Game Theory Application in Network Security
http://publish.illinois.edu/science-of-security-lablet/files/2014/06/Game-Theory-Meets-Network-Security-and-Privacy.pdf
This academic paper gives a comprehensive survey of research on security and privacy in computer and communication networks that use game-theoretic approaches. Six main categories are discussed: security of the physical and MAC layers, security of self-organizing networks, intrusion detection systems, anonymity and privacy, economics of network security, and cryptography.
Of the six categories, I find the Intrusion Detection Systems (IDS) to be very interesting. An intrusion detection system is defined as a defense mechanism against a variety of attacks that can compromise the security of an information system [Debar et al. 2005]. In practice, IDSs are deployed at different levels to monitor the traffic of applications, key hosts, networks, and gateways between two networks. The paper mentioned two major kinds of IDSs, one being the signature-based IDS, which uses a database of traffic or activity patterns of known attacks to compare attack signatures so that malicious activities and infected files or programs can be recognized. The other is called anomaly-based IDS, which works by comparing system behavior with normal behavior to detect suspicious behavior.
The content relates to our class in that one major research approach in this field is using game theory. The nature of a typical game in game theory is that in a multi-agent system each agent maximizes his or her own profit, knowing or partially knowing the moves of other agents (called complete information game or incomplete information game). The uncooperative interaction between agents (in this case, the attacker and the detector) makes intrusion detection a perfect example of game theory application. Scholars have been using various models, such as the dynamic Bayesian model, the two-person stochastic general-sum game, or the repeated zero-sum game, to model the interaction between the attacker and the detector, so that an effective IDS with streamline configuration and yet sensitive detective functionality is possible.