Game Theory for Cybersecurity and Privacy

A special issue of Games (ISSN 2073-4336). This special issue belongs to the section "Algorithmic and Computational Game Theory".

Deadline for manuscript submissions: 15 May 2024 | Viewed by 5444

Special Issue Editors


E-Mail Website
Guest Editor
Department of Computer Science, University of Delaware, Newark, DE 19716, USA
Interests: data privacy; algorithmic economics; game theory and mechanism design; security economics; algorithmic fairness

E-Mail Website
Guest Editor
Computer Science and Engineering, The Ohio State University, Columbus, OH 43210, USA
Interests: machine learning; fairness and privacy; sequential decision making; distributed algorithms; economics of security

Special Issue Information

Dear Colleagues,

Cyber technologies have brought enormous benefits to society and made people and communities more connected. However, these technologies have also provided opportunities for cyber attacks. These attacks can compromise personal and sensitive data, cause business interruptions and ruin companies' assets. To address these security issues, we need to have mechanisms in place to incentivize organizations to fix security issues and adopt a proper defense strategy against future attacks. This Special Issue of Games is devoted to studying and analyzing cybersecurity and privacy from the perspective of game theory. We welcome authors to submit their research on topics including, but not limited to: optimal investment in information security, incentive design for information sharing, models and analysis of cybercrime, cyber-security policy, the economics of privacy and anonymity, cyber-defense strategy, cyber insurance market, cryptocurrency markets, and cybersecurity vulnerability market.

Dr. Mohammad Mahdi Khalili
Dr. Xueru Zhang
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Games is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • security game
  • economics of security and privacy
  • game theory
  • mechanism design
  • data market
  • information security

Published Papers (4 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

28 pages, 1953 KiB  
Article
Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach
by Katarina Kostelić
Games 2024, 15(2), 13; https://doi.org/10.3390/g15020013 - 08 Apr 2024
Viewed by 363
Abstract
Awareness and human factors are becoming ever more important in cybersecurity, particularly in the context of small companies that may need more resources to deal with cybersecurity effectively. This paper introduces a theoretical framework for game analysis of the role of awareness in [...] Read more.
Awareness and human factors are becoming ever more important in cybersecurity, particularly in the context of small companies that may need more resources to deal with cybersecurity effectively. This paper introduces a theoretical framework for game analysis of the role of awareness in strategic interactions between the manager and a hacker. A computable approach is proposed based on Bayesian updating to model awareness in a cybersecurity context. The process of gaining awareness considers the manager’s perception of the properties of the hacker’s actions, game history, and common knowledge. The role of awareness in strategy choices and outcomes is analyzed and simulated, providing insights into decision-making processes for managers and highlighting the need to consider probabilistic assessments of threats and the effectiveness of countermeasures. The accuracy of the initial frequencies plays a significant role in the manager’s success, with aligned frequencies leading to optimal results. Inaccurate information on prior frequencies still outperforms complete uncertainty, emphasizing the value of any available intelligence. However, the results suggest that other awareness modeling approaches are necessary to enhance the manager’s agility and adaptiveness when the prior frequencies do not reflect the immediate attacker’s type, indicating the need for improved intelligence about cyber-attacks and examinations of different awareness modeling approaches. Full article
(This article belongs to the Special Issue Game Theory for Cybersecurity and Privacy)
Show Figures

