Computational and Behavioral Aspects of Network Security Games [43B-D30]
Ashish R. Hota, Shreyas Sundaram, Abe Clements, Saurabh Bagchi
In this work, we leverage the framework of game theory to understand the effects of decentralized decision-making on the robustness and security of large-scale networked systems. First, we consider a setting where each decision maker is responsible for defending multiple nodes in the network, and strategic attacker(s) launch multi-stage attacks that spread through the network. We show that the problem of computing the best response for a defender can be formulated as a convex optimization problem. We then illustrate the application of this framework in problems that arise in networked cyber-physical systems. In the second part of the work, we consider a setting where each node in the network is an independent decision maker who wants to protect itself, and the probability of attack on a node is a function of the security investment by the node and its immediate neighbors in the network. Accordingly, the security investment of a node depends on its position in the network and its perception of attack probability. We investigate the impact of certain empirically established behavioral biases, that affect how users perceive probabilities of risky outcomes, on the security investment decisions of the nodes. We further characterize the structures of networks that maximize and minimize the expected fraction of nodes that are successfully attacked at the Nash equilibrium of the game, respectively.