PNNL

Abstract

Dynamic and uncertain security environments, such as cyber systems, often involve strategic interactions among multiple decision-making agents. In this paper, we consider a cybersecurity setting where a system administrator (defender) has to screen malicious service requests of an attacker who seeks to exhaust available cyber resources and inconvenience users with normal requests. We propose a novel cyber-threat inspection model, based on Stackelberg games, that unies aspects of Threat Security Games with the Erlang-B queuing framework to provide equilibrium strategies for both the attacker and defender. In our proposed model, the defender seeks to determine the optimal number of inspection nodes required to maximize detection probability of malicious requests, while the attacker maximizes the probability of legitimate requests dropping out of the system. We derive analytical expressions of the equilibrium solutions of the proposed Stackelberg game under realistic assumptions on system observability and payoff structure of the players. A numerical case study is presented, and steps for further research are identified.