Game Theory for Security
Needless to say, security tools and techniques, such as access control, intrusion detection, and data loss prevention, are extremely important. However, we also need a high-level understanding of security strategies and methodologies such as proactive defense and defensive deception.
Game theory provides a quantitative benchmark to characterize the interaction among intelligent agents and predict their equilibrium actions. Equipped with a game-theoretic viewpoint, we know that security is a much broader concept than attack deterrence.
On one hand, cyber attacks are not doomed to happen. We can prevent attacks proactively by designing adversaries' utility, information, and epistemology. On the other hand, we should be aware that the final goal of cyber defense is to maximize defense utility. Thus, a defender should accept the co-exist with attackers at the equilibrium, either voluntarily or not, if its utility outweighs the one under the absence of threats.
Landscape of Security games in Literature