With the gigantic growth in cyber infrastructure , Cyber risks are also evolving at a much faster pace than before. For a smaller organization with limited or no sensitive data it may not be a serious concern. But for the bigger organizations with huge amount of sensitive data, it has become a very serious concern because if the data is leaked/lost then it may lead to unanticipated business losses. Cyber security plays a vital role in managing these threats and risks.
With our recent advancements in AI and ML technologies, many of the challenges are getting addressed like detecting speed and accuracy of malicious attacks for defending networks, raising automatic triggers in case of suspicious attacks, notification generations in order to curb the impact, dynamically re-configuring a firewall rule to block attempted attacks etc.
However, today’s traditional AI solutions generally are able to focus only on already known threats and are not well-suited for heavy network traffic with unanticipated threats. They even fall short of mechanisms to directly interfere with malicious activity and responding to more elusive indicators of malicious intent. One more risk is that these AI and ML software have false positive rates which can be quite high sometimes and responding to these generated ML-based alerts by human operator by determining which one’s are true positives and which false positives are not an easy game. Even coordinating to respond to the suspicious activity becomes further inflamed. These cause more harm than good.
Hence Game Theory is gaining momentum now and India in no way seems to be left behind in this race.
Why is Game Theory utilized in combination with AI Software?
AI and ML techniques combined with game theory automatically reacts and respond to attacker activity even if the overall confidence of detected events is low. Game theory for Cyber Security is an optimistic research area where an attempt is made to analyze the techniques of game theory to anticipate the actions of the attackers based on different game steps, strategies, and risks.
Game Theory deals with the cyber security issues and challenges in a much better way than traditional approaches. It uses mathematical models for decision making processes where the action or move of a player depends upon the move of the opponent in conflicting and competitive situation. The main objective of the opponents is to win the game. But in the games between two opposing parties with conflicting interests, winning means selecting an optimal strategy/course of action, wherein the players make decisions simultaneously. Under this principle, first of all, a player lists down the worst possible payoff values of all strategies available. Then selects the strategy corresponding to the optimum payoff value from among the worst possible payoff values.
How Game Theory Model functions ?
Most of the game theory approaches consider two types of players.
Attacker: The attacker is an opponent who does malicious attack into the system with the intention of breaching the security. The strategies of the attacker can vary from a single course of action to a sequence and series of counter activities.
Defender: On the contrary, the defender is responsible for applying right defense techniques to prevent and secure the system from various malicious attacks from attacker’s side. The defender has a set of counter strategies for monitoring and protecting the system.
The main aim of this player is to make defensive responses based on the acquired knowledge of the system status, purely relying on the counter strategies.
Cyber security problems generally require rational decision making and hence can be solved in a better way using game theory. The most important skill acknowledged by most of the researchers is “Adversarial Thinking” which is also called as “thinking like a hacker”. Cyber security is heavily dependent on guessing or analyzing the attacker’s strategies or move to avoid security threats, hence the need.
Unlike many games of conflict that are studied in the academics, computer security tend to have some unique properties that make them both interesting and somewhat challenging to model. Network and computer security games, however, have players who have asymmetric strategy sets and goals rather than Naïve strategy that are not only opposing, but that might have very different end states and resulting payoffs. In general, we treat one player as the defender and the opposing player as the attacker. This distinction is important, as the players in these types of games are not interchangeable.
Another major real-world complexity in cyber security is of ethics. In most of the cases, defender’s behavior is restricted based on legal and ethical principles whereas attackers do not have such restrictions. Hence attackers most often exploit the networks for the purpose of harming the defender or the defender’s systems. This imbalance leads to significant and unfair advantage for the attackers. The primary aim has to be to devise feasible techniques to both hinder the attacker and improve the defender’s advantage.
Conclusion
The game theory driven AI and ML applications have provided an encouraging start, but still the significant amount of research is left to be carried out. We have an all-encompassing theoretical explanation of concepts available, but for the practical implementation, it is still an open area. These large scale multi-disciplinary research challenges calls upon multiple researchers and domain experts from various disciplines, to come together and examine real-world constraints and challenges that cannot be left unturned to steer the wheel in the desired direction.
Source: indiaai.gov.in
