Bayesian Stackelberg Game Research Articles

Defending Against SSDF Attacks From Randomly Appearing Intelligent Malicious Vehicle Users in the CIoV Network by Bayesian Stackelberg Game

Defending Against SSDF Attacks From Randomly Appearing Intelligent Malicious Vehicle Users in the CIoV Network by Bayesian Stackelberg Game

Cloud security in the age of adaptive adversaries: A game theoretic approach to hypervisor-based intrusion detection

Recent advancements in cloud computing have underscored the critical need for robust security mechanisms to counter evolving cyber-threats. Traditional security solutions such as Intrusion Detection Systems (IDSs) often fall short due to their inability to anticipate the strategies of adaptive cyber adversaries. Game theory is considered a popular analytical tool for understanding the strategic interactions between defenders and adversaries, providing a more informed decision-making process. However, existing game-theoretic IDSs often employ non-comprehensive utility functions with limited parameters that fail to capture the complexity of real-world dynamics. This paper introduces a novel Game-Theoretic Hypervisor-based IDS (GHyIDS), which employs comprehensive utility functions and an innovative belief update model to enhance detection accuracy and adaptability in dynamic cloud environments. To overcome the limitations of existing models, we design comprehensive utility functions by incorporating a wider range of real-world parameters, such as trust score, risk, vulnerability, damage severity, worth of the VM, means, opportunities, and access available to the attacker, as well as success rates of attack detection and execution. We propose a Resource-Aware Static Intrusion Detection Bayesian Game (S-IDBG) and extend it into a Dynamic Multi-Stage IDBG (D-IDBG), enabling the system to dynamically adapt to changes in attack patterns and system vulnerabilities. The belief update model is pivotal in continuously refining the system’s strategies based on observed behaviors and outcomes, allowing for precise adjustments to the evolving threats. Our experimental results show a significant improvement over existing models, with our approach achieving approximately 10% increase in detection rate, 20% reduction in false positive rate and 10% reduction in false negative rate in comparative analysis against state-of-the-art models namely, the trust-based Maxmin game and the repeated Bayesian Stackelberg game.

Remote State Estimation Under DoS Attacks in CPSs With Arbitrary Tree Topology: A Bayesian Stackelberg Game Approach

Remote State Estimation Under DoS Attacks in CPSs With Arbitrary Tree Topology: A Bayesian Stackelberg Game Approach

A multi-energy pricing strategy for port integrated energy system based on Bayesian Stackelberg game

This paper proposes a method for multi-energy pricing strategy by constructing Bayesian Stackelberg model, in order to increase the social welfare and extend the optimal results to the case where private information about energy users (EUs) is unknown. Specifically, in Bayesian Stackelberg game model, the port acts as a leader and EUs are competitive followers. Furthermore, the decision processes of port and EUs are coupled together by the probability of consuming electricity and heat. In addition, a price regulation mechanism is designed, which is composed of fictitious play (FP) algorithm and gradient descent algorithm. Consequently, the balance of energy supply and demand can be obtained by loop iteration of these two algorithms. Numerical results have demonstrated that the multi-energy pricing strategy can achieve the balance between supply and demand and improve the social welfare.

Bayesian Stackelberg game approach for cyber mission impact assessment

Cyber threats increasingly target mission-critical systems in the military and private sectors. CMIA has emerged to mitigate such cyber threats and assure the resilience of critical missions. Existing approaches merely provide partial, manual analysis methods to support CMIA and lack the ability to provide optimal defense measures. In this paper, we propose a novel CMIA framework enabling a streamlined, automated CMIA procedure, based on the Bayesian Stackelburg game. Unlike conventional approaches, our framework provides the most probable cyber threat and the optimal defense, i.e., countermeasures against the cyber threat in a given mission environment, securing the resilience of mission-critical systems.

