FORMATION OF A STRATEGY FOR MANAGING THE OPERATING MODES OF SECURITY SYSTEMS BASED ON THE GAME CONTROL MODEL
DOI:
https://doi.org/10.17721/ISTS.2020.4.38-47Keywords:
information protection, security system, game theory, optimal strategy, system of the violator, making a decisionAbstract
The main areas of application of game theory are economics, political science, tactical and military-strategic tasks, evolutionary biology and, more recently, information technology, security and artificial intelligence. Game theory studies the problems of decision-making of several people (players). It concerns the behavior of players whose decisions affect each other. The application of game theory in the field of modeling decision-making processes has different approaches, which are not systematized in the future, and sometimes contradict each other. Game theory is designed to solve situations in which the outcome of players' decisions depends not only on how they choose them, but also on the choices of other players with whom they interact. If we consider the field of information security, the peculiarity of the information conflict between the operational management system of information protection and the infringer who tries to gain unauthorized access is that opposing parties who have several ways of action can apply them repeatedly, choosing the best way based on information about the opposite parties. In this case, each step of resolving the conflict is characterized not by the final state, but by some payment function. In many situations, when designing information security systems, there is a need to develop and make decisions in conditions of uncertainty. Uncertainty can be of different nature. The planned actions of hackers, which are aimed at reducing the effectiveness of security systems, are uncertain. Uncertainty may relate to a risk situation in which the management system of the information network that decides on the application of the protection system is able to establish not only all possible results of decisions, but also the probability of possible conditions for their occurrence. Design conditions affect decision-making subconsciously, regardless of the actions of the decision-maker. When all the consequences of possible decisions are known, but their probability is unknown, it is obvious that decisions are made in conditions of complete uncertainty. The main promising theory of analysis of decision-making processes at the stage of designing information security systems is game theory. Therefore, there is a need to develop methods of operational (adaptive) management of information protection, depending on the availability of a priori information about the possibility of attacks by the infringer and his strategy to create unauthorized access to information resources. Game theory allows us to offer recommendations for the formation of management strategies for protection systems.Downloads
References
Fei He, Jun Zhuang, and United States. Game-theoretic analysis of attack and defense in cyber-physical network infrastructures. In Proceedings of the Industrial and Systems Engineering Research Conference. 2012.
Johnson, Benjamin, et al. "Game-theoretic analysis of DDoS attacks against Bitcoin mining pools." International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 2014.
Бурячок В. Теорія ігор, як метод управління інформаційною безпекою / Володимир Бурячок, Анатолій Шиян // Правове, нормативне та метрологічне забезпечення системи захисту інформації в Україні: науково-технічний збірник. – 2013. – Вип. 2(26). – С. 21–28.
Петросян Л.А. Теория игр / Л.А. Петросян, Н.А. Зен кевич, Е.А. Семина. – М.: 1998. – Вища школа. – 304 с.
Дюбин Г.Н. Введение в прикладную теорию игр / Г.Н. Дюбин, В.Г. Суздаль. – М.: 1981. – Наука. – 336 с.
Воробьев Н.Н. Бесконечные антагонистические игры / под ред. Н.Н. Воробьева. – М.: 1993. – Вища школа. – 505 с.
Грищук Р.В. Теоретичні основи моделювання процесів нападу на інформацію методами теорії диференціальних ігор та диференціальних перетворень / Р.В. Грищук. – Монографія. – Житомир. – 2010. – 280 с.
Дослідження операцій. Ч. 3. Ухвалення рішень і теорія ігор / М. Я. Бартіш, І. М. Дудзяний. – Львів: Видавничий центр Львівського національного університету ім. І. Франка, 2009 . – 277 с. : іл. – Бібліогр.: с.271–272 (36 назв) . – ISBN 966-613-496-9
Baranovska L. V. Mixed strategy Nash equilibrium in one game and rationality / L. V. Baranovska, O. M. Bukovskiy // International Scientific and Practical Conference "WORLD SCIENCE". Proceedings of the III International Scientific and Practical Conference "Scientific Issues of the Modernity" (April 27, 2017, Dubai, UAE). – 2017. – No 5(21), Vol. 1, May. – Pp. 4–8.
Alpcan T., Başar T. Network security: A decision and game-theoretic approach. Cambridge University Press, 2010.
Толюпа С.В., Павлов І.М. Аналіз підходів моделювання процесів прийняття рішень при проектуванні систем захисту інформації. // Науково-технічний журнал "Сучасний захист інформації". – 2014. – №2. – С. 96–104.
Толюпа С.В., Павлов І.М. Аналіз підходів оцінки ефективності математичних моделей при проектуванні систем захисту інформації. // Науково-технічний журнал "Сучасний захист інформації". – 2014. – №3. – С. 36–44.
Alpcan T., Başar T. A game theoretic approach to decision and analysis in network intrusion detection. Decision and Control, 2003. Proceedings. 42nd IEEE Conference on. Vol.
Roy, Sankardas, et al. A survey of game theory as ap plied to network security. System Sciences (HICSS), 2010 43rd Hawaii International Conference on. IEEE, 2010.
Liang, Xiannuan, and Yang Xiao. Game theory for network security. IEEE Communications Surveys & Tutorials 15.1. 2013. P. 472–486.
Do, Cuong T., et al. Game Theory for Cyber Security and Privacy. ACM Computing Surveys (CSUR) 50.2. 2017. 30 p.
