Assane Gueye


In the digital era we are living in today, cyber attacks are being carried out by well-organized and very sophisticated adversaries such as malicious insiders, cybercriminals, cyberterrorists, industrial spies, and in some cases, nation-state intelligence agents. Security experts must not only design and implement security solutions to defend against such sophisticated attackers, but they also need to find appropriate tools to measure and minimize the cost of security. To that end, many researchers have recently been considering the mathematical subject of Game Theory.


The application of game theoretic models to the security problem has much potential. In addition to providing a principled way to understand security, Game Theory can capture the adversarial nature of the security problem. Also, instead of designing a defense against a specific attack, game theoretic models attempt to design a defense against a sophisticated attacker who plans in anticipation of a complex defense. As such, both the defender and attacker's actions can be in principle computed and analyzed. Also, with a game theoretic approach, equilibrium payoffs can serve as good metrics for the cost of security. Furthermore, Game Theory can model issues of trust, incentives, and externalities that arise in security systems.


In this study, we apply game theoretic models in several communication scenarios and show how, by modeling the interaction between an attacker and a defender as a game, one can predict the adversary’s attack, determine the set of assets that are most likely to be attacked, suggest defense strategies for the defender, and gain some insights about the cost of security.