Abstract
We consider a game in which a strategic defender classifies an intruder as spy or spammer. The classification is based on the number of file server and mail server attacks observed during a fixed window. The spammer naively attacks (with a known distribution) his main target: the mail server. The spy strategically selects the number of attacks on his main target: the file server. The defender strategically selects his classification policy: a threshold on the number of file server attacks. We model the interaction of the two players (spy and defender) as a nonzero-sum game: The defender needs to balance missed detections and false alarms in his objective function, while the spy has a tradeoff between attacking the file server more aggressively and increasing the chances of getting caught. We give a characterization of the Nash equilibria in mixed strategies, and demonstrate how the Nash equilibria can be computed in polynomial time. Our characterization gives interesting and non-intuitive insights on the players' strategies at equilibrium: The defender uniformly randomizes between a set of thresholds that includes very large values. The strategy of the spy is a truncated version of the spammer's distribution. We present numerical simulations that validate and illustrate our theoretical results.
| Original language | English |
|---|---|
| Article number | 6426808 |
| Pages (from-to) | 7744-7751 |
| Number of pages | 8 |
| Journal | Proceedings of the IEEE Conference on Decision and Control |
| DOIs | |
| Publication status | Published - 1 Jan 2012 |
| Externally published | Yes |
| Event | 51st IEEE Conference on Decision and Control, CDC 2012 - Maui, HI, United States Duration: 10 Dec 2012 → 13 Dec 2012 |