DEFENDER-ATTACKER MODELS FOR RESOURCE ALLOCATION IN INFORMATION SECURITY

. Today, information security in defender-attacker game models is getting more attention from the research community. A game-theoretic approach applied in resource allocation study requires security in information for successive defensive strategy against attackers. For the defensive side players, allocating resources effectively and appropriately is essential to maintain the winning position against the attacking side. It can be possible by making the best response to the attack, i.e., by defining the most effective secure defensive strategy. This present work develops one defender – two attackers game model to determine the defensive strategy based on the Nash equilibrium and Stackelberg leadership equilibrium solutions of one defender-one attacker game model. Both game models are designed and studied in two scenarios: simultaneous and sequential modes. Game modes are defined according to the information that is available for attackers. In the first one,


Introduction
Today, advancements in information technology brings new areas to research, and one of them is security in information. The problem in this area of game-theoretic applications in complex social networks is preventing damages and minimizing losses for defensive and attacking sides in resource allocation [8]. It might become more challenging when the defenders face different types of attackers with unpredictable strategies, and it is essential to be able to make an optimal decision considering all the constraints.
Developing the defense strategy against multiple attackers by constructing suitable game models is our main objective. In this work, we propose two models: one defender-two attackers and one defender-multiple attackers. We study the defender's behavior when there are two attackers by considering the same network value of all customers in the market. Then, we increase the number of attackers and find the best strategy for the defender to maintain its allocated resources. The study is conducted in two scenarios: when the incumbent (defender) acts simultaneously and when the incumbent predicts the attackers' attack. We believe that this study will help further studies aiming at the advancement of such models for multiple attackers. This study can help define an efficient and profitable strategy to allocate more resources in a market. The developed and proposed models can be applied in voter models, product promoting, cybersecurity as real time examples.

Preliminaries on Game Theory
Game Theory is a mathematical approach applied in many fields to study strategic and communication interactions between agents. In this thesis work, the following concepts of Game Theory were applied.

Cooperative Games
In cooperative games, decision-makers will cooperate when they agree together. Its outcome is expected to be better than the Nash or Stackelberg equilibriums. These cooperative games can be applied in this research to analyze the interaction between players in both groups of attackers and defenders.

Non-cooperative Games
In the method, players act independently, which resembles a competition between the participants. The most popular solutions of the non-cooperative games are Nash and Stackelberg leadership. In this study, the non-cooperative is used in modeling both one defender-two attackers and one defender-multiple attackers' games.

Nash Equilibrium
Each player in a game knows the strategies of the other players. The solution is chosen as the best response among strategies. This equilibrium will be used for all models for the case study to analyze players' simultaneous behavior when the defender does not know about the entrance of the attackers.

Stackelberg Equilibrium
This method allows the firm to dominate in the market to set its price first and subsequently, and the follower firms optimize their production and price. In our case, the leader is the defender who dominates the market, and the followers are the attackers who want to enter the market. This method will be used to analyze the sequential behavior of players.

Related Works
The most important study in defender-attacker game modeling is Friedman [3]. This study describes five mathematical models on advertising allocation when the marketing campaign knows the contest success function. Besides this basic knowledge, we consider the roles of risk preferences [18], players [4], budget constraints [12], contest success function [14], which are essential in multiple defender-multiple attacker game models. Different strategies exist in a multi defender -attacker games. One of them aims to defend electric power systems against attacks [14]. This study proposes a defender-attacker-defender (DAD) model that considers the interactions between an attacker and a power system operator. Similarly, optimization for a microgrid defense resource planning and allocation against multi-period attacks is investigated using the defender-attacker-defender model [6]. Data injection attacks on smart grids with multiple adversaries are studied in [10]. An attack-defense game with a single attacker and multiple defenders is proposed in [1]. This proposed approach defends the system using a cooperative distributed strategy against the attacker. However, the study cannot guarantee that the attacker's budget can be higher than the defensive side's budget. The dynamic model for the defenders to mitigate the risk of power outages when a power grid is under attack is proposed in the study [20]. The dynamic model is formulated as a mixedinteger linear programming model and the game tree of a subgame perfect Nash equilibrium.
Moreover, defender-attacker models can be applied to a cloud control system (CCS). The interactions of defender and attackers in a cloud system can be modeled using a Stackelberg equilibrium in [16]. In this study, the defender needs to allocate its resources to different units serving different plants. Then, the attacker decides which units to allocate their resources to.
Hence, this proposed model may define the profitable strategy only for attackers [10]. Such a game-theoretic approach can be used for robust, and privacy-preserving resource allocation in cloud computing [19]. Stackelberg game-based defense analysis against advanced persistent threats on cloud control system is studied in [16]. To defend the cloud system from APT launched by an attacker to reduce the quality of cloud service and deteriorate the system performance further, a defender needs to allocate defense resources to different units serving different plants to improve the overall system performance.
In addition, game-theoretic analysis is performed to study multiple attackers in wireless sensor networks [22], to define defense strategy using dynamic information flow tracking [9], to determine locations defense and attack dynamic Bayesian decision game [2], to defend only a single object considering time [21], to develop multiple-input multipleoutput systems against smart attackers [7], to implement a memory-based multi-objective evolutionary algorithm to generate action strategies [11], to solve the multi targets case in security games [17], to model strategies for the defensive government against the terroristic attacking side [22].

