Sage Journals: Discover world-class research

Abstract

The transmission process of information among computers of network is considered as the procedure of interactive behaviors. In this article, we present a mean field game model for the binary interactive behaviors between the malicious attackers and the defenders. We first discuss the evolution of the states of the malicious attackers and the defenders using the susceptiable-infective-Removal epidemic model in which we take into account the stochastic process of the propagation of the infected computers and the attack intensity. Then, we formulate the mean field game consistency stability problem generated by a Hamilton–Jacobi–Bellman equation of the individual player and the fixed-point problem. Finally, we derive the optimal individual strategy with an appropriate assumption that the response time of the defense system is faster than the infection rate.

Keywords

Cyber security mean field games approximation transformation stable equilibrium optimal strategy

Introduction

Rapid development of the computer technology has influenced all aspects of people’s daily life. Individuals usually store and utilize their daily data using online and offline technologies. This sort of stored information becomes the main target of hackers. It has been discussed online that there are many different kinds of cyber-attacks such as malware, denial-of-service (DoS) attacks, hacking the data, email bombing, and targeted attack.¹ Therefore, it is required to develop efficient defense strategies to prevent these attacks arising every now and then.

Various approaches have been considered to prevent the cyber-attacks, including the firewall, anti-virus program, and intrusion detection system (IDS).^2–6 For instance, Khouzani et al.⁴ proposed an optimal control model to discuss the damage maximization problem inflicted by the malware attack, which minimized the overall cost of the security patches. Huang et al.⁵ transformed the targeted attacks into random attacks to study the robustness of the interdependent networks. Then, Zargar et al.⁶ classified the current distributed denial-of-service (DDoS) flooding attacks and introduced a comprehensive DDoS defense mechanism.

Game theory has been introduced for the defense strategy in cyber security problems.^2,7 This method presents a useful mathematical tool for analyzing decision problems for multiple players. The outcome of each player depends on both his decisions and others’ decisions. In cyber security problems, an effective security model depends on the defense strategies and the actions of the attackers. Bedi et al.⁸ modeled the probability actions between the attackers and the defenders as a static game for defending against the DDoS attack. In the study of Dingankar and Brooks,⁹ DDoS attacks were modeled as a non-cooperative game in which the defenders tried to form an optimum network topology to prevent the attack, while the attackers tried to deploy the zombies in the network.

Integration of the interactive behaviors among the attackers, defenders and users with game theoretic approach is proposed in Ryutov et al.¹⁰ The advantage is that for the first time, users are considered as the independent players, where their incentives and behaviors affect the game process. An optimal defense strategy based on the stochastic game theoretic scheme is reported in Jiang et al.¹¹ Farhang et al.¹² modeled a Bayesian game to analyze the interactions between a server and its end user, that is, either a legitimate user or an attacker, where the optimal strategy of the defender only depends on the attackers.

Despite the efforts of the current researches and the contribution they have made for the security problems, most of the existing researches modeled a security game scheme with only two players. In such a scenario, all attackers are considered as one attacker, as is the whole of defenders. This assumption is not suitable for the real cyber environment with the security problems represented by multiple attackers and multiple defenders. Therefore, we form a mean field game model to discuss the individual optimal strategy in this article, while taking into account the dynamic evolution of each individual player.

Mean field games have been created by Lasry and Lions¹³ and Huang et al.¹⁴ as a method to model the games with large players. The systems are coupled through Hamilton–Jacobi–Bellman (HJB) and Kolmogorov equations, in which the HJB equation describes the behavior of the individual strategy, while the Kolmogorov equation discusses the evolution of the individual optimal strategy. Mean field game is also applied by economics,¹⁵ engineering in different areas,¹⁶ communication networks,^17,18 and other fields.^19,20 A mean field game model for cyber security is proposed in Wang et al.²¹ and Kolokoltsov and Malafeyev.²² The work of Wang et al.²¹ considered an attacker and multiple defenders in mobile ad hoc networks. The legitimate nodes of such a model may select actions intelligently to decrease their energy consumption and security loss. Kolokoltsov and Malafeyev²² proposed a basic mean field game consistency problem to discuss the botnet defense problem, while they did not consider the individual strategy.

Inspired by Kolokoltsov and Malafeyev²² and Gomes et al.,^23,24 we introduce a simple mean field game model for the cyber security problems. Different from the current works, the proposed model is a solvable mean field game model for infinite computers. The contributions of this article are as follows: we first study the binary interactive behaviors of the states of the attackers and defenders using the susceptible–infectious–removed (SIR) epidemic model, in which we take into account the stochastic process of the propagation of the infected users and attack intensity. Then, existence of the solutions of this model will be investigated. Next, we formulate the mean field game consistency stability problem generated by a HJB equation of the individual player and the fixed-point problem. Finally, the existence and stability of the solutions of the mean field game model and the optimal individual strategy will be considered. The proposed model evaluates non-uniqueness of the solutions that is investigated in the mean field game theory. Moreover, the proposed model may help understand the link between the dynamic and stationary mean field games models.

The article is organized as follows. We present the dynamic evolution of the states of the nodes with SIR epidemic model and elaboration of the mean field game consistency stability problem in section “System model.” Then, section “Analysis of the solutions of HJB equation” analyzes existence of the optimal individual defense strategy of the HJB equation. Next, section “Stability of the solutions” provides the stability of the solutions of the optimal individual defense strategy. Finally, section “Conclusion” concludes the article.