Playing Bayesian Stackelberg game model for optimizing the vulnerability level of security incident system in petrochemical plants

Constrained by the limited security resources of petrochemical plants, optimizing the vulnerability level of the security incident system plays a significant role in preventing and controlling security incidents. Previous research for security vulnerability has concentrated on the protection system, neglecting the influence of interconnections among vulnerability elements. The intelligence and struggle features of Security Incident System Vulnerability (SISV) elements are critical for optimizing the vulnerability level and characterizing the evolution of intelligence of security incident participants. By studying the game characteristics among SISV elements, this paper proposes the Bayesian Stackelberg SISV game model based on the security incident protection model established. In the game model, the strategies for protective vulnerability and aggressive vulnerability are defined as setting the security layer sub-units and the protective vulnerability levels, and setting the intrusion routes and the aggressive vulnerability levels, respectively. The model optimizes the security system vulnerability levels within the different security layer sub-units, based on the available security resources. Despite being demonstrated via an illustrative case, the defender's return on investment is significantly higher by using the SISV game model, the methodology can easily be tailored to a wide variety of petrochemical plants.

Robust Design for RIS-Assisted Anti-Jamming Communications With Imperfect Angular Information: A Game-Theoretic Perspective

This paper utilizes a reconfigurable intelligent surface (RIS) to enhance the anti-jamming performance of wireless communications, due to its powerful capability of constructing smart and reconfigurable radio environment. In order to establish the practical interactions between the base station (BS) and the jammer, a Bayesian Stackelberg game is formulated, where the BS is the leader and the jammer acts as the follower. Specifically, with the help of a RIS-assisted transmitter, the BS attempts to reliably convey information to users with maximum utilities, whereas the smart jammer tries to interfere the signal reception of users with desired energy efficiency (EE) threshold. Since the BS and the jammer are not cooperative parties, the practical assumption that neither side can obtain the other's strategies is adopted in the proposed game, and the angular information based imperfect channel state information (CSI) is also considered. After tackling the practical assumption by using Cauchy-Schwarz inequality and the imperfect angular information by using the discretization method, the closed-form solution of both sides can be obtained via the duality optimization theory, which constitutes the unique Stackelberg equilibrium (SE). Numerical results demonstrate the superiority and validity of our proposed robust schemes over the existing approaches.

EI-MTD: Moving Target Defense for Edge Intelligence against Adversarial Attacks

Edge intelligence has played an important role in constructing smart cities, but the vulnerability of edge nodes to adversarial attacks becomes an urgent problem. A so-called adversarial example can fool a deep learning model on an edge node for misclassification. Due to the transferability property of adversarial examples, an adversary can easily fool a black-box model by a local substitute model. Edge nodes in general have limited resources, which cannot afford a complicated defense mechanism like that on a cloud data center. To address the challenge, we propose a dynamic defense mechanism, namely EI-MTD. The mechanism first obtains robust member models of small size through differential knowledge distillation from a complicated teacher model on a cloud data center. Then, a dynamic scheduling policy, which builds on a Bayesian Stackelberg game, is applied to the choice of a target model for service. This dynamic defense mechanism can prohibit the adversary from selecting an optimal substitute model for black-box attacks. We also conduct extensive experiments to evaluate the proposed mechanism, and results show that EI-MTD could protect edge intelligence effectively against adversarial attacks in black-box settings.

A Multi-Domain Anti-Jamming Scheme Based on Bayesian Stackelberg Game With Imperfect Information

A Multi-Domain Anti-Jamming Scheme Based on Bayesian Stackelberg Game With Imperfect Information

Two Birds With One Stone: Simultaneous Jamming and Eavesdropping With the Bayesian-Stackelberg Game

