Abstract
In this paper we propose and discuss a game-theoretic framework for (a) evaluating security vulnerability, (b) quantifying the corresponding Pareto optimal vulnerability/cost tradeoff, and (c) identifying the optimal operating point on this Pareto optimal frontier. We discuss our framework in the context of a flow-level model of Supply-Demand (S-D) network where we assume a sophisticated attacker attempting to disrupt the network flow. The vulnerability metric is determined by the Nash equilibrium payoff of the corresponding game. The vulnerability/cost tradeoff is derived by assuming that “the network” can reduce the security vulnerability at the cost of using more expensive flows and the optimal operating point is determined by “the network” preferences with respect to vulnerability and cost. We illustrate the proposed framework on examples through numerical investigations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M.J.G., Levi, M., Moore, T., Savage, S.: Measuring the Cost of Cybercrime. In: 11th Workshop on the Economics of Information Security (June 2012)
Fulkerson, D.R., Weinberger, D.B.: Blocking Pairs of Polyhedra Arising from Network Flows. Journal of Combinatorial Theory, Series B 18(3), 265–283 (1975)
Gambit. Game theory analysis software and tools @ONLINE (2002), http://www.gambit-project.org/doc/index.html
Gordon, L.A., Loeb, M.P.: The Economics of Information Security Investment. ACM Trans. Inf. Syst. Secur. 5(4), 438–457 (2002)
Gueye, A.: A Game Theoretical Approach to Communication Security. PhD dissertation, University of California, Berkeley, Electrical Engineering and Computer Sciences (March 2011)
Gueye, A., Lazska, A., Walrand, J., Anantharam, V.: A Polyhedral-Based Analysis of Nash Equilibrium of Quasi-Zero-Sum Games and its Applications to Communication Network Security. Symmetry – Special Issue: Polyhedra (submitted)
Gueye, A., Marbukh, V., Walrand, J.C.: Towards a Quantification of Communication Network Vulnerability to Attacks: A Game Theoretic Approach. In: 3rd International ICST Conference on Game Theory for Networks, Vancouver, Canada (May 2012)
Gueye, A., Walrand, J.C., Anantharam, V.: Design of Network Topology in an Adversarial Environment. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 1–20. Springer, Heidelberg (2010)
Laszka, A., Szeszlér, D., Buttyán, L.: Game-theoretic Robustness of Many-to-one Networks. In: 3rd International ICST Conference on Game Theory for Networks, Vancouver, Canada (May 2012)
Mcneil, E.J.: Extreme Value Theory for Risk Managers, pp. 93–113. RISK Books (1999)
Mell, P., Scarfone, K., Romanosky, S.: A Complete Guide to the Common Vulnerability Scoring System. In: NIST CVSS. National Institute of Standards and Technology (June 2007)
Tiwari, R.K., Karlapalem, K.: Cost Tradeoffs for Information Security Assurance. In: 4th Annual Workshop on the Economics of Information Security, WEIS, June 1-3. Harvard University, Cambridge (2005)
Wolsey, L.A., Nemhauser, G.L.: Integer and Combinatorial Optimization. Wiley-Interscience (November 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gueye, A., Marbukh, V. (2012). A Game-Theoretic Framework for Network Security Vulnerability Assessment and Mitigation. In: Grossklags, J., Walrand, J. (eds) Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science, vol 7638. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34266-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-34266-0_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34265-3
Online ISBN: 978-3-642-34266-0
eBook Packages: Computer ScienceComputer Science (R0)