Tag Archives: game theory

Security Defense against Long-term and Stealthy Cyberattacks (CIST 2017, WITS 2017, KrAIS 2017)

Kookyoung Han, Choi, Jin Hyuk, Yun-Sik Choi, Gene Moo Lee, Andrew B. Whinston (2021) “Security Defense against Long-term and Stealthy Cyberattacks”. Under Review.

  • Latest version: May 2021
  • Funded by NSF (Award #1718600) and UNIST
  • Best Paper Award at KrAIS 2017
  • Presented at UT Austin (2017), UNIST (2017), INFORMS (Houston, TX 2017), CIST (Houston, TX 2017), WITS (Seoul, Korea 2017), and KrAIS (Seoul, Korea 2017)
  • Previous titles:
    • Misinformation and Optimal Time to Detect
    • Optimal Stopping and Strategic Espionage
    • To Disconnect or Not: A Cybersecurity Game

Modern cyberattacks such as advanced persistent threats have become sophisticated. Hackers can stay undetected for an extended time and defenders do not have sufficient countermeasures to prevent these advanced cyberattacks. Reflecting on this phenomenon, we propose a game-theoretic model in which a hacker launches stealthy cyberattacks for a long time and a defender’s actions are to monitor the activities and to disable a suspicious user. Focusing on cases in which the players sufficiently care about future payoffs, we find that if the defender does not immediately ban a suspicious user, damages caused by the hacker can be enormous. Therefore, the defender bans every suspicious user in equilibrium to avoid huge losses, resulting in the worst payoffs for both players. These results explain the emerging sophisticated cyberattacks with detrimental consequences. Our model also predicts that the hacker may opt to be non-strategic. This is because non-strategic cyberattacks are less threatening and the defender decides not to immediately block a suspicious user to reduce false detection, in which case both players become better off.

Improving the Interaction between Overlay Routing and Traffic Engineering (Networking 2008)

Lee, G. M., and Choi, T. (2008). Improving the Interaction between Overlay Routing and Traffic Engineering, In Proceedings of IFIP Networking Conference (Networking 2008), Singapore.

  • Networking is a premier conference in the networking area (h5-index: 23)

Overlay routing has been successful as an incremental method to improve Internet routing by allowing its own users to select their logical routing. In the meantime, traffic engineering (TE) is being used to reduce the whole network cost by adapting physical routing in response to varying traffic patterns. Previous studies [1,2] have shown that the interaction of the two network components can cause huge network cost increases and oscillations. In this paper, we improve the interaction between overlay routing and TE by modifying the objectives of both parties. For the overlay part, we propose TE-awareness which limits the selfishness by some bounds so that the action of overlay does not offensively affect TE’s optimization process. Then, we suggest COPE [3] as a strong candidate that achieves close-to-optimal performance for predicted traffic matrices and that handles unpredictable overlay traffic efficiently. With extensive simulation results, we show the proposed methods can significantly improve the interaction with lower network cost and smaller oscillation problems.

Designing an Incentive-Based Framework for Overlay Routing (Technical Report 2007)

Lee, G. M., Choi, T., and Zhang, Y. (2007). Designing an Incentive-Based Framework for Overlay Routing. UTCS Technical Report, January 2007.

Overlay routing becomes popular as an incremental mechanism to improve internet routing. So far, overlay nodes are always assumed to cooperate with each other. In this paper, we analyze overlay routing in a new viewpoint, in which the overlay nodes act independently to maximize their own payoff. We use a game-theoretic approach to analyze the transit traffic forwarding and realize that overlay nodes are not likely to cooperate with each other in our new scenario.

In order to stimulate the independent overlay nodes to cooperate with each other, we design and propose an incentive-based framework. We introduce three possible systems and evaluate them analytically. Among the candidates, we use simulation to verify the feasibility of our proposed framework generalized punish-and-reward system. The performance gets closer to social optimum as we increase the number of punishments. In addition, the system shows tolerance against impatient players.