System model

We presume that any computer in the network may operate in three states, that is, infective (I), susceptible (S), and recovery (R). The infective node shows the infected computer by the malicious attacks and a susceptible node is prone to be, but not infected. The node R represents the recovery which is immune to any malicious attacks, and we assume that the nodes have the defensive systems. In this framework, we presume both computers and their interactive behaviors among them satisfy the stochastic distribution and depend on the attack intensity $α$ , and the changes in the states between I (S) and R depend on the decisions of computers.

We consider $n_{I} (t)$ , $n_{S} (t)$ , and $n_{R} (t)$ as the numbers of the nodes of different states, at time t, where the total numbers of the nodes in the network are represented by N, and $n (t) = [n_{I} (t), n_{S} (t), n_{R} (t)]$ is a non-negative integer. Then, $N = n_{I} (t) + n_{S} (t) + n_{R} (t)$ . We define $x (t) = n (t) / N$ as the standardized state of $n (t)$ , where $x (t) = [x_{I} (t), x_{S} (t), x_{R} (t)]$ and $x_{I} (t) + x_{S} (t) + x_{R} (t) = 1$ . Considering all participants have the same strategy $w = (w_{I}, w_{S})$ and the values are defined as 0 and 1, where each node likes to switch $I$ to $S$ .

We assume $α ρ_{S}$ represents the infection rate of the susceptible nodes under the direct attacks in which $ρ_{S}$ is a constant. Besides, infective nodes will infect the susceptible nodes by transmitting the malware, while susceptible nodes will transmit the defensive systems to infective nodes to cure them. Hence, we consider $κ_{I} / N$ and $κ_{S} / N$ as the interaction probabilities between the infected and susceptible nodes, where $κ_{I}$ and $κ_{S}$ denote the number of the interactions of the nodes. The recovery probabilities of the infected and susceptible nodes are denoted by $β_{IR}$ and $β_{SR}$ , respectively, and $β$ exhibits the probability of the immune nodes transformed to the susceptible nodes. The specific transitions between different states are discussed in Figure 1.

Figure 1.

The transitions between different states.

The set of differential equations of the system, showing the evolution of the state of the infinite players, reads

{\begin{matrix} {\overset{\cdot}{x}}_{I} (t) = x_{S} (t) ε α ρ_{S} + x_{I} (t) x_{S} (t) κ_{I} + ε (x_{S} (t) w_{S} (t) - x_{I} (t) w_{I} (t)) - x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) \\ {\overset{\cdot}{x}}_{S} (t) = - x_{S} (t) ε α ρ_{S} - x_{I} (t) x_{S} (t) κ_{I} - ε (x_{S} (t) w_{S} (t) - x_{I} (t) w_{I} (t)) - x_{S} (t) β_{SR} + x_{R} (t) β \\ {\overset{\cdot}{x}}_{R} (t) = x_{S} (t) β_{SR} + x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) - x_{R} (t) β \end{matrix}

(1)

where $α$ is the attack intensity and $ε$ represents the reaction rates of the defense systems, so that for $limit ε \to \infty$ , the system may react immediately. $w_{I}$ and $w_{S}$ are the active strategy and the passive strategy of the nodes, respectively, where their values are defined as 0 and 1. $x_{S} (t) ε α ρ_{S}$ denotes the evolution of the susceptible nodes under the directed attacks, $x_{I} (t) x_{S} (t) κ_{I}$ means that the susceptible nodes are infected by the infected nodes with the number $κ_{I}$ , while $x_{I} (t) x_{S} (t) κ_{S}$ shows the infected nodes are recovered by the susceptible nodes with the number $κ_{S}$ , $x_{S} (t) w_{S} (t) - x_{I} (t) w_{I} (t)$ indicates that the dynamic evolution of the nodes under the reaction rate of the defense systems, and $x_{I} (t) β_{IR}$ denotes that the infected nodes are immune to the malicious attacks.

It can be shown that for the states of the susceptible nodes transformed into the infected or immune nodes, it reads $n_{S} - 1$ , $n_{I} + 1$ , or $n_{R} + 1$ .²⁵ Equation (1) discussed the evolution of the states with infinite nodes, and the finite state space of the nodes $i \in N$ can be written as ${n (t) = [n_{I} (t), n_{S} (t), n_{R} (t)] | n_{I} (t) + n_{S} (t) + n_{R} (t) = N, n_{i} > 0, i = I, S or R}$ , so we get the evolution of the finite state space of the nodes

\begin{matrix} F_{N} f (n (t)) \\ = n_{S} (t) α ε ρ_{S} [f (n_{I} (t) + 1, n_{S} (t) - 1, n_{R} (t)) - f (n (t))] \\ + n_{S} (t) β_{SR} [f (n_{I} (t), n_{S} (t) - 1, n_{R} (t) + 1) - f (n (t))] \\ + ε n_{S} (t) w_{S} (t) [f (n_{I} (t) + 1, n_{S} (t) - 1, n_{R} (t)) - f (n (t))] \\ + ε n_{I} (t) w_{I} (t) [f (n_{I} (t) - 1, n_{S} (t) + 1, n_{R} (t)) - f (n (t))] \\ + κ_{I} n_{I} (t) n_{S} (t) [f (n_{I} (t) + 1, n_{S} (t) - 1, n_{R} (t)) - f (n (t))] / N \\ + κ_{S} n_{I} (t) n_{S} (t) [f (n_{I} (t) - 1, n_{S} (t) 1, n_{R} (t) + 1) - f (n (t))] / N \\ + n_{I} (t) β_{IR} [f (n_{I} (t) - 1, n_{S} (t), n_{R} (t) + 1) - f (n (t))] \\ + n_{R} (t) β [f (n_{I} (t), n_{S} (t) + 1, n_{R} (t) - 1) - f (n (t))] \end{matrix}