In adversarial scenarios, it is crucial to timely monitor what tactical messages that opponent transmitters are sending to intended receiver(s), and disrupt the transmissions immediately if in need. The issue becomes more challenging in face of an intelligent transmitter. To address the above-stated issue, a full-duplex (FD) technique is utilized to enable simultaneous jamming and eavesdropping (SJE) at a friendly jammer node. In particular, the “Two Birds with One Stone” strategy is utilized at the jammer node to realize effective rate degradation and information eavesdropping. A confrontation game between an intelligence-empowered FD jammer and its opponent is investigated. Specifically, to capture their adversarial relationship in an environment with incomplete information, a power-domain Bayesian-Stackelberg game is proposed. The existence of a Stackelberg equilibrium (SE) power solution is proved. The semi-closed-form solutions of SE are derived, which are proved to be asymptotically optimal (have a gap of less than 1% with the exact utility), and improves the jammer node 10% utility compared with the Nash equilibrium. Additionally, the SJE strategy outperforms the half-duplex (HD) and other benchmark schemes.

Bayesian Stackelberg games for cyber-security decision support

A decision support system for cyber-security is here presented. The system aims to select an optimal portfolio of security controls to counteract multi-stage attacks. The system has several components: a preventive optimisation to select controls for an initial defensive portfolio, a learning mechanism to estimate possible ongoing attacks, and an online optimisation selecting an optimal portfolio to counteract ongoing attacks. The system relies on efficient solutions of bi-level optimisations, in particular, the online optimisation is shown to be a Bayesian Stackelberg game solution. The proposed solution is shown to be more efficient than both classical solutions like Harsanyi transformation and more recent efficient solvers. Moreover, the proposed solution provides significant security improvements on mitigating ongoing attacks compared to previous approaches. The novel techniques here introduced rely on recent advances in Mixed-Integer Conic Programming (MICP), strong duality and totally unimodular matrices.

Resource-Aware Detection and Defense System against Multi-Type Attacks in the Cloud: Repeated Bayesian Stackelberg Game

Cloud-based systems are subject to various attack types launched by Virtual Machines (VMs) manipulated by attackers having different goals and skills. The existing detection and defense mechanisms might be suitable for simple attack environments but become ineffective when the system faces advanced attack scenarios wherein simultaneous attacks of different types are involved. This is because these mechanisms overlook the attackers’ strategies in the detection system’s design, ignore the system’s resource constraints, and lack sufficient knowledge about the attackers’ types and abilities. To address these shortcomings, we propose a repeated Bayesian Stackelberg game consisting of the following phases: risk assessment framework that identifies the VMs’ risk levels, live-migration-based defense mechanism that protects services from being successful targets for attackers, machine-learning-based technique that collects malicious data from VMs using honeypots and employs one-class Support Vector Machine to learn the attackers’ types distributions, and resource-aware Bayesian Stackelberg game that provides the hypervisor with the detection load’s optimal distribution over VMs that maximizes the detection of multi-type attacks. Experiments conducted using Amazon’s datacenter and Amazon Web Services honeypot data reveal that our solution maximizes the detection, minimizes the number of attacked services, and runs efficiently compared to the state-of-the-art detection and defense strategies, namely Collabra , probabilistic migration, Stackelberg, maxmin, and fair allocation.

Beam-Domain Anti-Jamming Transmission for Downlink Massive MIMO Systems: A Stackelberg Game Perspective

In this paper, beam-domain (BD) anti-jamming transmission in a downlink massive multiple-input multiple-output (MIMO) system is investigated. A smart jammer with multiple antennas attempts to interfere with the signal reception of users with the desired energy efficiency (EE), whereas a base station (BS) tries to minimize the transmission cost while ensuring uninterrupted communication. A Bayesian Stackelberg game between the BS and jammer, where the jammer is the follower and the BS acts as the leader, is modeled. In the follower subgame, the optimal jamming precoding with a closed-form power solution is introduced. The optimal jamming power is proportional to the transmission power in the downlink, and thus, for the BS, the strategy of suppressing malicious attacks by increasing the transmission power fails. In the leader subgame, generalized zero-forcing (ZF), whose closed-form power solution constitutes the unique Stackelberg equilibrium (SE) with that of the jammer, is found to be the optimal anti-jamming precoding for robust transmission. The results show that there always exists a precoding solution for the BS that ensures reliable transmission when the SE is obtained. A proper increase in the minimum signal-to-interference-and-noise ratio (SINR) threshold or the BD channel approximation error helps the BS save power during the resistance against the jammer. Then, a simplified power solution without the instantaneous channel state information (CSI) of jamming channels is further introduced for practical implementation. Numerical results are provided to verify the proposed solutions.

