Network or Internet security is constantly a matter of discussion and concern for security professionals for many years as the number of insecure and vulnerable IoT devices, mobile devices, has increased exponentially. Apart from this, the global pandemic due to COVID-19 has also drastically increased the frequency of cyberattacks. Due to COVID-19, companies have massively unsecured data and poor cyber security practices in place that make them more susceptible to cyber-attacks. Moreover, traditional security mechanisms lack a quantitative decision-making module rendering them inefficient towards a wide range of cyber-attacks. Apart from this, risk assessment is also a key aspect towards making an organization completely protected from data breaches. The risk assessment process tends to identify the probability that an organization is being attacked. In order to find this, there is a need to predict actions of attackers and defenders . All these shortcomings can be addressed by game theory-based solutions very well.
Game theory is a sub-branch of applied mathematics that has been used in situations where the decisions of every participating player are interdependent. This interdependence causes every user to take into account the strategy of another user when making his own decision . In game theory, the following terms have been described to depict a situation:
- Players: Players are the entities that participate in the game. These entities can be organization or people.
- Actions: During each step/move, every entity takes an action. This action is taken according to some strategy which he chose from his strategy space.
- Payoff: It is the outcome of the game that completely based on the actions of all participating users. Payoff can be positive or negative for the participating users.
- Strategy: A plan of action of a user is known as strategy. A strategy is known as optimal when a player gains maximum payoff in a game.
Nash Equilibrium is the state of the game where the utility of one player cannot be increased without decreasing the utility of the other player. In other words, the Nash equilibrium is the optimal solution of a game when every player plays with his best strategy. In cyber-security, game theory has been utilized to analyze any cyber incident where attackers, defenders, and users interact to generate an outcome. In a cyber security game, there are three affected entities namely attackers, defenders, and legitimate users. Every party has their own motivations and reasons to succeed in the game. In the cyber-security framework, deception or manipulation can be utilized to deceive automated hacking units and human attackers. This tactic has the potential to alter the player’s strategies and sometimes even the game [3, 4].
Although with the help of game theory solutions, the defender can have better and deeper insights about the attacker’s strategies and potential attack risks, still it faces many challenges that have been discussed as follows.
- In these solutions, participating players do not have complete information about other user’s strategy and payoffs. Therefore, modelling a decision framework on incomplete information is questionable.
- Much more study is needed in the areas of information constraints, learning factors, and characterizing security parameters, in order to better capture each security decision maker’s understanding of the security games in which he participates.
- These solutions do not consider computational complexity while modelling actions of the participating users.
- Game theory-based network security mechanisms lack scalability. In literature too, most of the security games have been modelled as two player games even if we have multiple users in the network. Whole attacker community is considered as one entity.
- Alpcan, T., & Başar, T. (2010). Network security: A decision and game-theoretic approach. Cambridge University Press.
- Liang, X., & Xiao, Y. (2012). Game theory for network security. IEEE Communications Surveys & Tutorials, 15(1), 472-486.
- Manshaei, M. H., Zhu, Q., Alpcan, T., Bacşar, T., & Hubaux, J. P. (2013). Game theory meets network security and privacy. ACM Computing Surveys (CSUR), 45(3), 1-39.
- Hassija, V., Chamola, V., Han, G., Rodrigues, J. J., & Guizani, M. (2020). Dagiov: A framework for vehicle to vehicle communication using directed acyclic graph and game theory. IEEE Transactions on Vehicular Technology, 69(4), 4182-4191.
Cite this article as:
Amrita (2021), Game Theory for Cyber Security during COVID-19 Pandemic: A Holistic Approach, Insights2Techinfo, pp.1
- Top 50 Cyber Security Tools for IT and Business Professionals in 2022
- Computer Security
- XSS Research Directions
- XSS Prevention Measures