(2)

where $f = (f_{n_{I}}, f_{n_{S}}, f_{n_{R}})$ . For the standardized state $x (t)$ , there exists a set of normal basis ${e_{i} \in R^{3} | i = 1, 2, 3}$ , so that equation (2) may be expressed as a vector function as

\begin{matrix} L_{N} f (x (t)) \\ = x_{S} (t) α ε ρ_{S} N [f (x (t) + e_{I} (t) / N - e_{S} (t) / N) - f (x (t))] \\ + x_{S} (t) β_{S R} N [f (x (t) - e_{S} (t) / N + e_{R} (t) / N) - f (x (t))] \\ + x_{I} (t) x_{S} (t) κ_{I} N [f (x (t) - e_{S} (t) / N + e_{I} (t) / N) - f (x (t))] \\ + x_{R} (t) [f (x (t) + e_{S} (t) / N - e_{R} (t) / N) - f (x (t))] \\ + ε x_{S} (t) w_{S} (t) N [f (x (t) - e_{S} (t) / N + e_{I} (t) / N) - f (x (t))] \\ + ε x_{I} (t) w_{I} (t) N [f (x (t) - e_{I} (t) / N + e_{R} (t) / N) - f (x (t))] \\ + x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) N [f (x (t) - e_{I} (t) / N + e_{R} (t) / N) - f (x (t))] \end{matrix}

(3)

Next, we will introduce the convergence conditions of the differential equation (3) in the $limit N \to \infty$ .

Proposition 2.1

If $f \in C^{1}$ , then $lim_{N \to \infty} L_{N} f (x) = Lf (x)$ , where

\begin{matrix} Lf (x) \\ = x_{S} (t) α ε ρ_{S} (\partial f (x) / \partial x_{I} - \partial f (x) / \partial x_{S}) \\ + x_{S} (t) β_{SR} (\partial f (x) / \partial x_{R} - \partial f (x) / \partial x_{S}) \\ + x_{I} (t) x_{S} (t) κ_{I} (\partial f (x) / \partial x_{I} - \partial f (x) / \partial x_{S}) \\ + x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) (\partial f (x) / \partial x_{R} - \partial f (x) / \partial x_{I}) \\ + ε x_{S} (t) w_{S} (t) (\partial f (x) / \partial x_{I} - \partial f (x) / \partial x_{S}) \\ + ε x_{I} (t) w_{I} (t) (\partial f (x) / \partial x_{S} - \partial f (x) / \partial x_{I}) \end{matrix}

(4)

represents a first-order partial differential equation.

The proof is discussed in Appendix 1.

Under the finite state framework, we have proved equation (3) converges to equation (4). The solutions of equation (1) discuss the limit of equation (3), and for a general environment, the differential equation (3) weakly converges to the solution of equation (1) if $N \to \infty$ .²⁵

Moreover, we can analyze the evolution of each individual behavior of participants using the Markov model. We define $w_{ind} = (w_{ind, I}, w_{ind, S}) \in {0, 1}$ as the individual strategy; then, the dynamic evolution of the individual participant with three states can be discussed as

{\begin{matrix} L_{ind} h_{I} = ε w_{ind, I} (h_{S} - h_{I}) + (β_{IR} + κ_{S} x_{S}) (h_{R} - h_{I}) \\ L_{ind} h_{S} = ε w_{ind, S} (h_{I} - h_{S}) + (x_{I} κ_{I} + α ρ_{S}) (h_{I} - h_{S}) + β_{SR} (h_{R} - h_{S}) \\ L_{ind} h_{R} = β (h_{S} - h_{R}) \end{matrix}

(5)

where $h_{S}$ , $h_{I}$ , and $h_{R}$ denote the individual average cost of the nodes.

We presume that the profit function of the attacker, $g (x)$ , depends on the states’ distribution of the nodes and the payment per unit time of the network attacker, $α φ$ . Attackers will maximize their profits during the game time, and therefore, the profit function at time $t \in [0, T]$ is

G (T) = \int_{0}^{T} (g (x (t)) - α φ) dt

(6)

We define $l_{S}$ as the payoff per unit time of the susceptible nodes, $l_{I}$ as the payoff per unit time of the infected nodes, and $l_{R}$ as the payment per unit time of the immune nodes. $a_{I}$ denotes the loss per unit time of the infected nodes. The nodes will minimize their cost functions, and hence, the total payoff functions can be expressed as

ϕ_{i} (T) = \int_{0}^{T} l_{i} 1_{i} dt + a_{I} φ_{[0, T]}

(7)

where $i = I, S, R$ , $1_{S}$ , $1_{I}$ , $1_{R}$ denote the indicator functions of the states, and $φ_{[0, T]}$ is the number of times of the nodes from $I$ to $R$ during the period.

We will get the solutions of the dynamic equation (1) and the payment function (5) if we achieve the optimal attack intensity $α$ and the optimal trajectory $x (t)$ . In contrast, for determined $α$ and $x (t)$ , the players will derive the optimal individual strategy $w_{ind}$ by solving equations (5) and (7). Hence, we form a mean field game consistency equation to analyze the optimal individual strategy of the nodes at game time $[0, T]$ , that is

w_{ind} = w

(8)

where $w_{ind} = (w_{ind, I}, w_{ind, S}, w_{ind, R}) \in {0, 1}$ and $w = (w_{I}, w_{S}, w_{R}) \in {0, 1}$ .

