Game theory-based Security Vulnerability Quantification for Social Internet of Things

Abstract

In modern society, information and communication technology (ICT) has been applied to various areas such as home, industry, and finance. Therefore, social networks using Internet of Things (IoT) technologies have been constructed. As ICT continues to be used in various modern applications, security vulnerabilities from legacy ICT have been inherited by social IoT network systems. To guarantee the safety of these applications, these networks must be protected from various cyberattacks. A variety of security technologies and products have been developed for this purpose. However, the most important task in dealing with cyberattacks is to inspect the current security status of a social IoT network system. Many types of vulnerability quantification methods exist for inspecting the security vulnerabilities of network systems. However, with legacy methods, quantification results lack objectivity. In this study, to compensate for this limitation, we propose a game-theory-based vulnerability quantification method using attack tree, which consists of three steps: game strategy modeling, cost-impact analyzation, and payoff calculation. We present a case study for a social-IoT-based network environment. Using the proposed method, we believe social IoT network system security experts will be able to cope with security incidents more effectively. The proposed method can be used as a reference for constructing a safer social IoT network system.