Figure 1

52 pages, 1651 KiB  
Article
Generalized Hyperbolic Discounting in Security Games of Timing
by Jonathan Merlevede, Benjamin Johnson, Jens Grossklags and Tom Holvoet
Games 2023, 14(6), 74; https://doi.org/10.3390/g14060074 - 30 Nov 2023
Viewed by 1012
Abstract
In recent years, several high-profile incidents have spurred research into games of timing. A framework emanating from the FlipIt model features two covert agents competing to control a single contested resource. In its basic form, the resource exists forever while generating value at [...] Read more.
In recent years, several high-profile incidents have spurred research into games of timing. A framework emanating from the FlipIt model features two covert agents competing to control a single contested resource. In its basic form, the resource exists forever while generating value at a constant rate. As this research area evolves, attempts to introduce more economically realistic models have led to the application of various forms of economic discounting to the contested resource. This paper investigates the application of a two-parameter economic discounting method, called generalized hyperbolic discounting, and characterizes the game’s Nash equilibrium conditions. We prove that for agents discounting such that accumulated value generated by the resource diverges, equilibrium conditions are identical to those of non-discounting agents. The methodology presented in this paper generalizes the findings of several other studies and may be of independent interest when applying economic discounting to other models. Full article
(This article belongs to the Special Issue Game Theory for Cybersecurity and Privacy)
Show Figures

Figure 1

20 pages, 2330 KiB  
Article
Defining Cyber Risk Scenarios to Evaluate IoT Systems
by Roberto Andrade, Iván Ortiz, María Cazares, Gustavo Navas and María Isabel Sánchez-Pazmiño
Games 2023, 14(1), 1; https://doi.org/10.3390/g14010001 - 20 Dec 2022
Cited by 1 | Viewed by 1848
Abstract
The growth of the Internet of Things (IoT) has accelerated digital transformation processes in organizations and cities. However, it has also opened new security challenges due to the complexity and dynamism of these systems. The application of security risk analysis methodologies used to [...] Read more.
The growth of the Internet of Things (IoT) has accelerated digital transformation processes in organizations and cities. However, it has also opened new security challenges due to the complexity and dynamism of these systems. The application of security risk analysis methodologies used to evaluate information technology (IT) systems have their limitations to qualitatively assess the security risks in IoT systems, due to the lack of historical data and the dynamic behavior of the solutions based on the IoT. The objective of this study is to propose a methodology for developing a security risk analysis using scenarios based on the risk factors of IoT devices. In order to manage the uncertainty due to the dynamics of IoT behaviors, we propose the use of Bayesian networks in conjunction with the Best Worst Method (BWM) for multi-criteria decision-making to obtain a quantitative security risk value. Full article
(This article belongs to the Special Issue Game Theory for Cybersecurity and Privacy)
Show Figures

Figure 1

11 pages, 801 KiB  
Article
RewardRating: A Mechanism Design Approach to Improve Rating Systems
by Iman Vakilinia, Peyman Faizian and Mohammad Mahdi Khalili
Games 2022, 13(4), 52; https://doi.org/10.3390/g13040052 - 29 Jul 2022
Viewed by 1518
Abstract
Nowadays, rating systems play a crucial role in the attraction of customers to different services. However, as it is difficult to detect a fake rating, fraudulent users can potentially unfairly impact the rating’s aggregated score. This fraudulent behavior can negatively affect customers and [...] Read more.
Nowadays, rating systems play a crucial role in the attraction of customers to different services. However, as it is difficult to detect a fake rating, fraudulent users can potentially unfairly impact the rating’s aggregated score. This fraudulent behavior can negatively affect customers and businesses. To improve rating systems, in this paper, we take a novel mechanism-design approach to increase the cost of fake ratings while providing incentives for honest ratings. However, designing such a mechanism is a challenging task, as it is not possible to detect fake ratings since raters might rate a same service differently. Our proposed mechanism RewardRating is inspired by the stock market model in which users can invest in their ratings for services and receive a reward on the basis of future ratings. We leverage the fact that, if a service’s rating is affected by a fake rating, then the aggregated rating is biased toward the direction of the fake rating. First, we formally model the problem and discuss budget-balanced and incentive-compatibility specifications. Then, we suggest a profit-sharing scheme to cover the rating system’s requirements. Lastly, we analyze the performance of our proposed mechanism. Full article
(This article belongs to the Special Issue Game Theory for Cybersecurity and Privacy)
Show Figures

Figure 1

Back to TopTop