Game Theory for Security and Risk Management


Book Description

The chapters in this volume explore how various methods from game theory can be utilized to optimize security and risk-management strategies. Emphasizing the importance of connecting theory and practice, they detail the steps involved in selecting, adapting, and analyzing game-theoretic models in security engineering and provide case studies of successful implementations in different application domains. Practitioners who are not experts in game theory and are uncertain about incorporating it into their work will benefit from this resource, as well as researchers in applied mathematics and computer science interested in current developments and future directions. The first part of the book presents the theoretical basics, covering various different game-theoretic models related to and suitable for security engineering. The second part then shows how these models are adopted, implemented, and analyzed. Surveillance systems, interconnected networks, and power grids are among the different application areas discussed. Finally, in the third part, case studies from business and industry of successful applications of game-theoretic models are presented, and the range of applications discussed is expanded to include such areas as cloud computing, Internet of Things, and water utility networks.




Decision and Game Theory for Security


Book Description

This book constitutes the refereed proceedings of the 8th International Conference on Decision and Game Theory for Security, GameSec 2017, held in Vienna, Austria, in October 2017. The 24 revised full papers presented together with 4 short papers were carefully reviewed and selected from 71 submissions.The papers address topics such as Game theory and mechanism design for security and privacy; Pricing and economic incentives for building dependable and secure systems; Dynamic control, learning, and optimization and approximation techniques; Decision making and decision theory for cybersecurity and security requirements engineering; Socio-technological and behavioral approaches to security; Risk assessment and risk management; Security investment and cyber insurance; Security and privacy for the Internet-of-Things (IoT), cyber-physical systems, resilient control systems; New approaches for security and privacy in cloud computing and for critical infrastructure; Security and privacy of wireless and mobile communications, including user location privacy; Game theory for intrusion detection; and Empirical and experimental studies with game-theoretic or optimization analysis for security and privacy.




Network Security


Book Description

Covering attack detection, malware response, algorithm and mechanism design, privacy, and risk management, this comprehensive work applies unique quantitative models derived from decision, control, and game theories to understanding diverse network security problems. It provides the reader with a system-level theoretical understanding of network security, and is essential reading for researchers interested in a quantitative approach to key incentive and resource allocation issues in the field. It also provides practitioners with an analytical foundation that is useful for formalising decision-making processes in network security.




Game Theory and Machine Learning for Cyber Security


Book Description

GAME THEORY AND MACHINE LEARNING FOR CYBER SECURITY Move beyond the foundations of machine learning and game theory in cyber security to the latest research in this cutting-edge field In Game Theory and Machine Learning for Cyber Security, a team of expert security researchers delivers a collection of central research contributions from both machine learning and game theory applicable to cybersecurity. The distinguished editors have included resources that address open research questions in game theory and machine learning applied to cyber security systems and examine the strengths and limitations of current game theoretic models for cyber security. Readers will explore the vulnerabilities of traditional machine learning algorithms and how they can be mitigated in an adversarial machine learning approach. The book offers a comprehensive suite of solutions to a broad range of technical issues in applying game theory and machine learning to solve cyber security challenges. Beginning with an introduction to foundational concepts in game theory, machine learning, cyber security, and cyber deception, the editors provide readers with resources that discuss the latest in hypergames, behavioral game theory, adversarial machine learning, generative adversarial networks, and multi-agent reinforcement learning. Readers will also enjoy: A thorough introduction to game theory for cyber deception, including scalable algorithms for identifying stealthy attackers in a game theoretic framework, honeypot allocation over attack graphs, and behavioral games for cyber deception An exploration of game theory for cyber security, including actionable game-theoretic adversarial intervention detection against advanced persistent threats Practical discussions of adversarial machine learning for cyber security, including adversarial machine learning in 5G security and machine learning-driven fault injection in cyber-physical systems In-depth examinations of generative models for cyber security Perfect for researchers, students, and experts in the fields of computer science and engineering, Game Theory and Machine Learning for Cyber Security is also an indispensable resource for industry professionals, military personnel, researchers, faculty, and students with an interest in cyber security.




