Using signaling games to model the multi-step attack-defense scenarios on confidentiality

Abstract

In the multi-step attack-defense scenarios (MSADSs), each rational player (the attacker or the defender) tries to maximize his payoff, but the uncertainty about his opponent prevents him from taking the suitable actions. The defender doesn't know the attacker's target list, and may deploy unnecessary but costly defenses to protect machines not in the target list. Similarly, the attacker doesn't know the deployed protections, and may spend lots of time and effort on a well-protected machine. We develop a repeated two-way signaling game to model the MSADSs on confidentiality, and show how to find the actions maximizing the expected payoffs through the equilibrium. In the proposed model, on receiving each intrusion detection system alert (i.e., a signal), the defender follows the equilibrium to gradually reduce the uncertainty about the attacker's targets and calculate the defenses maximizing his expected payoff. © 2012 Springer-Verlag.