Computer system security depends on the accurate prediction of attacker strategy and behaviour of other network users, and the effective implementation of defence mechanisms. Therefore the theory of ‘mean field games’, which involves the quantitative analysis of decision-making processes in strategic environments consisting of multiple ‘players’, provides the ideal platform for studying computer systems. With a better understanding of the strategic behaviour of attackers, it’s possible to design new approaches to cyber-security implementations.
Explaining the science
The theory of mean field games (MFGs) was developed independently by mathematicians Jean Michel Lasry and Pierre-Louis Lions and engineers Minyi Huang, Roland P. Malhame, and Peter Caines in 2006.
It deals with the study of strategic decision-making in very large populations of small, randomly interacting agents or ‘players’. It is inspired by mean field theory in physics which looks at the behaviour of systems of large numbers of particles, such as in gases, where individual particles have negligible impact upon the system as a whole, but affect each other.
In MFGs this equates to the decisions each small agent makes depending on the statistical properties of the states and strategies of other players in the ‘game’ they interact with, but having a very small impact on the game’s overall outcome. The mean field games approach is therefore ideal for the analysis of computer system security because it can effectively model the widespread contamination effect that attacks, such as malware, can have in a large network of computers.
One such example is representing defenders and attackers in botnet defence models. Botnets are collections of malware-infected internet-connected devices, often used in attacks known as a distributed denial of service (DDoS), which knock websites offline by flooding them with traffic.
The main goal of the project is to develop and implement algorithms for computing the mean field games ‘equilibrium distribution’ that governs the behaviour of interacting individuals (i.e. computers in the network) for the botnet defence model.
This will then allow for a deeper understanding of the strategic behaviour of defenders and attackers in a computer network.
As the methodology proposed in this project for developing MFG algorithms is scalable, it is expected that the general approach from the work can be adapted to other problems in cyber security.
This could allow for a ‘Bayesian framework’, in which the structure of a game is iteratively updated with new information learned from data in the game.