In general, this mean field game problem is discussed by studying the average payment $h = lim_{T \to \infty} \frac{1}{T} \int_{0}^{T} ϕ (t) dt$ , in which the form of the solutions to the HJB equation satisfies $u (T - t) + h$ . Hence, HJB equation (5) can be written as follows

{\begin{matrix} max_{w} ε w_{I} (h_{S} - h_{I}) + (β_{IR} + κ_{S} x_{S}) (h_{R} - h_{I}) - (β_{IR} + κ_{S} x_{S}) a_{I} + l_{I} = u \\ max_{w} (ε w_{S} + α ρ_{S} + x_{I} κ_{I}) (h_{I} - h_{S}) + β_{SR} (h_{R} - h_{S}) + l_{S} = u \\ β (h_{S} - h_{R}) + l_{R} = u \end{matrix}

(9)

where u is the optimal average payment function.

If we derive the stable solutions $(x (t), w (t))$ from equations (1) and (9), the optimal individual strategy will be formed in equation (9), in which $w (t) = (w_{I} (t), w_{S} (t))$ are the maximization values of equation (9) and $x (t) = (x_{I} (t), x_{S} (t), x_{R} (t))$ are the stable solutions of equation (1). The individual optimal strategy depends on the stable solutions $x (t)$ which satisfy the following equation

{\begin{matrix} x_{S} (t) α ρ_{S} + x_{I} (t) x_{S} (t) κ_{I} + ε (x_{S} (t) w_{S} (t) - x_{I} (t) w_{I} (t)) - x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) = 0 \\ - x_{S} (t) ε α ρ_{S} - x_{I} (t) x_{S} (t) κ_{I} - ε (x_{S} (t) w_{S} (t) - x_{I} (t) w_{I} (t)) - x_{S} (t) β_{SR} + x_{R} (t) β = 0 \\ x_{S} (t) β_{SR} + x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) - x_{R} (t) β = 0 \end{matrix}

(10)

Analysis of the solutions of HJB equation

In this section, we elaborate the solutions of the mean field consistency problem (8) with $h_{S} \leq h_{I}$ and $h_{I} \leq h_{S}$ , respectively. If $h_{S} \leq h_{I}$ , the infected node will choose its active defense behavior to reduce its payoff and the susceptible node may not change its state. If $h_{I} \leq h_{S}$ , the passive defense behavior will be optimal. We discuss the existence of the individual optimal solutions of HJB equation in equation (9) with few assumptions, that is, $ε > 0, α > 0, ρ_{S} > 0$ , $κ_{I} > 0, κ_{S} > 0, β, β_{IR}$ , and $β_{SR} > 0$ .

If $h_{S} \leq h_{I}$ , we consider $w_{S} = 0$ and $w_{I} = 1$ . Then, the optimal individual strategy is the active defense behavior. Equation (9) can be written as

{\begin{matrix} ε (h_{S} - h_{I}) + (β_{IR} + κ_{S} x_{S}) (h_{R} - h_{I}) - (β_{IR} + κ_{S} x_{S}) a_{I} + l_{I} = u \\ (α ρ_{S} + x_{I} κ_{I}) (h_{I} - h_{S}) + β_{SR} (h_{R} - h_{S}) + l_{S} = u \\ β (h_{S} - h_{R}) + l_{R} = u \end{matrix}

(11)

To simplify, we consider $h_{R} = 0$ because the solution, $h$ , of equation (7) may be expressed as the addictive constant. We achieve $u = β h_{S}$ . Then, equation (11) reduces to

{\begin{matrix} ε (h_{S} - h_{I}) - h_{I} (β_{IR} + κ_{S} x_{S}) - (β_{IR} + κ_{S} x_{S}) a_{I} + l_{I} - β h_{S} = 0 \\ (α ρ_{S} + x_{I} κ_{I}) (h_{I} - h_{S}) - β_{SR} h_{S} + l_{S} - β h_{S} = 0 \end{matrix}

(12)

yielding

h_{I} = \frac{(ε - β) l_{S} - [a_{I} (β_{IR} + x_{S} κ_{S}) - l_{I}] (x_{I} κ_{I} + α ρ_{S} + β_{SR} + β)}{(ε + β_{IR} + x_{S} κ_{S}) (β + β_{SR} + α ρ_{S} + x_{I} κ_{I}) - (ε - β) (ε + α ρ_{S})}

(13)

h_{S} = \frac{l_{S} (ε + β_{IR} + x_{S} κ_{S}) - [a_{I} (β_{IR} + x_{S} κ_{S}) - l_{S}] (x_{I} κ_{I} + α ρ_{S})}{(ε + β_{IR} + x_{S} κ_{S}) (β + β_{SR} + α ρ_{S} + x_{I} κ_{I}) - (ε - β) (ε + α ρ_{S})}

(14)

For $h_{S} \leq h_{I}$ , combining equations (14) and (15), we achieve

x_{S} \leq \frac{1}{κ_{S}} (\frac{(β + β_{SR}) (l_{I} - a_{I} β_{IR}) - l_{S} (β + β_{IR})}{l_{S} + a_{I} (β + β_{SR})})

(15)

Let $\bar{x} = ((β + β_{SR}) (l_{I} - a_{I} β_{IR}) - l_{S} (β + β_{IR})) / κ_{S} (l_{S} + a_{I} (β + β_{SR}))$ and this assumption is only valid for $\bar{x} > 1$ because of $x_{S} \in (0, 1)$ .

Next, we elaborate the existence of the optimal solutions from equation (10).

