Bridging Fault Tolerance and Game Theory for Assuring Cyberspace


Posted: March 8, 2016 | By: Dr. Kevin A. Kwiat, Charles A. Kamhoua

The FTFT effort investigated models, algorithms, and protocols to support the creation of an OODA loop for fighting-through [6-7]. An important step forward for FTFT became in-depth strategic consideration of cyber conflict. FTFT provided a fight through mechanism, but a mechanism, however, is merely a trigger; procedures must be used in conjunction with the mechanism to face the attack more strategically. For these procedures we turned to game theory.

Game theory is the branch of applied mathematics [8] that analizes conflict and strategic interactions among intelligent rational agents. With such a broad scope, game theory became syngistic with a contested cyberspace. For example, game theory has been applied to network security [9-10]. The synergy we observed compelled us to investigate a game theoretic framework and bridging it with fault tolerance. The most dangerous system failures typically originate from intelligent attackers instead of random faults, and game theory enables modelling the behavior of intelligent adversaries. Thus, a game theoretic model, if properly applied, might be the best one to deal with the worst case scenario, i.e., an inteligent attacker with detailed knowledge of the system. Furthermore, we believe that game theory is a promising framework because game theory has had marked success for over six decades in modeling other complex systems such as economics and biology. Finally, to the best of our knowledge, a game theoretic modeling of fault tolerance capabilities for cyber assurance was a new and open problem.

A strategic interaction is any interaction in which the behavior of one agent affects the outcome of others. First, the optimum defensive strategy should depend on the attacker’s behavior. Second, several protocols and security policies, including diversity, cannot be unilaterally implemented. Cyber diversity, like numerous other protocols, requires the collaboration of several users in several organizations in order to be successful. Finally, cyberspace is interconnected and the data collected from one vulnerable computer can be used to compromise others. Using the framework of game theory, the cyber defender has a path to optimize his resources and defensive strategy while simultaneously taking into account those actions from other users including the attackers. A small sampling of our early papers [11- 13] documents some of our accomplishments in using a game theoretic framework to embrace fault tolerance and diversity. Most recently, we have used the framework for assuring cloud computing [14-17].

A key component of game theoretic modeling of cybersecurity is to find the Nash equilibrium of the cybersecurity game. At a Nash equilibrium profile, no player’s payoff is increased by a unilateral deviation. Also, each player is playing their best response to other players’ strategies. As a consequence, the cyber defender can use the Nash equilibrium profile to predict the attacker’s behavior. These actions are depicted in the decision loop of Figure 3 whose 4 stages are analogous to those depicted in the loops of Figures 1 and 2.

The STORM effort aims to capture the mechanisms that move this loop. With the ability to control this loop, STORM strives to develop dynamic and unpredictable schemes which, like a storm, can disrupt the adversaries’ plans and advances. Strategically, by storming the attacker in this way we embrace Boyd’s notion of a best stragtegy: to win without ever engaging in a fight at all [18].


Want to find out more about this topic?

Request a FREE Technical Inquiry!