Game Theory Meets Network Security

A tutorial at 2018 ACM SIGSAC Conference on Computer & Communications Security

Oct. 15–19, 2018, Toronto, ON, Canada.


  • Quanyan Zhu, New York University, USA, Email:
  • Stefan Rass, Universität Klagenfurt, Austria, Email:


The increasingly pervasive connectivity of today’s information systems brings up new challenges to security. Traditional security has accomplished a long way toward protecting well-defined goals such as confidentiality, integrity, availability, and authenticity. However, with the growing sophistication of the attacks and the complexity of the system, the protection using traditional methods could be cost-prohibitive. A new perspective and a new theoretical foundation are needed to understand security from a strategic and decision-making perspective. Game theory provides a natural framework to capture the adversarial and defensive interactions between an attacker and a defender. It provides a quantitative assessment of security, prediction of security outcomes, and a mechanism design tool that can enable security-by-design and reverse the attacker’s advantage. 

This tutorial provides an overview of diverse methodologies from game theory that includes games of incomplete information, dynamic games, mechanism design theory to offer a modern theoretic underpinning of a science of cybersecurity. The tutorial will also discuss open problems and research challenges that the CCS community can address and contribute with an objective to build a multidisciplinary bridge between cybersecurity, economics, game and decision theory.

An extended abstract can be found here

Tutorial Outline:

  • Communication Security
  • IT Risk Management
  • Defense in Depth
  • Security Auditing and Inspections
  • Advanced Persistent Threats
  • Cyber Deception
  • Moving Target Defense

Tutorial Slides:

The slides are available here.

Related References:

  • M.H. Manshaei, Q., Zhu, T. Alpcan, T. Başar,  and J.-P. Hubaux, J.-P. Game theory meets network security and privacy. ACM Computing Surveys (CSUR) 45, 3 (2013), 25.
  • K. Horák, Q. Zhu, and B. Bošansky,  Manipulating adversary’s belief: A dynamic game approach to deception by design for proactive network security. In International Conference on Decision and Game Theory for Security (2017), Springer, pp. 273–294.
  • L. Huang, J., Chen, and Q. Zhu,  A large-scale markov game approach to dynamic protection of interdependent infrastructure networks. In International Conference on Decision and Game Theory for Security (2017), Springer, pp. 357–376.
  • L. Huang and Q. Zhu, Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks. In ACM SIGMETRICS Performance Evaluation Review (2018).
  • F. Miao, Q. Zhu, M. Pajic and G. J. Pappas,  A hybrid stochastic game for secure control of cyber-physical systems. Automatica 93 (2018), 55–63. 
  • J. Pawlick, S. Farhang and Q. Zhu, Flip the cloud: Cyber-physical signaling games in the presence of advanced persistent threats. In Decision and Game Theory for Security. Springer, 2015, pp. 289–308. 
  • J. Pawlick and Q. Zhu, Proactive defense against physical denial of service attacks using poisson signaling games. In International Conference on Decision and Game Theory for Security (2017), Springer, pp. 336–356.
  • J. Pawlick and Q. Zhu, Strategic trust in cloud-enabled cyber-physical systems with an application to glucose control. IEEE Transactions on Information Forensics and Security 12, 12 (2017), 2906–2919.
  • S. Jajodia, A. Ghosh, V. Swarup, C. Wang, X. Wang, (Eds.): Moving Target Defense – Creating Asymmetric Uncertainty for Cyber Threats, Springer, 2011.
  • S. Rass, P. Schartner: A Unified Framework for the Analysis of Availability, Reliability and Security, With Applications to QuantumNetworks, IEEE Trans. on Systems, Man, and Cybernetics, Part C, vol. 41, Issue 1, Jan. 2011, DOI: 10.1109/TSMCC.2010.2050686
  • Alpcan, T. & Başar, T. Network Security: A Decision and Game Theoretic Approach, Cambridge University Press,   2010.
  • J. Garay, J. Katz, U. Maurer, B. Tackmann, V. Zikas: Rational Protocol Design: Cryptography   against Incentive-  Driven Adversaries 2013 IEEE 54th Annual Symposium on Foundations of Computer Science, IEEE, 2013 , 648-  657 R. Avenhaus, B. von Stengel, S. Zamir, R. Aumann, S. Hart (Eds.)
  • S. Rass, A. Alshawish, M. Abid, S. Schauer, Q. Zhu, H. de Meer: Physical Intrusion Games – Optimizing Surveillance by   Simulation and Game Theory IEEE Access, 2017, 1
  • M. van Dijk, A. Juels, A. Oprea, R. Rivest: FlipIt: The Game of of Stealthy Takeover, J. Cryptol., 2013, 26, pp.655-713
  • S. Rass, On Game-Theoretic Network Security Provisioning, in Journal of Networks and Systems Management, Springer, vol. 21, issue 1, 2013, pp. 47–67, DOI: 10.1007/s10922-012-9229-1
  • S. Schauer: A Risk Management Approach for Highly Interconnected Networks
    Game Theory for Security and Risk Management, Birkhäuser, 2018, pp. 285-311
  • S. Rass, S. König, S. Schauer (2017): Defending Against Advanced Persistent Threats Using Game-Theory. In: PLoS ONE 12 (1), e0168675. DOI: 10.1371/journal.pone.0168675.