If $h_{S} \leq h_{I}$ , equation (10) yields

{\begin{matrix} x_{S} (t) ε α ρ_{S} + x_{I} (t) x_{S} (t) κ_{I} - ε x_{I} (t) - x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) = 0 \\ - x_{S} (t) ε α ρ_{S} - x_{I} (t) x_{S} (t) κ_{I} + ε x_{I} (t) - x_{S} (t) β_{SR} + x_{R} (t) β = 0 \end{matrix}

(16)

where $x_{R} = 1 - x_{I} - x_{S}$ . The first equation of equation (16) gives

x_{I} (t) = \frac{x_{S} (t) ε (α ρ_{S} + 1)}{β_{IR} + x_{S} (t) (κ_{S} - κ_{I})}

(17)

and then, inserting equation (17) into the second equation of equation (16) results in a quadratic equation in terms of $x_{S} (t)$ as

\begin{matrix} R_{1} (x_{S}) = x_{S}^{2} [(κ_{S} - κ_{I}) (ε α ρ_{S} + β_{S R} + β) + κ_{I} (ε α ρ_{S} + ε)] \\ + x_{S} [β_{I R} (ε α ρ_{S} + β_{S R} + β) - (ε α ρ_{S} + ε) (ε - β) - β (κ_{S} - κ_{I})] - β β_{I R} \end{matrix}

(18)

Since $x_{S} (t) \in (0, 1)$ yields $R_{1} (0) < 0$ and $R_{1} (0) > 0$ on intervals $[0, 1]$ , therefore there exists ${x_{S}}^{*} \in (0, 1)$ so that $R_{1} (x_{S}^{*}) = 0$ holds. Thus, $x_{S}^{*}$ is the optimal solution that satisfies equation (15) if and only if $\bar{x} > 1$ . Hence, we derive the following proposition.

Proposition 3.1

If $h_{S} \leq h_{I}$ and $\bar{x} > 1$ , there exists a unique solution $x^{*} = (x_{I}^{*}, x_{S}^{*}, x_{R}^{*})$ for the mean field game consistency problem in equations (9) and (10), where $x_{I}^{*} (t) = (x_{S}^{*} (t) (ε α ρ_{S} + ε)) / (β_{IR} + x_{S}^{*} (t) (κ_{S} - κ_{I}))$ and ${x_{S}}^{*} \in (0, 1)$ are the unique solutions of equation $R_{1} (x_{S}) = 0$ . In this framework, we get the optimal individual strategy of the active defense behavior.

For $h_{I} \leq h_{S}$ , we consider $w_{I} = 0$ and $w_{S} = 1$ , so that the optimal individual strategy is the passive defense behavior. Then, equation (9) simplifies to

{\begin{matrix} (β_{IR} + κ_{S} x_{S}) (h_{R} - h_{I}) - (β_{IR} + κ_{S} x_{S}) a_{I} + l_{I} = u \\ (ε + α ρ_{S} + x_{I} κ_{I}) (h_{I} - h_{S}) + β_{SR} (h_{R} - h_{S}) + l_{S} = u \\ β (h_{S} - h_{R}) + l_{R} = u \end{matrix}

(19)

For $h_{R} = 0$ , we achieve $u = β h_{S}$ . Then, equation (19) reduces to

{\begin{matrix} (β_{IR} + κ_{S} x_{S}) h_{I} - (β_{IR} + κ_{S} x_{S}) a_{I} + l_{I} - β h_{S} = 0 \\ (ε + α ρ_{S} + x_{I} κ_{I}) h_{I} - (ε + α ρ_{S} + x_{I} κ_{I}) h_{S} - β_{SR} h_{S} + l_{S} = 0 \end{matrix}

(20)

yielding

\lim_{x \to \infty} h_{I} = \frac{- β l_{S} - [a_{I} (β_{I R} + x_{S} κ_{S}) - l_{I}] (ε + x_{I} κ_{I} + α ρ_{S} + β_{S R} + β)}{β (ε + x_{I} κ_{I} + α ρ_{S}) + (β_{I R} + x_{S} κ_{S}) (ε + x_{I} κ_{I} + α ρ_{S} + β_{S R})}

(21)

\begin{matrix} h_{S} = \\ \frac{l_{S} (β_{IR} + x_{S} κ_{S}) - (ε + x_{I} κ_{I} + α ρ_{S}) [a_{I} (β_{IR} + x_{S} κ_{S}) - l_{I}]}{β (ε + x_{I} κ_{I} + α ρ_{S}) + (β_{IR} + x_{S} κ_{S}) (ε + x_{I} κ_{I} + α ρ_{S} + β_{SR})} \end{matrix}

(22)

Similarly, for $h_{I} \leq h_{S}$ , combining equations (21) and (22), we have

x_{S} \geq \frac{1}{κ_{S}} (\frac{(β + β_{SR}) (l_{I} - a_{I} β_{IR}) - l_{S} (β + β_{IR})}{l_{S} + a_{I} (β + β_{SR})}) = \bar{x}

(23)

If $h_{I} \leq h_{S}$ , equation (10) simplifies to

{\begin{matrix} x_{S} (t) ε α ρ_{S} + x_{I} (t) x_{S} (t) κ_{I} + ε x_{S} (t) - x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) = 0 \\ - x_{S} (t) ε α ρ_{S} - x_{I} (t) x_{S} (t) κ_{I} - ε x_{S} (t) - x_{S} (t) β_{SR} + x_{R} (t) β = 0 \\ x_{S} (t) β_{SR} + x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) - x_{R} (t) β = 0 \end{matrix}

(24)

