08-10-2014, 01:56 PM
Game Theory for Network Security
Game Theory.docx (Size: 29.94 KB / Downloads: 33)
Abstract-
As networks become ubiquitous in people’s lives, users depend on networks a lot for sufficient communication and convenient information access. However, networks suffer from security issues. Network security becomes a challenging topic since numerous new network attacks have appeared increasingly sophisticated and caused vast loss to network resources. Game theoretic approaches have been introduced as a useful tool to handle those tricky network attacks. In this paper, we review the existing game-theory based solutions for network security problems, classifying their application scenarios under two categories, attack-defence analysis and security measurement. Moreover, we present a brief view of the game models in those solutions and summarize them into two categories, cooperative game models and non-cooperative game models with the latter category consisting of subcategories. In addition to the introduction to the state of the art, we discuss the limitations of those game theoretic approaches and propose future research directions.
I. INTRODUCTION
Peoople benefit greatly from the applications of network technologies, but they also encounter challenges of network security. Networks provide users with a convenient way to access information and a sufficient communication channel to communicate. Unfortunately, networks have many security issues including: Internet attacks, cybercrimes, flooding Denial of Service (DoS) attacks, illegal data access, data stealth, etc. Network attacks can cause public institutions or private entities to lose money, important data, or their reputations. Reports of new hackers, cybercrimes, and cyberspace incidents indicate that network security is a challenging topic.
The traditional solutions to network security have shortcomings. These solutions are implemented either by employing a preventive device, such as a firewall, or a reactive device, such as an anti-virus program, or by using them together; however, these types of solutions are no longer sufficient. Intrusion Detection Systems (IDSs), which are reactive devices, have become a necessary addition to every organization’s security due to increasingly severe types of attacks in recent years. An IDS is a software or hardware system that is used to monitor events occurring in a network or computer system an IDS is also used to analyse these events in order to determine whether an attack has occurred using such methods as attack signature identification, pattern detection, and statistical analysis. Once an attack is detected, adesign tools to handle sophisticated, organized attackers.
Game theoretic approaches have been proposed by many researchers to improve network security. On the one hand, the weakness of traditional solutions to network security is their lack of a quantitative decision framework. Game theory addresses problems in which multiple players with contradictory incentives or goals compete with each other; it can provide a mathematical frame for analysing and modelling security problems regarding networks.
On the other hand, security measurement is an important aspect of network security; it is an evaluation of confidentiality, integrity, availability, vulnerability, and security risks. Network security measurement is a large category that includes the measurement of every aspect of network security. Risk assessment is one of these measures. Network security measurements involve the interactions of attackers and defenders, and the result of a measurement can be affected by their interactions. For example, one of the metrics in risk assessment for a network system is the probability of it being attacked. There is a need to predict the actions of both the defenders and the attackers. Since the interaction process between attackers and defenders is a game process, game theory can be applied in every possible scenario to predict the actions of the attackers and then to determine the decisions of the defenders. Therefore, game theory-based solutions have been proposed for network security problems.
This paper presents a survey of game theoretic solutions that have been applied to improve network security. Classification of these solutions is provided in terms of the application scenarios and modelling methods of games. The purposes of this paper are to compare different game theory solutions, to discuss their limitations, and to propose new directions for research on network security problems.
CLASSIFICATION OF GAME MODELING
All game theoretic approaches applied in network security require attack-defence; the interactions between attackers and defenders may be modelled as games which may then be described and solved using game theory. The previous sections have shown this fact. As follows, the classification of the game models for modelling attack-defence interactions is presented. These models may be placed into two classes, cooperative game models and non-cooperative game models, with non-cooperative game models including two subclasses, static games and dynamic games. Moreover, within static game subclass and dynamic game subclass, game model can be further grouped in terms of whether they are of complete information and whether they are of perfect information. The approaches also require the solutions of the game for predicting the actions of attackers and for determining defence strategies
FUTURE RESEARCH DIRECTIONS
We have discussed the shortcomings of the current game theoretic approaches in network security. Possible future research directions for network security include:
1) As we review above, there are only a couple models addressing three or more players’ interaction with a focus on including multiple defenders. Therefore, building game models involving three or more players for more network security application scenarios and addressing application problems in which multiple attackers can launch attacks in a non-competitive way is one of the future research directions. Consider as an example of those application scenarios the jamming attack problem in wireless networks where two or more of the neighbours of a defending node try to jam the network without cooperating.
2) Improving the existing stochastic game models by including an infinite state assumption to make the model more realistic and then solving the game. Note that the existing solutions to the stochastic game models are valid only when the state is finite.
3) Studying the construction of payoff functions on network security game models for network security and determining a guideline or set of standards for constructing payoff functions. The payoff functions in the existing security game models seem to rely on ad hoc schemes. However, predicting the strategy of the attackers and determining the best response strategy for the defenders depends on the payoff function. Improper payoff functions in a game model can reduce the effectiveness of the prediction of the attack-defence strategies.
VI. CONCLUSION
This paper provides a survey and classifications of existing game theoretic approaches to network security. In spite of their limitations, game theoretic approaches have shown that they are both powerful tools for solving network security problems and that new game theoretic approaches should be a pool of research directions on network security. Our terminology on the classification of existing game theoretic approach should be subject to changes due to the fact that new game theoretic approaches always become available. From this review, readers might have gained better understanding on the existing game theoretic approaches, and some insights on the further research directions on network security issues.