Speaker:Joseph Clanin

Additive Security Games: Structure, Optimization, and Approximation

Recently, cyberattacks of increasing sophistication, frequency and scope have caused major disruptions across nearly all critical infrastructure sectors worldwide. The scale and complex cyber-physical nature of infrastructure systems renders the task of risk assessment in these domains extremely difficult. Traditional approaches to risk assessment have prioritized fault tolerance over attack resilience and relied extensively upon the judgement of individuals across organizations. Furthermore, exact and exhaustive analysis of multiple-component failures is infeasible even in systems of moderate size due to combinatorial explosion of the search space. In this presentation, I will address these issues using a game-theoretic approach. To bridge the gap between fault tolerance and attack resilience, I will study a class of resource allocation games, known as security games, between resource constrained players. To circumvent the fundamental difficulty of combinatorial explosion, the games under consideration will satisfy a property known as additivity. I will give a structural characterization of the possible Nash equilibria into several types and present feasibility conditions for equilibria of each type. This analysis will lead to a novel algorithm for equilibrium computation as well as closed form expressions for the player expected payoffs at equilibrium. Secondly, motivated by the U.S. Department of Energy Cybersecurity Capability Maturity Model (C2M2) I will formulate an optimization problem of player expected utility at equilibrium and leverage my structural analysis to give a preliminary suboptimal solution algorithm. Finally, to address scenarios in which the assumption of additivity over attacked targets is not satisfied, I will introduce a notion of nearest additive games. I will show existence and uniqueness of the nearest additive game and evaluate the error of approximation by the nearest additive game through simulation.

Committee: Sourabh Bhattacharya (major professor), Samik Basu, Yan-Bin Jia, Tichakorn Wongpiromsarn, and Manimaran Govindarasu

Join on WebEx: https://iastate.webex.com/iastate/j.php?MTID=mbb8e56b9eaf2235e10297a9b597a9acb