It may be shown that $x_{R} = 1 - x_{I} - x_{S}$ , and then, the sum of the first two equations in equation (24) yields the third equation. Therefore, equation (24) reduces to

{\begin{matrix} x_{S} (t) ε α ρ_{S} + x_{I} (t) x_{S} (t) κ_{I} + ε x_{S} (t) - x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) = 0 \\ - x_{S} (t) ε α ρ_{S} - x_{I} (t) x_{S} (t) κ_{I} - ε x_{S} (t) - x_{S} (t) β_{SR} + (1 - x_{I} (t) - x_{S} (t)) β = 0 \end{matrix}

(25)

The first equation in equation (17) gives

x_{I} (t) = \frac{x_{S} (t) (ε α ρ_{S} + ε)}{β_{IR} + x_{S} (t) (κ_{S} - κ_{I})}

(26)

and then inserting equation (26) into the second equation of equation (25) leads to the quadratic equation in terms of $x_{S} (t)$ as

\begin{matrix} R_{2} (x_{S}) = x_{S}^{2} [(κ_{S} - κ_{I}) (ε α ρ_{S} + ε + β_{S R} + β) + κ_{I} (ε α ρ_{S} + ε)] \\ + x_{S} [β_{I R} (ε α ρ_{S} + ε + β_{S R} + β) + β (ε α ρ_{S} + ε - κ_{S} + κ_{I})] - β β_{I R} \end{matrix}

(27)

Since $x_{S} (t) \in (0, 1)$ yields $R_{2} (0) < 0$ and $R_{2} (1) > 0$ on intervals $[0, 1]$ , therefore there exists ${x_{S}}^{*} \in (0, 1)$ so that $R_{2} (x_{S}^{*}) = 0$ holds. We derive the following proposition.

Proposition 3.2

If $h_{I} \leq h_{S}$ , there exists several solutions for the mean field game consistency stability problem in equations (9) and (10), that is, if $\bar{x} < 1$ , then $x_{S} = 1$ , $x_{R} = 0$ , and $x_{I} = 0$ are always the solution. Moreover, if $0 < \bar{x} < 1$ and $R_{2} (\bar{x}) \geq 0$ , then there exists ${x_{S}}^{*} \in (0, \bar{x}]$ so that $R_{2} (x_{S}^{*}) = 0$ and $x_{I}^{*} (t)$ generated by equation (26). In this framework, we obtain the optimal individual strategy of the passive defense behavior.

Stability of the solutions

In this section, we analyze the stability of the solutions. The solutions are stable if and only if all eigenvalues of the characteristic equations generated by them present negative real parts. Therefore, we perform a linear approximation for the system of equation (1) with the optimal solutions $x^{*}$ and ${x_{S} = 1, x_{I} = 0, x_{R} = 0}$ , respectively.

For $h_{S} \leq h_{I}$ and $x_{R} = 1 - x_{I} - x_{S}$ , equation (1) can be written as

{\begin{matrix} {\overset{\cdot}{x}}_{I} (t) = x_{S} (t) ε α ρ_{S} + x_{I} (t) x_{S} (t) κ_{I} - ε x_{I} (t) - x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) \\ {\overset{\cdot}{x}}_{S} (t) = - x_{S} (t) ε α ρ_{S} - x_{I} (t) x_{S} (t) κ_{I} + ε x_{I} (t) - x_{S} (t) β_{SR} + (1 - x_{I} (t) - x_{S} (t)) β \end{matrix}

(28)

In order to analyze the stability of the fixed solution $x_{S}^{*}$ , we consider $y = x_{I} - x_{I}^{*}$ and $z = x_{S} - x_{S}^{*}$ , and the system of equations in equation (28) reads

{\begin{matrix} \overset{\cdot}{y} = y (x_{S}^{*} (κ_{I} - κ_{S}) - β_{IR} - ε) + z (ε α ρ_{S} + x_{I}^{*} (κ_{I} - κ_{S})) + (κ_{I} - κ_{S}) yz \\ \overset{\cdot}{z} = y (- x_{S}^{*} κ_{I} + ε - β) + z (- x_{I}^{*} κ_{I} - (ε α ρ_{S} + β + β_{SR})) - κ_{I} yz \end{matrix}

(29)

The problem of the eigenvalues presents negative real parts which are equivalent to the negative trace of the characteristic equation and the positive determinant of the characteristic equation. Therefore, we need to discuss the following inequality holds

{\begin{matrix} x_{S}^{*} (κ_{I} - κ_{S}) - β_{IR} - ε - x_{I}^{*} κ_{I} - ε α ρ_{S} - β - β_{SR} < 0 \\ [x_{S}^{*} (κ_{I} - κ_{S}) - (β_{IR} + ε)] [- x_{I}^{*} κ_{I} - (ε α ρ_{S} + β + β_{SR})] - [ε α ρ_{S} + x_{I}^{*} (κ_{I} - κ_{S})] (- x_{S}^{*} κ_{I} + ε - β) > 0 \end{matrix}

(30)

Inserting equation (27) into equation (31) yields

{\begin{matrix} - (x_{S}^{*})^{2} (κ_{I} - κ_{S})^{2} + x_{S}^{*} [(κ_{I} - κ_{S}) (2 β_{IR} + ε α ρ_{S} + β + β_{SR} + ε) - κ_{I} (v)] - β_{IR} (ε α ρ_{S} + β + β_{SR} + β_{IR} + ε) < 0 \\ (x_{S}^{*})^{2} (κ_{I} - κ_{S}) [(ε α ρ_{S} + β + β_{SR}) (κ_{I} - κ_{S}) - κ_{I} ε α ρ_{S}] - ε α ρ_{S} (ε - β) β_{IR} \\ + x_{S}^{*} [(κ_{I} - κ_{S}) ε (ε α ρ_{S} + β + β_{SR}) + κ_{I} ((ε α ρ_{S} + ε) (β_{IR} + ε) + ε α ρ_{S} β_{IR})] + β_{IR} (β_{IR} + ε) (ε α ρ_{S} + β + β_{SR}) > 0 \end{matrix}

(31)

For $κ_{I} - κ_{S} \leq 0$ , we see that equation (26) always holds for any positive $x_{S} \in (0, 1)$ , and the eigenvalues of the characteristic equations present negative real parts. Hence, the solution ${x_{S}}^{*}$ is stable.