Department of Homeland Security Bioterrorism Risk Assessment


Book Description

The mission of Department of Homeland Security Bioterrorism Risk Assessment: A Call for Change, the book published in December 2008, is to independently and scientifically review the methodology that led to the 2006 Department of Homeland Security report, Bioterrorism Risk Assessment (BTRA) and provide a foundation for future updates. This book identifies a number of fundamental concerns with the BTRA of 2006, ranging from mathematical and statistical mistakes that have corrupted results, to unnecessarily complicated probability models and models with fidelity far exceeding existing data, to more basic questions about how terrorist behavior should be modeled. Rather than merely criticizing what was done in the BTRA of 2006, this new NRC book consults outside experts and collects a number of proposed alternatives that could improve DHS's ability to assess potential terrorist behavior as a key element of risk-informed decision making, and it explains these alternatives in the specific context of the BTRA and the bioterrorism threat.




Decision and Game Theory for Security


Book Description

This book constitutes the refereed proceedings of the 12th International Conference on Decision and Game Theory for Security, GameSec 2021,held in October 2021. Due to COVID-19 pandemic the conference was held virtually. The 20 full papers presented were carefully reviewed and selected from 37 submissions. The papers focus on Theoretical Foundations in Equilibrium Computation; Machine Learning and Game Theory; Ransomware; Cyber-Physical Systems Security; Innovations in Attacks and Defenses.




Decision and Game Theory for Security


Book Description

This book constitutes the refereed proceedings of the 11th International Conference on Decision and Game Theory for Security, GameSec 2020,held in College Park, MD, USA, in October 2020. Due to COVID-19 pandemic the conference was held virtually The 21 full papers presented together with 2 short papers were carefully reviewed and selected from 29 submissions. The papers focus on machine learning and security; cyber deception; cyber-physical systems security; security of network systems; theoretic foundations of security games; emerging topics.




Cyber-Security in Critical Infrastructures


Book Description

This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an advanced persistent threat. Security precautions must match these diverse threat patterns in an equally diverse manner; in response, this book provides a wealth of techniques for protection and mitigation. Much traditional security research has a narrow focus on specific attack scenarios or applications, and strives to make an attack “practically impossible.” A more recent approach to security views it as a scenario in which the cost of an attack exceeds the potential reward. This does not rule out the possibility of an attack but minimizes its likelihood to the least possible risk. The book follows this economic definition of security, offering a management scientific view that seeks a balance between security investments and their resulting benefits. It focuses on optimization of resources in light of threats such as terrorism and advanced persistent threats. Drawing on the authors’ experience and inspired by real case studies, the book provides a systematic approach to critical infrastructure security and resilience. Presenting a mixture of theoretical work and practical success stories, the book is chiefly intended for students and practitioners seeking an introduction to game- and decision-theoretic techniques for security. The required mathematical concepts are self-contained, rigorously introduced, and illustrated by case studies. The book also provides software tools that help guide readers in the practical use of the scientific models and computational frameworks.




Moving Target Defense


Book Description

Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats was developed by a group of leading researchers. It describes the fundamental challenges facing the research community and identifies new promising solution paths. Moving Target Defense which is motivated by the asymmetric costs borne by cyber defenders takes an advantage afforded to attackers and reverses it to advantage defenders. Moving Target Defense is enabled by technical trends in recent years, including virtualization and workload migration on commodity systems, widespread and redundant network connectivity, instruction set and address space layout randomization, just-in-time compilers, among other techniques. However, many challenging research problems remain to be solved, such as the security of virtualization infrastructures, secure and resilient techniques to move systems within a virtualized environment, automatic diversification techniques, automated ways to dynamically change and manage the configurations of systems and networks, quantification of security improvement, potential degradation and more. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats is designed for advanced -level students and researchers focused on computer science, and as a secondary text book or reference. Professionals working in this field will also find this book valuable.




Security and Game Theory


Book Description

Global threats of terrorism, drug-smuggling and other crimes have led to a significant increase in research on game theory for security. Game theory provides a sound mathematical approach to deploy limited security resources to maximize their effectiveness. A typical approach is to randomize security schedules to avoid predictability, with the randomization using artificial intelligence techniques to take into account the importance of different targets and potential adversary reactions. This book distills the forefront of this research to provide the first and only study of long-term deployed applications of game theory for security for key organizations such as the Los Angeles International Airport police and the US Federal Air Marshals Service. The author and his research group draw from their extensive experience working with security officials to intelligently allocate limited security resources to protect targets, outlining the applications of these algorithms in research and the real world.