishvili, Yan ; Wang, Ruoyu ; Kruegel, Christopher ; Vigna, Giovanni ; Brumley, David. / How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games. Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017. IEEE Computer Society, 2017. pp. 7-21
@inproceedings{2a1702d12d0544d5ae1eab5004f595c4,
title = "How Shall We Play a Game?: A Game-theoretical Model for Cyber-warfare Games",
abstract = "Automated techniques and tools for finding, exploiting and patching vulnerabilities are maturing. In order to achieve an end goal such as winning a cyber-battle, these techniques and tools must be wielded strategically. Currently, strategy development in cyber - even with automated tools - is done manually, and is a bottleneck in practice. In this paper, we apply game theory toward the augmentation of the human decision-making process.Our work makes two novel contributions. First, previous work is limited by strong assumptions regarding the number of actors, actions, and choices in cyber-warfare. We develop a novel model of cyber-warfare that is more comprehensive than previous work, removing these limitations in the process. Second, we present an algorithm for calculating the optimal strategy of the players in our model. We show that our model is capable of finding better solutions than previous work within seconds, making computer-time strategic reasoning a reality. We also provide new insights, compared to previous models, on the impact of optimal strategies.",
author = "Tiffany Bao and Yan Shoshitaishvili and Ruoyu Wang and Christopher Kruegel and Giovanni Vigna and David Brumley",
year = "2017",
month = "9",
day = "25",
doi = "10.1109/CSF.2017.34",
language = "English (US)",
pages = "7--21",
booktitle = "Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - How Shall We Play a Game?

T2 - A Game-theoretical Model for Cyber-warfare Games

AU - Bao, Tiffany

AU - Shoshitaishvili, Yan

AU - Wang, Ruoyu

AU - Kruegel, Christopher

AU - Vigna, Giovanni

AU - Brumley, David

PY - 2017/9/25

Y1 - 2017/9/25

N2 - Automated techniques and tools for finding, exploiting and patching vulnerabilities are maturing. In order to achieve an end goal such as winning a cyber-battle, these techniques and tools must be wielded strategically. Currently, strategy development in cyber - even with automated tools - is done manually, and is a bottleneck in practice. In this paper, we apply game theory toward the augmentation of the human decision-making process.Our work makes two novel contributions. First, previous work is limited by strong assumptions regarding the number of actors, actions, and choices in cyber-warfare. We develop a novel model of cyber-warfare that is more comprehensive than previous work, removing these limitations in the process. Second, we present an algorithm for calculating the optimal strategy of the players in our model. We show that our model is capable of finding better solutions than previous work within seconds, making computer-time strategic reasoning a reality. We also provide new insights, compared to previous models, on the impact of optimal strategies.

AB - Automated techniques and tools for finding, exploiting and patching vulnerabilities are maturing. In order to achieve an end goal such as winning a cyber-battle, these techniques and tools must be wielded strategically. Currently, strategy development in cyber - even with automated tools - is done manually, and is a bottleneck in practice. In this paper, we apply game theory toward the augmentation of the human decision-making process.Our work makes two novel contributions. First, previous work is limited by strong assumptions regarding the number of actors, actions, and choices in cyber-warfare. We develop a novel model of cyber-warfare that is more comprehensive than previous work, removing these limitations in the process. Second, we present an algorithm for calculating the optimal strategy of the players in our model. We show that our model is capable of finding better solutions than previous work within seconds, making computer-time strategic reasoning a reality. We also provide new insights, compared to previous models, on the impact of optimal strategies.

UR - http://www.scopus.com/inward/record.url?scp=85033785159&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85033785159&partnerID=8YFLogxK

U2 - 10.1109/CSF.2017.34

DO - 10.1109/CSF.2017.34

M3 - Conference contribution

AN - SCOPUS:85033785159

SP - 7

EP - 21

BT - Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017

PB - IEEE Computer Society

ER -