Games of timing for security in dynamic environments

Benjamin Johnson, Aron Laszka, Jens Grossklags

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Increasing concern about insider threats, cyber-espionage, and other types of attacks which involve a high degree of stealthiness has renewed the desire to better understand the timing of actions to audit, clean, or otherwise mitigate such attacks. However, to the best of our knowledge, the modern literature on games shares a common limitation: the assumption that the cost and effectiveness of the players’ actions are time-independent. In practice, however, the cost and success probability of attacks typically vary with time, and adversaries may only attack when an opportunity is present (e.g., when a vulnerability has been discovered). In this paper, we propose and study a model which captures dynamic environments. More specifically, we study the problem faced by a defender who has deployed a new service or resource, which must be protected against cyber-attacks. We assume that adversaries discover vulnerabilities according to a given vulnerability-discovery process which is modeled as an arbitrary function of time. Attackers and defenders know that each found vulnerability has a basic lifetime, i.e., the likelihood that a vulnerability is still exploitable at a later date is subject to the efforts by ethical hackers who may rediscover the vulnerability and render it useless for attackers. At the same time, the defender may invest in mitigation efforts to lower the impact of an exploited vulnerability. Attackers therefore face the dilemma to either exploit a vulnerability immediately, or wait for the defender to let its guard down. The latter choice leaves the risk to come away empty-handed. We develop two versions of our model, i.e., a continuous-time and a discrete-time model, and conduct an analytic and numeric analysis to take first steps towards actionable guidelines for sound security investments in dynamic contested environments.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings
EditorsM.H.R. Khouzani, Emmanouil Panaousis, George Theodorakopoulos
PublisherSpringer Verlag
Pages57-73
Number of pages17
ISBN (Print)9783319255934
DOIs
StatePublished - 2015
Event6th International Conference on Decision and Game Theory for Security, GameSec 2015 - London, United Kingdom
Duration: Nov 4 2015Nov 5 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9406
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other6th International Conference on Decision and Game Theory for Security, GameSec 2015
CountryUnited Kingdom
CityLondon
Period11/4/1511/5/15

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Games of timing for security in dynamic environments'. Together they form a unique fingerprint.

  • Cite this

    Johnson, B., Laszka, A., & Grossklags, J. (2015). Games of timing for security in dynamic environments. In M. H. R. Khouzani, E. Panaousis, & G. Theodorakopoulos (Eds.), Decision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings (pp. 57-73). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9406). Springer Verlag. https://doi.org/10.1007/978-3-319-25594-1_4