570 likes | 765 Views
Modeling secrecy and deception in a multiple-period attacker–defender signaling game. Advisor: Yeong -Sung Lin Presented by I- Ju Shih. Agenda. Introduction Signaling game Model formulation for repeated game Attacker observes defensive investment from the previous period
E N D
Modeling secrecy and deception in a multiple-period attacker–defendersignaling game Advisor: Yeong-Sung Lin Presented by I-Ju Shih
Agenda • Introduction • Signaling game • Model formulation for repeated game • Attacker observes defensive investment from the previous period • Attacker does not observe defensive investment • Conclusions and future research
Agenda • Introduction • Signaling game • Model formulation for repeated game • Attacker observes defensive investment from the previous period • Attacker does not observe defensive investment • Conclusions and future research
Introduction • Most applications of game theory to homeland-security resourceallocation so far have involved only one-period games. • Dresher (1961) was among the first researchers toapply game theory to military strategic interactions. However, hedid not explicitly model deception and secrecy. • Recent game-theoretic research hasalso indicated that publicizing defensive information instead of keeping it secret may help todeter attacks.
Introduction • In practice, however, security-related information such as defensive resource allocations isoften kept secret. • There is a long tradition of deception in themilitary arena, as well as in business and capitalventures. • Few of these studies havefocused specifically on disclosure of resource allocations. • Defenders might also have incentives to deceive by either overstating or understating theirdefenses, to deter or disinterest potential attackers, respectively.
Introduction • Zhuang and Bier (2007) indicate that truthful disclosure should alwaysbe preferred to secrecy, which is not surprising,since their model is a game of complete information. • Attacker uncertainty about defender private informationcan create opportunities for either defendersecrecy or deception. • Zhuang and Bier (2011) found that defender secrecyand/or deception could be strictly preferred in a one-period gamein which the defender has private information (i.e., the attackeris uncertain about the defender type).
Introduction • Secrecy has been sometimes modeled as simultaneousplay in game theory,since in a simultaneousgame, each player moves without knowing the moveschosen by the other players. • Some researchers have modeled deception as sending noisy orimperfect signals to mislead one’s opponents. • Hespanhaet al. (2000) and Brown et al. (2005) defined deception in a zero-sumattacker-defender game as occurring when the defender disclosesonly a subset of the defenses, in an attempt to route attacksto heavily-defended locations.
Introduction • By contrast, this paper defines deception as disclosing a signal (in the domain of theaction space) that differs from the chosen (hidden) action. • This paperapplies game theory to model strategies of secrecy and deception in a multiple-periodattacker-defender resource-allocation and signaling game with incomplete information.
Introduction • Games are classified into two major classes: cooperative games and non-cooperative games. • In traditional non-cooperative games it is assumed that • 1. The players are rational. • 2. There are no enforceable agreements between players. • 3. The players know all the data of the game. • However,real-game situations may involve other types of uncertainty.
Introduction • In this paper they focus on the case where the defender does have private information, while the attacker does not. • In this case, they allow twotypes of updates about the defender type–the attacker updateshis knowledge about the defender type after observing the defender’ssignals, and also after observing the result of a contest(if oneoccurs in any given time period).
Agenda • Introduction • Signaling game • Model formulation for repeated game • Attacker observes defensive investment from the previous period • Attacker does not observe defensive investment • Conclusions and future research
Signaling game • Games are classified into four major classes.
Signaling game • A signaling game is a dynamic game of incomplete information involvingtwo players, a Sender and a Receiver. • It involves two players – one with private information, the other without– and two moves: • first the informed player (Sender, she) makes a decision, she "sends a signal". • then the uninformed player (Receiver, he) – having observed the informed player’s decision but not herprivate information – makes a decision, he "reacts to the signal".
Signaling game • The timing of the game is as follows: Nature selects a type ti for Sender from a set of feasible types T = {t1,...,tI} according to acommonly-known probability distribution p(.), where p(ti) > 0 (prior belief)for every i ∈{1,...,I} andΣ p(ti) = 1. Sender observes tiand, on the basis of ti, chooses a message mjfrom a set of feasible messagesM = {m1,...,mJ}. Receiver observes mjand, on the basis of mj, selects an action ak from a set of feasible actionsA ={a1,...,aK}. Payoffs are realised: if nature has drawn type ti, S has chosen message mj and R hasselected action ak, then payoffs for S and R are uS(ti, mj, ak) and uR(ti, mj, ak).