Explainable Intelligence-Driven Defense Mechanism against Advanced Persistent Threats: A Joint Edge Game and AI Approach

Advanced persistent threats (APT) have novel features such as long-term latency, precision strikes and uncertain strategies. APT poses severe threats to the resource-limited edge devices in advanced networks. Cyber threat intelligence (CTI) conducts data analysis on attack strategies by artificial intelligence (AI) and generates threat intelligence to optimize the detection model and guide defense strategies. However, AI lacks explanations for the decisions and thus reduces the transparency and performance of the detection model. Besides, the tradeoff between the detection accuracy and the computational resource limitation of edge devices needs an optimal and rapid dynamic resource allocation method, which edge game and AI can help. In this paper, we propose an explainable intelligence-driven APT edge defense mechanism. The proposed mechanism provides guidelines and explanations for designing the defense strategy and resource allocation scheme of the edge defender to detect APT. The edge defense strategy model is based on edge Bayesian Stackelberg game and CTI. Meanwhile, we implement a DRL-based resource allocation scheme to meet rapid response requirements at the edges. We demonstrate that the proposed mechanism can improve the protection level of edges and defense capability against APT through extensive experiments.

Defending False Data Injection on State Estimation Over Fading Wireless Channels

In this paper, a cyber-physical system (CPS) is considered, whose state estimation is done by a central controller (CC) using the measurements received from a wireless powered sensor network (WPSN) over fading channels. An adversary injects false data in this system by compromising some of the idle sensor nodes (SNs) of the WPSN. Using the WPSN for transmitting supervision and control data, in the aforementioned setting, makes the CPS vulnerable to both error and false data injection (FDI). The existing techniques of launching stealthy FDI attack are not applicable to the aforementioned network due to the random nature of wireless channels, which is used for both transmitting control and false data. The objectives of the adversary and the CC to launch stealthy FDI attack and to detect the same, respectively, are found to be depending on the powers they use for transmitting data over wireless channels. The transmit powers of the CC, and the adversary that fulfill their respective objectives are derived by modeling their interaction as a Bayesian Stackelberg game. Based on their objectives, novel utility functions are defined for the CC and the adversary. Subsequently, the equilibrium of the proposed game is obtained by solving a non-convex bi-level quadratic-quadratic program. Finally, the analytical results are verified and compared with other state-of-art techniques by applying them in a realistic smart grid simulations.

Resilient Control for Wireless Cyber-Physical Systems Subject to Jamming Attacks: A Cross-Layer Dynamic Game Approach.

For wireless cyber-physical systems (CPSs) suffering jamming attacks, an optimal resilient control method is proposed through a novel cross-layer dynamic game structure in this article. To confirm to practical conditions of the cyber-layer, incomplete communication information is taken into consideration, and a Bayesian Stackelberg game approach is utilized to model interactions between a smart jammer and a cyber-user. Then, an H∞ optimal resilient controller is studied for the closed-loop system with jam-induced packet losses and external disturbance in the sense of physical layer. With assumptions that the smart jammer has abilities of decoding system inputs and states, the changes of the jamming strategy are studied, and a coupled design between cyber and physical layers is presented with an algorithm to depict the dynamic variations of the CPSs. Moreover, the convergence of the proposed algorithm is also discussed. To validate the advantages of the proposed methods, a numerical simulation is performed in the end.

