Related papers: Picking vs. Guessing Secrets: A Game-Theoretic Ana…
In this work, we provide a structural characterization of the possible Nash equilibria in the well-studied class of security games with additive utility. Our analysis yields a classification of possible equilibria into seven types and we…
In the contemporary digital landscape, cybersecurity has become a critical issue due to the increasing frequency and sophistication of cyber attacks. This study utilizes a non-zero-sum game theoretical framework to model the strategic…
Similar to a strategic interaction between rational and intelligent agents, cryptography problems can be examined through the prism of game theory. In this setting, the agent aiming to protect a message is called the defender, while the one…
We consider an abstraction of computational security in password protected systems where a user draws a secret string of given length with i.i.d. characters from a finite alphabet, and an adversary would like to identify the secret string…
In many cases the Nash equilibria are not predictive of the experimental players' behaviour. For some games of Game Theory it is proposed here a method to estimate the probabilities with which the different options will be actually chosen…
Currently the Dempster-Shafer based algorithm and Uniform Random Probability based algorithm are the preferred method of resolving security games, in which defenders are able to identify attackers and only strategy remained ambiguous.…
We consider a game in which a strategic defender classifies an intruder as spy or spammer. The classification is based on the number of file server and mail server attacks observed during a fixed window. The spammer naively attacks (with a…
We consider the problem of a game theorist analyzing a game that uses cryptographic protocols. Ideally, a theorist abstracts protocols as ideal, implementation-independent primitives, letting conclusions in the "ideal world" carry over to…
Transparency and security are both central to Responsible AI, but they may conflict in adversarial settings. We investigate the strategic effect of transparency for agents through the lens of transferable adversarial example attacks. In…
The standard game-theoretic solution concept, Nash equilibrium, assumes that all players behave rationally. If we follow a Nash equilibrium and opponents are irrational (or follow strategies from a different Nash equilibrium), then we may…
We consider a class of interdependent security games on networks where each node chooses a personal level of security investment. The attack probability experienced by a node is a function of her own investment and the investment by her…
Attack detection is usually approached as a classification problem. However, standard classification tools often perform poorly because an adaptive attacker can shape his attacks in response to the algorithm. This has led to the recent…
An adversary who has obtained the cryptographic hash of a user's password can mount an offline attack to crack the password by comparing this hash value with the cryptographic hashes of likely password guesses. This offline attacker is…
Nash equilibrium is a key concept in game theory fundamental for elucidating the equilibrium state of strategic interactions, finding applications in diverse fields such as economics, political science, and biology. However, the Nash…
We consider a game-theoretic setting to model the interplay between attacker and defender in the context of information flow, and to reason about their optimal strategies. In contrast with standard game theory, in our games the utility of a…
The Stackelberg security game is played between a defender and an attacker, where the defender needs to allocate a limited amount of resources to multiple targets in order to minimize the loss due to adversarial attack by the attacker.…
Anticipating the strategies of potential attackers is crucial for protecting critical infrastructure. We can represent the challenge of the defenders of such infrastructure as a Stackelberg security game. The defender must decide how to…
We consider a security game in a setting consisting of two players (an attacker and a defender), each with a given budget to allocate towards attack and defense, respectively, of a set of nodes. Each node has a certain value to the attacker…
Selecting the combination of security controls that will most effectively protect a system's assets is a difficult task. If the wrong controls are selected, the system may be left vulnerable to cyber-attacks that can impact the…
Malware attacks are costly. To mitigate against such attacks, organizations deploy malware detection tools that help them detect and eventually resolve those threats. While running only the best available tool does not provide enough…