A Hypergame Model for Information Security

Abstract

Game theory is one of the most powerful mathematical tools to model information security decision making. However, in game theory it is assumed that all the players have complete knowledge about each player’s strategies, preferences, and decision rules used. This assumption is very strong, in reality there is often significant information asymmetry between players. In many real world situations, decision makers do not always have all the information about each player’s true intentions, strategies or preferences. Consequently, they have to perceive the situation from their own points of view, and may err in their perceptions. Since the early developments of game theory attempts have been made to incorporate misperceptions in game models of either incomplete or imperfect information. However, most of these attempts are based on quantities (as probabilities, risk factors, etc.) which are too subjective in general. In this paper, we consider a special family of games of incomplete information called hypergames. Hypergame theory extends classical game theory with the ability to deal with differences in players' misperceptions. In the context of hypergames, few works have addressed the study of information security decision making. This paper presents a hypergame approach as an analysis tool in the context of information security. The proposed two level hypergame models defender’s and attacker’s perception of the information security situation as a series of games. Finally, we conclude and present some future work.

Keywords

• Information security, decision-making, game theory, hypergame

References

1. D. Fudenberg, and J. Tirole. Game theory. MIT Press/Massachussetts, 1995.
2. K. Sallhammar, S. J. Knapskog, and B. E. Helvik, “Using stochastic game theory to compute the expected behavior of attackers”, International Symposium on Applications and the Internet (Saint’2005). Trento, Italy, pp. 102-105, Jan. 31 2005-Feb. 4 2005.
3. P. G. Bennett, “Toward a theory of hypergames”, Omega, Vol. 5, No. 6, pp. 749-751, 1977.
4. S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, Q. Wu, “A survey of game theory as applied to network security”, 43rd Hawaii International Conference on System Sciences (HICSS), Hawaii, pp.1-10, 5-8 Jan. 2010.
5. M. H. Manshaei, Q. Zhu, T. Alpcan, T. Başar, J.-P. Hubaux, “Game theory meets network security and privacy”, ACM Computing Surveys, Vol. 45, No. 3, Article 25, June 2013.
6. A. Singh, A. Lakhotia, and A. Walenstein, “Malware antimalware games,” Proc. 5th International Conference on Information-Warfare & Security (ICIW), Ohio, USA, pp. 319-327, 8-9 April 2010.
7. P. Maillé, P. Reichl, and B. Tuffin, “Of threats and costs: A game-theoretic approach to security risk management”, Springer Optimization and Its Applications, Vol. 46, pp. 33-53, 2011.
8. A. Patcha, J. M. Park, “A game theoretic formulation for intrusion detection in mobile ad hoc networks,” International Journal of Network Security, Vol. 2, No. 2, pp. 131–137, March 2006.

9. Y. Sasaki, K. Kijima, “Hypergames and bayesian games: A theoretical comparison of the models of games with incomplete information”, Journal of Systems Science and Complexity, Vol. 25, No. 4, pp. 720-735, August 2012.
10. Harsanyi J.C., “Games with incomplete information played by Bayesian players”, Management Science, Vol. 14, No. 3, pp. 159-182, November 1967.
11. N. M. Fraser, and K. W. Hipel. Conflict Analysis, Models and Resolutions. Elsevier Science Publishing Co. Inc./New York, 1980.
12. N. M. Fraser and K. W. Hipel, “Metagame analysis of the Poplar River conflict”, Journal of the Operational Research Society, Vol. 31, No. 5, pp. 377-385, 1980. DOI: 10.1057/jors.1980.70
13. M. Giesen, and P. Bennett, “Aristotle's fallacy: A hypergame in the oil shipping business”, Omega, Vol. 7, No. 4, pp. 309-320, 1979.
14. P. G. Bennett, M. R. Dando, and R. G. Sharp, “Using hypergames to model difficult social issues: an approach to the case of soccer hooliganism”, Journal of the Operational Research Society, Vol. 31, No. 7, pp. 621- 635, July 1980.
15. Kopp C., “Shannon, hypergames and information warfare”, Journal of Information Warfare, Vol. 2, No. 2, pp. 108-118, 2002.
16. J. T. House and G. Cybenko, “Hypergame theory applied to cyber attack and defense”, Proceedings of the SPIE, Vol. 7666, Article id. 766604, 11 pp., May 03, 2010. doi:10.1117/12.852338.
17. M. Wang, K. W. Hipel, and N. M. Fraser, “Modeling misperceptions in games”, Behavioral Science, Vol. 33, No. 3, pp. 207–223, July 1988.
18. T. Alpcan, T. Basar, “A game theoretic approach to decision and analysis in network intrusion detection,” 42nd Conference on Decision and Control. Maui, HI, 2003, vol.3, pp. 2595-2600, 9-12 December 2003.
19. L. Brumley, “HYPANT: A Hypergame Analysis Tool”. projects/2003/Brumley/ Latest Access Time for the website is 11 November 2013.