The Evolution from Physical Protection to Cyber Defense
DOI:
https://doi.org/10.15680/IJCTECE.2022.0505003Keywords:
Cyber Defense Evolution, Physical Security, Security Games, Stackelberg Game Theory, Adversarial Modeling, Uncertainty in Cybersecurity, Resource OptimizationAbstract
Security is a critical concern around the world. In many areas, from cybersecurity to sustainability, limited security resources always prevent complete security coverage. Instead, these limited resources must be scheduled (or distributed or deployed), while simultaneously considering the importance of different targets, the responses of the adversaries to the security posture, and the potential uncertainties in adversary payoffs and observations, etc. Computational game theory can help generate such security schedules. Indeed, casting the problem as a Stackelberg game, we have developed new algorithms that are now deployed over multiple years in multiple applications for scheduling of security resources. These applications are leading to real-world use-inspired research in the emerging research area of “security games.” The research challenges posed by these applications include scaling up security games to real-world-sized problems, handling multiple types of uncertainty, and dealing with bounded rationality of human adversaries. In cybersecurity domain, the interaction between the defender and adversary is quite complicated with high degree of incomplete information and uncertainty. While solutions have been proposed for parts of the problem space in cybersecurity, the need of the hour is a comprehensive understanding of the whole space including the interaction with the adversary. We highlight the innovations in security games that could be used to tackle the game problem in cybersecurity.
References
1. Anek, O., Yin, Z., Jain, M., et al. (2012). Game-theoretic resource allocation for malicious packet detection in computer networks. In Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems (AAMAS). Richland, SC: IFAAMAS.
2. Durkota, K., Lisy, V., Kiekintveld, C., et al. (2015). Game-theoretic algorithms for best network security hardening using attack graphs. In Proceedings of the International Conference on Autonomous Agents and Multiagent Systems (AAMAS ’15). Richland, SC: IFAAMAS.
3. Blocki, J., Christin, N., Datta, A., et al. (2013). Audit games. In Proceedings of the 23rd International Joint Conference on Artificial Intelligence (IJCAI).
4. Blocki, J., Christin, N., Datta, A., et al. (2015). Audit games with multiple defender resources. In AAAI Conference on Artificial Intelligence (AAAI). Palo Alto, CA: AAAI Press.
5. von Stackelberg, H. (1934). Marktform und Gleichgewicht. Vienna: Springer.
6. Kiekintveld, C., Jain, M., Tsai, J., et al. (2009). Computing optimal randomized resource allocations for massive security games. In Proceedings of the 8th International Conference on Autonomous Agents and Multiagent Systems (AAMAS), 689–696. Richland, SC: IFAAMAS.
7. Leitmann, G. (1978). On generalized Stackelberg strategies. Journal of Optimization Theory and Applications, 26, 637–643.
8. Navandar, Pavan. "Enhancing Cybersecurity in Airline Operations through ERP Integration: A Comprehensive Approach." Journal of Scientific and Engineering Research 5, no. 4 (2018): 457-462.
9. Navandar, Pavan. " Enhancing Governance, Risk, and Compliance (GRC)" Journal of Scientific and Engineering Research 7, no. 3 (2020):250-256.
10. Navandar, Pavan. " Enhancing Security with Two-Factor Authentication in SAP Fiori Applications" Journal of Scientific and Engineering Research 5, no. 10 (2018):329-33.
11. Navandar, Pavan. " Segregation of Duties (SoD) Risks in SAP Security: Mitigation Strategies and Best Practices" Journal of Scientific and Engineering Research 6, no. 9 (2019):206-206.
12. Navandar, Pavan. " Unveiling the Power of Data Masking: Safeguarding Sensitive Information in the Digital Age" International Journal of Core Engineering & Management 5, no.6 (2019): 27-32.
13. Navandar, P. (2021). "Developing Advanced Fraud Prevention Techniques using Data Analytics and ERP Systems" Int J Sci Res, 10(5), 1326-1329.
14. Breton, M., Alg, A., & Haurie, A. (1988). Sequential Stackelberg equilibria in two-person games. Journal of Optimization Theory and Applications, 59, 71–97.
15. Conitzer, V., & Sandholm, T. (2006). Computing the optimal strategy to commit to. In Proceedings of the ACM Conference on Electronic Commerce (ACM-EC), 82–90.
16. Navandar, Pavan. " SAP Security is key for Business Success for ERP system" Journal of Scientific and Engineering Research 5, no. 6 (2018):398-400.
17. Navandar, P. (2021). Fortifying cybersecurity in Healthcare ERP systems: unveiling challenges, proposing solutions, and envisioning future perspectives. Int J Sci Res, 10(5), 1322-1325.
18. P. Navandar, "Optimizing SAP roles for efficient enterprise resource planning," Int. J. Sci. Res. (IJSR), vol. 9, no. 1, pp. 1932–1934, Jan. 2020, doi: 10.21275/SR24529194621.
19. P. Navandar, " Mitigating Financial Fraud in Retail through ERP System Controls” Int. J. Sci. Res. (IJSR), vol. 9, no. 4, pp. 1823–1827
20. Paruchuri, P., Pearce, J. P., Marecki, J., et al. (2008). Playing games with security: An efficient exact algorithm for Bayesian Stackelberg games. In Proceedings of the 7th International Conference on Autonomous Agents and Multiagent Systems (AAMAS), 895–902. Richland, SC: IFAAMAS.
