UC Santa Cruz
Non-zero-sum, Adversarial Detection Games in Network Security
- Author(s): Soper, Braden Cooper
- Advisor(s): Musacchio, John
- et al.
In this dissertation we propose two novel non-zero-sum, adversarial detection games motivated by problems in network security. First we consider a local mean field, interdependent detection game between a network of defenders and a strategic attacker. Each defender chooses a detection threshold to test for the presence of a botnet infection, which can propagate between defenders if undetected. In order to avoid detection, the attacker balances stealth and aggression in his strategic utilization of the compromised network. We compare selfish, decentralized defenders to centrally planned defenders in order to examine the effects of network externalities on detection strategies. It is found that for fixed attack strategies, decentralized defenders choose thresholds that are either too low or too high than is socially optimal. When the attacker is strategic and the defenders are homogeneous, we prove the existence of a pure Nash equilibrium in both decentralized and centralized games. Through numerical approximations of the equilibria, we find that decentralized defenders can outperform a central planner in such games. It is observed that pure Nash equilibria often fail to exist when defenders are heterogeneous in their cost functions. In this case sufficient conditions are given to guarantee a Stackelberg equilibria.
Next a two-player, non-zero-sum, sequential detection game based on Wald's SPRT is presented. A defender seeks to sequentially detect the presence of an attacker via the drift of a stochastic process. The detection process is complicated by the attacker's ability to strategically choose the drift of the observed stochastic process. We prove the existence of pure Nash equilibria and give sufficient conditions for the existence of Stackelberg equilibria with the defender as leader. It is shown that both low false positive costs and high prior probabilities of intrusion lead to an infinite number of Nash equilibria in which the defender makes no observations. Conversely both high false positive costs and low prior probabilities of intrusion lead to a finite number of non-trivial Nash equilibria. Through numerical examples we see that it is possible for the defender to do better using a Stackelberg equilibrium strategy than a Nash equilibrium strategy.