Signaling game • Spence’s (1973) job market signalling model: • Sender: a worker in search for a job. • Receiver: a (potential) employer (or the market of prospective employers). • Type: the worker’s productivity. • Message: the worker’s education choice. • Action: the wage paid to the worker.
Signaling game • In a signaling game, there can be any or all of the following Perfect BayesianEquilibrium (PBE): • Pooling equilibrium:In a pooling PBE, both types of Sender choose the same message, so that they cannot be distinguished on the basis of their behavior. (pure strategy) • Separating equilibrium:In a separating PBE, each Sender type chooses a different message, so that the message perfectly identifies the player type. (pure strategy) • Semi-separatingequilibrium: In a semi-separating PBE, one type of Sender plays a pure strategy while the other plays a mixed strategy. As a result, Receiver is able to imperfectly update his prior beliefs about Sender’s type. (mixed strategy)
Agenda • Introduction • Signaling game • Model formulation for repeated game • Attacker observes defensive investment from the previous period • Attacker does not observe defensive investment • Conclusions and future research
Model formulation for repeated game • This paper’s game has two players: an attacker (he, signal receiver, A); and a defender(she, signal sender, D). • This paper’s model involves a N-periodgame with private defender information.
Model formulation for repeated game • For simplicity, this paper considers only • a two-type model; i.e., the defender type θ equals θ1 with probability p1 and θ2 with probability 1-p1. • This paper assumes that p1, the attacker’s prior probabilityat the beginning of the period 1, is common knowledge to both the attacker and the defender.
Model formulation for repeated game • First, a defender of type θ chooses a strategy dt(θ) and a signalst(θ) for θ =θ1,θ2. • dt(θ) = 0 : The defender invests in short term expenses (such as police patrol) in period t. • dt(θ) = 1 : The defender invests in capital defensesin period t. • st(θ) ϵ{0, 1, S}be the signal sent by a defender of type θ aboutits defensive choice.
Model formulation for repeated game • The attacker observes the signal st(θ), updates his belief from theprior pt to the posterior p't, andchooses an attacker response at(st). • at(st) = 0 isthe decision to do nothingduring period t. • at(st) = 1 representsthe decision to launch an attack.
Model formulation for repeated game • If both defendertypes send the same signal at equilibrium, st(θ1) =st(θ2),then p't(posterior belief)=pt (prior belief).(Pooling equilibrium) • If different defender typessend different signals at equilibrium, st(θ1) ≠st(θ2),then the attackeris able to recognize the defender type with certainty, in which case p't = 1 with probability pt, and 0 with probability 1-pt. (Separating equilibrium)
Model formulation for repeated game • This paper assumes for simplicity that the actual level of damage to the target is either 100% or zero. attacker attack cost Conditional probability that an attack would succeed attacker’s target valuations defender Defense cost Conditional probability that an attack would succeed defender’s target valuations
Model formulation for repeated game • This contest success function is assumedto be of the form. • where α > 1 is the effectiveness of defender short-term expensesrelative to defender capital investment in security;ρt-k is the fraction of defensive capital from period k that is stilleffective in period t. the effective defense short-term capital investment
Model formulation for repeated game • Let βA and βD be the attacker and defender discountfactors, respectively. (the current payoff, plus the discounted expected future equilibriumpayoff) attacker defender
Model formulation for repeated game • Definition 1. We call the collection {a*(s), d*(θ), s*(θ), p*, p'*} anequilibrium if the following four conditions are satisfied:
Model formulation for repeated game • Definition 1. We call the collection {a*(s), d*(θ), s*(θ), p*, p'*} anequilibrium if the following four conditions are satisfied:
Model formulation for repeated game • Definition 1. We call the collection {a*(s), d*(θ), s*(θ), p*, p'*} anequilibrium if the following four conditions are satisfied:
Model formulation for repeated game • Definition 2. In an equilibrium {a*(s), d*(θ), s*(θ), p*, p‘*}, we saythat in period t, a defender of type θchooses: • Thecost of implementing truthful disclosure is lower than the costs ofimplementing secrecy and deception, respectively.
