Research Article
A Network Security Classification Game
@INPROCEEDINGS{10.1007/978-3-642-30373-9_19, author={Ning Bao and O. Kreidl and John Musacchio}, title={A Network Security Classification Game}, proceedings={Game Theory for Networks. 2nd International ICST Conference, GAMENETS 2011, Shanghai, China, April 16-18, 2011, Revised Selected Papers}, proceedings_a={GAMENETS}, year={2012}, month={10}, keywords={network security classification game sequential detection}, doi={10.1007/978-3-642-30373-9_19} }- Ning Bao
O. Kreidl
John Musacchio
Year: 2012
A Network Security Classification Game
GAMENETS
Springer
DOI: 10.1007/978-3-642-30373-9_19
Abstract
We consider a network security classification game in which a strategic defender decides whether an attacker is a strategic spy or a naive spammer based on an observed sequence of attacks on file- or mail-servers. The spammer’s goal is attacking the mail-server, while the spy’s goal is attacking the file-server as much as possible before detection. The defender observes for a length of time that trades-off the potential damage inflicted during the observation period with the ability to reliably classify the attacker. Through empirical analyses, we find that when the defender commits to a fixed observation window, often the spy’s best response is either full-exploitation mode or full-confusion mode. This discontinuity prevents the existence of a pure Nash equilibrium in many cases. However, when the defender can condition the observation time based on the observed sequence, a Nash equilibrium often exists.