For $h_{I} \leq h_{S}$ and $x_{R} = 1 - x_{I} - x_{S}$ , equation (1) can be written as

{\begin{matrix} {\overset{\cdot}{x}}_{I} (t) = x_{S} (t) ε α ρ_{S} + x_{I} (t) x_{S} (t) κ_{I} + ε x_{S} (t) - x_{I} (t) (β_{IR} + κ_{S} x_{S} (t)) \\ {\overset{\cdot}{x}}_{S} (t) = - x_{S} (t) ε α ρ_{S} - x_{I} (t) x_{S} (t) κ_{I} - ε x_{S} (t) - x_{S} (t) β_{SR} + (1 - x_{I} (t) - x_{S} (t)) β \end{matrix}

(32)

We first analyze the stability of the solutions $x_{I} = 1$ and $x_{S} = 0$ ; considering $x_{I}$ and $z = 1 - x_{S}$ , the system of equations in equation (32) reduces to

{\begin{matrix} {\overset{\cdot}{x}}_{I} = x_{I} (κ_{I} - κ_{S} - β_{IR}) - z (ε α ρ_{S} + ε) + x_{I} z (κ_{S} - κ_{I}) \\ \overset{\cdot}{z} = x_{I} (κ_{I} + β) - z (ε α ρ_{S} + ε + β + β_{SR}) - x_{I} z κ_{I} \end{matrix}

(33)

The trace and the determinant of the characteristic equation read

{\begin{matrix} (κ_{I} - κ_{S} - β_{IR}) - (ε α ρ_{S} + ε + β + β_{SR}) < 0 \\ (κ_{I} - κ_{S} - β_{IR}) (ε α ρ_{S} + ε + β + β_{SR}) - (ε α ρ_{S} + ε) (κ_{I} + β) < 0 \end{matrix}

(34)

Hence, the solutions $x_{I} = 0$ and $x_{S} = 1$ are stable because inequality (34) is always established.

Next, we analyze the stability of the solution $x_{S}^{*}$ ; considering $y = x_{I} - x_{I}^{*}$ and $z = x_{S} - x_{S}^{*}$ , the system of equations in equation (33) reduces to

{\begin{matrix} \overset{\cdot}{y} = y [x_{S}^{*} (κ_{I} - κ_{S}) - β_{IR}] + z [ε α ρ_{S} + ε + x_{I}^{*} (κ_{I} - κ_{S})] + yz (κ_{I} - κ_{S}) \\ \overset{\cdot}{z} = y (- x_{S}^{*} κ_{I} - β) + z [- x_{I}^{*} κ_{I} - (ε α ρ_{S} + ε + β + β_{IR})] - yz κ_{I} \end{matrix}

(35)

Similarly, the trace and the determinant of the characteristic equation read

{\begin{matrix} x_{S}^{*} (κ_{I} - κ_{S}) - β_{IR} - x_{I}^{*} κ_{I} - (ε α ρ_{S} + ε + β + β_{IR}) < 0 \\ [x_{S}^{*} (κ_{I} - κ_{S}) - β_{IR}] [- x_{I}^{*} κ_{I} - (ε α ρ_{S} + ε + β + β_{IR})] + (x_{S}^{*} κ_{I} + β) [ε α ρ_{S} + ε + x_{I}^{*} (κ_{I} - κ_{S})] > 0 \end{matrix}

(36)

Inserting equation (26) into equation (36) yields

{\begin{matrix} - (x_{S}^{*})^{2} (κ_{I} - κ_{S})^{2} + x_{S}^{*} [(κ_{I} - κ_{S}) (3 β_{IR} + ε α ρ_{S} + ε + β) + κ_{I} (ε α ρ_{S} + ε)] - β_{IR} (ε α ρ_{S} + ε + β + 2 β_{IR}) < 0 \\ (x_{S}^{*})^{2} (κ_{I} - κ_{S}) [(ε α ρ_{S} + ε + β + β_{IR}) (κ_{I} - κ_{S}) - (ε α ρ_{S} + ε)] \\ + x_{S}^{*} [β_{IR} (ε α ρ_{S} + ε) - 2 β_{IR} (ε α ρ_{S} + ε + β + β_{IR}) (κ_{I} - κ_{S}) + κ_{I} β_{IR} (ε α ρ_{S} + ε)] + β β_{IR} (ε α ρ_{S} + ε) > 0 \end{matrix}

(37)

For $κ_{I} - κ_{S} \leq 0$ , it is seen that equation (26) always holds for any positive $x_{S} \in (0, 1)$ , where the eigenvalues of the characteristic equations have negative real parts. Hence, the solution $x^{*} = (x_{I}^{*}, x_{S}^{*}, x_{R}^{*})$ is stable if $κ_{I} \leq κ_{S}$ .