One Defender -One Attacker Basic Model
The basic model was proposed by Masucci and Silva to analyze competing market campaigns between an incumbent and a challenger [8]. An incumbent is the firm that dominates the market, and a challenger enters the market. In our work, we consider these players as a defender and an attacker, respectively. As mentioned in the first chapter, one defender-one attacker model is designed by considering an intrinsic value and a network value of customers to allocate to market to the potential players. The authors performed the study in two scenarios: 1) the incumbent makes a simultaneous decision of how many resources to allocate to the customers, and 2) the incumbent knows about the challenger's attack and commits with a better strategy. The mathematical modeling of this model is given in [8].
We develop this concept by increasing the number of attackers and optimizing the defensive strategy against the attackers. Firstly, we introduce the model with two attackers, and then we present one defender-multiple attackers' model. The next section demonstrates game formulation for two and multiple attackers, the main notation, and assumptions.

Game Formulation
A one defender-multiple attackers game model is constructed on the basis of a one defender-two attackers' model. Therefore, it is essential to build a mathematical model for two attackers entering a market. We consider three main players: an incumbent (defender) and two challengers (two attackers). We consider that their budgets are positive as D ≥ 0, A 1 ≥ 0, and A 2 ≥ 0. Here, we can formulate the main conditions as in Table 1. These conditions were chosen to depict and study the profit-customer relationship. The concept of resource allocation attacker-defender game models is illustrated in Fig. 1. Initially, there are n customers as seen in Fig. 1. Here, if n is 2, the game is modeled for two attackers. When the game starts, both defensive and attacking players start to allocate their resources and gather customers. Fig. 1 demonstrates the two formulated groups of customers in blue and red colors as the defender's and attacker's customers, respectively. The contest success function (CSF) is in terms of the allocated x i,j which is the win on the customer j by the player i. The CSF includes xi,j which is lost on the customer j by the opponent player -i. Similar to [8], the same assumption is made: CSF is proportional to the share of total advertising expenditure on customer. It is important to note that the same network value is assumed in the present work. Thus, considering different network values of customers and the probability that a random walk of length t that starts at j and ends up in j'. Therefore, by taking into account the same observation in [8], the following proposition related on the expected payoff for players is obtained. The next section explains the mathematical model of the game with two attackers. where is the network value of customer j' at time t. Here, and represent the opponents of player i.
From the perspectives of the player i, there are the strategies and ; therefore, the next step is to define the best response function to allocate the resources, which is done in the next proposition.
Proposition 2. The best response function for player i is given as: We can derive three best response equations for players D, A 1 and A 2 as follows: (1) (3)

Scenario-1: Nash Equilibrium
Nash equilibrium is the game strategy in which players choose the best response knowing other players' strategies [8]. Assuming the valuations of players are proportional to each other, the nest proposition can be formulated.
Proposition 3. If for then the Nash Equilibrium will be: where the network value , and is a total budget. Proof. We considered Model I in the study by about time dependent Nash equilibrium results [15], and proof is available.
In this case, the problem is to zero-sum game for three players, where each player tries to optimize the payoff function mentioned in Proposition 1. A scaling factor between the valuations of the players does not change their equilibrium strategies Proposition 4. Assuming that and for and if there exist such that , then It is important to note that the valuations previously assumed to be proportional among three players cannot be applied every time. In real time, the valuation of the defender can be different (non-proportional) from the attacking players. In the next proposition we can see different strategies by the players.
Even in the case of two communities within the social network, where the valuations for the attacker are the same and the valuations for the defender are different for each community, the players have very different strategies than the previously considered.
Proof can be found in following equations. From (2) and (3), we can have where (6) do not depend on j. By rearranging (4) and (5), we can obtain where (10) also do not depend on j. Replacing (8) and (9) into (4) and (5), respectively, And summing the above two equations (12) and (13), From (14), we can obtain (15) Assuming that such that , then From (8) and (9), and by considering (16), we obtain: It is important to note that the valuations previously assumed to be proportional among three players cannot be applied every time. In real time, the valuation of the defender can be different (non-proportional) from the attacking players. In the next proposition, we can see different strategies by the players.
Even in the case of two communities within the social network, where the valuations for the attacker are the same and the valuations for the defender are different for each community, the players have very different strategies than the previously considered.

Conclusion
In this work, one defender-two attackers' model was studied. Not only the intrinsic value of customers was included in mathematical modeling, but also network value was considered. The importance of the profit-customer relationship is highlighted; thus, the customer-oriented defensive strategy is identified. The present game models were analyzed for two cases: a) the defender does not know about the entrance of the attackers into a market, and b) the defender does know about the entrance of the attackers into a market. The simulation of the game model is completed for both cases considering budget constraints.
Several promising research directions can be further investigated in the future study of the dependency of the defender's decision on each attacker who wants to enter the market. We plan to consider following aspects of this study: Stackelberg equilibrium. Along with budget constraints, the time constraint also has to be studied. In this thesis work, it is assumed that all players start the game at the same time. However, there might be cases when some attackers will decide to join the game after s time.
Multiple attackers. Since the cooperative game models are expected to give better output, it is essential to investigate the possibility of the interaction of the attackers. Grouping of attackers can be also studied.
Cybersecuirty principles. We need to apply the basics of securing practices to ensure the resource allocation to be efficient and optimal. In formation security is important in defining defensive strategy.