Agenda • Introduction • Signaling game • Model formulation for repeated game • Attacker observes defensive investment from the previous period • Attacker does not observe defensive investment • Conclusions and future research
Attacker observes defensive investment from the previous period • The model is under theassumption that the attacker can observe the previous period’sdefensive choice, dt-1, at the beginning of period t. • They still allow the defender’s private information to remain secret throughout the entire game, if not revealed by the defender’s choices. • However, with this assumption, the defendercannot choose deception or secrecy at optimality for more thanone time period.
Attacker observes defensive investment from the previous period • For computational convenience, they assume that capital can becarried over only to the immediate next period. (ρk =0 for k ≥ 2, and ρ1 =ρ)
Attacker observes defensive investment from the previous period
Attacker observes defensive investment from the previous period • Case A (pt =0 or pt =1): In this case, at the beginning of period t,the attacker already knows whether the defender is of type θ =θ2 orθ =θ1.
Attacker observes defensive investment from the previous period • For all 48 cases, we calculate et using Eq. (11), and let p't (posterior belief) =pt+1 (prior belief) = pt (prior belief). • The attacker and defender total expected payoffsare calculated as the sum of the current payoff plus the discountedfuture equilibrium payoff:
Attacker observes defensive investment from the previous period • Case B (0 < pt < 1): In this case, at the beginning of period t, theattacker is uncertain about the defender type, and we have a threeplayer,8*6*6 game. • For all 288 cases, we calculate et(θ)using Eq. (11), and then determine p't stochastically as a functionof st(θ), st(θ2), and pt, using condition 3 of Definition 1.
Attacker observes defensive investment from the previous period • the attacker payoff is given by: • the payoff to a defender of type h is given by:
Attacker observes defensive investment from the previous period • In the examples in the following sections, we use the followingbaseline parameter values: N =2; p1 =0.9; βA =0.9; βD(θ1) =βD(θ2) =0.9; ρ(θ1)=ρ(θ2) =0.5; α(θ1)=α(θ2) =2; vA(θ1)=vA(θ2)=20; vD(θ1)=vD(θ2)=20. • Moreover, we use the following baselinecosts:
Attacker observes defensive investment from the previous period • 1.Effectiveness of expenses as defender private information • Here, we letα(θ1)=2 and α(θ2)=4 be the defender private information. Defender’s strategy Defender’s signal
Attacker observes defensive investment from the previous period • 1.Effectiveness of expenses as defender private information • Here, we letα(θ1)=2 and α(θ2)=4 be the defender private information. Defender’s strategy Defender’s signal θ1 θ2
Attacker observes defensive investment from the previous period • 1.Effectiveness of expenses as defender private information • Here, we letα(θ1)=2 and α(θ2)=4 be the defender private information. Defender’s strategy Defender’s signal
Attacker observes defensive investment from the previous period • 1.Effectiveness of expenses as defender private information • Here, we letα(θ1)=2 and α(θ2)=4 be the defender private information. Defender’s strategy Defender’s signal
Attacker observes defensive investment from the previous period • 2.Target valuation as private information • We consider α(θ1)=α(θ2)=1.5; vA(θ1)=vD(θ1)=10 and vA(θ1)=vD(θ2)= 20. Defender’s strategy Defender’s signal θ1 θ2
Attacker observes defensive investment from the previous period • 3.Defender costs as private information • We consider α(θ1)=α(θ2)=2and the defender of type θ2 has higher costs for all signals than the defender of type θ1when the defenses are given by d = 0.
Attacker observes defensive investment from the previous period • 3.Defender costs as private information • We consider α(θ1)=α(θ2)=2and the defender of type θ2 has higher costs for all signals than the defender of type θ1 when the defenses are given by d = 0. Defender’s strategy Defender’s signal
Attacker observes defensive investment from the previous period • 4.Other parameters as defender private information • In cases where the defender’s private information is associatedonly with future payoffs (such as the carry-over coefficients ρk andthe discount rate βD), they have not found deception or secrecy intheir numerical model, despite an extensive computer search.
Agenda • Introduction • Signaling game • Model formulation for repeated game • Attacker observes defensive investment from the previous period • Attacker does not observe defensive investment • Conclusions and future research