Conclusion

In this article, a simple security mean field game model for the binary interactive behaviors between the malicious attackers and the defenders was investigated in cyber security. We formed the optimal individual defense strategy. The evolution of the states of the malicious attackers and the defenders was modeled using the SIR epidemic model, and the mean field game consistency stability problem was generated by an HJB equation of the individual player and the stable point problem. In our model, we took into account both stochastic process of the propagation of the infected players and attack intensity. Existence and stability of solutions of the mean field game model were elaborated in two scenarios, that is, $h_{S} \leq h_{I}$ and $h_{I} \leq h_{S}$ , assuming that players are distributed with the three states, and we derived the optimal individual strategy of the active defense behavior and the passive defense behavior, respectively.

Footnotes

Appendix 1 Acknowledgements

The authors gratefully acknowledge the anonymous reviewers who read drafts and made many helpful suggestions.

Handling Editor: Kim-Kwang R Choo

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by the National Natural Science Foundation of China under grant no. 1603116.

References

Chowdhury

. Recent cyber security attacks and their mitigation approaches—an overview. In: International conference on applications and techniques in information security, Cairns, QLD, Australia, 26–28 October 2016, pp.54–65. New York: Springer.

Liang

Xiao

. Game theory for network security. IEEE Commun Surv Tut 2013; 15(1): 472–486.

Zhang

Han

Lai

et al . Survey on cyberspace security. Sci China Inform Sci 2015; 58(11): 1–43.

Khouzani

MHR

Sarkar

Altman

. Maximum damage malware attack in mobile wireless networks. IEEE ACM T Network 2012; 20(5): 1347–1360.

Huang

Gao

Buldyrev

et al . Robustness of interdependent networks under targeted attack. Physical Review E 2011; 83(6): 065101.

Zargar

Joshi

Tipper

. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun Surv Tut 2013; 15(4): 2046–2069.

Alpcan

Başar

. Network security: a decision and game-theoretic approach. Cambridge: Cambridge University Press, 2010.

Bedi

Shiva

Roy

. A game inspired defense mechanism against distributed denial of service attacks. Secur Commun Netw 2014; 7(12): 2389–2404.

Dingankar

Brooks

. Denial of service games. In: Third annual cyber security and information infrastructure research workshop, Oak Ridge, TN, 15–17 May 2007, pp.7–17.

10.

Ryutov

Orosz

Blythe

et al . A game theoretic framework for modeling adversarial cyber security game among attackers, defenders, and users. In: International workshop on security and trust management, Vienna, 21 September 2015, pp.274–282. New York: Springer.

11.

Jiang

Tian

Zhang

et al . A stochastic game theoretic approach to attack prediction and optimal active defense strategy decision. In: 2008 IEEE international conference on networking, sensing and control, Sanya, China, 6–8 April 2008, pp.648–653. New York: IEEE.

12.

Farhang

Manshaei

Esfahani

et al . A dynamic Bayesian security game framework for strategic defense mechanism design. In: International conference on decision and game theory for security, Los Angeles, CA, 6–7 November 2014, pp.319–328. New York: Springer.

13.

Jeanmichel Lasry

Lions

. Jeux à champ moyen. I - Le cas stationnaire[J]. Comptes rendus - Mathématique 2006; 343(9): 619–625.

14.

Huang

Malhame

Caines

. Large population stochastic dynamic games: closed-loop McKean-Vlasov systems and the Nash certainty equivalence principle. Commun Inf Syst 2006; 6: 221–251.

15.

Guéant

. Mean field games and applications to economics. PhD Thesis, Université Paris-Dauphine, Paris, 2009.

16.

Djehiche

Tcheukam

Tembine

. Mean-field-type games in engineering. arXiv:1605.03281, September 2016.

17.

Mériaux

Varma

Lasaulce

. Mean field energy games in wireless networks. 2012 conference record of the forty sixth asilomar conference on signals, systems and computers, Pacific Grove, CA, 4–7 November 2012, pp.671–675. New York: IEEE.

18.

Tembine

Vilanova

Debbah

. Noisy mean field stochastic games with network applications. Report, Ecole superieure d’electricite, Paris, December 2010.

19.

Bauso

Tembine

Başar

. Opinion dynamics in social networks through mean-field games. SIAM J Control Optim 2016; 54(6): 3225–3257.

20.

Guéant

Lasry

Lions

. Mean field games and applications. In: Cousin

Crépey

Guéant

et al . (eds) Paris-Princeton lectures on mathematical finance 2010. Berlin, Heidelberg: Springer-Verlag, 2011, pp.205–266.

21.

Wang

Tang

et al . A mean field game theoretic approach for security enhancements in mobile ad hoc networks. IEEE T Wirel Commun 2014; 13(3): 1616–1627.

22.

Kolokoltsov

Malafeyev

. Corruption and botnet defense: a mean field game approach. arXiv:1607.07350, July 2016.

23.

Gomes

Mohr

Souza

. Discrete time, finite state space mean field games. J Math Pure Appl 2010; 93(3): 308–328.

24.

Gomes

Mohr

Souza

. Continuous time finite state mean field games. Appl Math Opt 2013; 68(1): 99–143.

25.

Kolokoltsov

. Nonlinear Markov games on a finite state space (mean-field and binary interactions). Int J Stat Probab 2012; 1(1): 77–91.

Cyber security based on mean field game model of the defender: Attacker strategies

Abstract

Keywords

Introduction

System model

Proposition 2.1

Analysis of the solutions of HJB equation

Proposition 3.1

Proposition 3.2

Stability of the solutions

Conclusion

Footnotes

Appendix 1

Acknowledgements

Declaration of conflicting interests

Funding

References