Risk-Aware Edge Computation Offloading Using Bayesian Stackelberg Game

Mobile Edge Computing (MEC) is delivering a rich portfolio of computation services to enable ultra-low latency and location-awareness for emerging mobile applications. However, the vulnerability of this new paradigm to potential security and privacy issues prevents mobile users from fully embracing its advantage. While various defensive strategies have been proposed to secure the connection between the end devices and edge servers, an equally important issue, the server-side risk is still under-investigated for most edge computing systems. To handle these server-side risks, a Risk-aware Computation Offloading (RCO) policy is proposed to distribute computation tasks safely among geographically distributed edge sites under server-side attacks. RCO takes into account the strategic behaviors of the potential attackers in the edge system and finds an appropriate balance between risk management and service delay reduction. The Bayesian Stackelberg game is employed to formulate the RCO problem, which describes an appropriate relation between the edge system (as a defender) and the attacker. In particular, the Bayesian Stackelberg game captures the uncertainty of attacker’s behavior and enables RCO to work even when the edge system does not know precisely the attacker that it is playing against. To facilitate the derivation of Stackelberg equilibria, two pruning rules, Heuristic Pruning (HP) and Branch-and-Bound (BaB), are proposed. HP prunes by analyzing the user demand distribution and attacker types, and BaB prunes by obtaining the tight upper/lower bound of edge system utility with the assist of disjunctive programming and Bender’s cut.

Bayesian Stackelberg game model for water supply networks against interdictions with mixed strategies

We address a problem of preventing an interdiction on water supply networks by building a Bayesian Stackelberg game model involving stakeholders of a defender and an interdictor. The defender initiates to allocate resource to network components to make a trade-off between network resilience measured by water satisfaction rate and the defender's cost, whereas the interdictor follows to interdict a component with the objectives of maximising the destruction level on the network structure and minimising the interdictor's cost. Specifically, the defender adopts mixed defence strategies, which implies that the interdictor is uncertain of the defender's resource allocation. Moreover, we propose sufficient conditions for the elimination of the dominated defence and interdiction strategies. A decomposed iterative learning algorithm (DILA) and a smallest-depth binary-partition based hierarchical algorithm (SBHA) are developed to reduce the sizes of the defence and interdiction strategy sets, respectively, thus analysing the optimal mixed defence strategies. Finally, a real case study with private information is conducted, thus providing valuable suggestions for the defender's resource allocation against interdictions.

Impacts of Manufacturer Overconfidence on Supply Chain Performance with Demand Forecasting

In this paper, we construct a dyadic supply chain consisting of a single manufacturer with overconfidence and a rational retailer under the MTO strategy. The manufacturer and the retailer play a Bayesian Stackelberg game in our model. We consider that the manufacturer may underestimate the variability in his forecast precision (PR bias). We derive the optimal decisions for two supply chain scenarios: one dominated by manufacturers (MS) and one dominated by retailers (RS). Our results suggest that both the manufacturer and the retailer can achieve profit growth under PR bias, but the forecasts made by each side must meet certain conditions. Further, the impacts of each type of overconfidence on SC performance are similar under the MS and RS models, and the manufacturer is always more likely to benefit from his confidence under the RS model than under the MS model. In addition, the influences of the overconfidence on retailers’ profits require additional judgment with effort costs.

Applying the Bayesian Stackelberg Active Deception Game for Securing Infrastructure Networks

With new security threats cropping up every day, finding a real-time and smart protection strategy for critical infrastructure has become a big challenge. Game theory is suitable for solving this problem, for it provides a theoretical framework for analyzing the intelligent decisions from both attackers and defenders. However, existing methods are only based on complete information and only consider a single type of attacker, which is not always available in realistic situations. Furthermore, although infrastructure interconnection has been greatly improved, there is a lack of methods considering network characteristics. To overcome these limitations, we focus on the problem of infrastructure network protection under asymmetry information. We present a novel method to measure the performance of infrastructure from the network perspective. Moreover, we propose a false network construction method to simulate how the defender applies asymmetric information to defend against the attacker actively. Meanwhile, we consider multiple types of attackers and introduce the Bayesian Stackelberg game to build the model. Experiments in real infrastructure networks reveal that our approach can improve infrastructure protection performance. Our method gives a brand new way to approach the problem of infrastructure security defense.