Games and Abstraction: The Science of Cyber Security
Lead Research Organisation:
Queen Mary University of London
Department Name: Sch of Electronic Eng & Computer Science
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
Publications
Fielder A
(2014)
ICT Systems Security and Privacy Protection
Fielder A
(2016)
Decision support approaches for cyber security investment
in Decision Support Systems
Khouzani M
(2015)
Picking vs. Guessing Secrets: A Game-Theoretic Analysis
Khouzani M
(2019)
Generalized Entropies and Metric-Invariant Optimal Countermeasures for Information Leakage Under Symmetric Constraints
in IEEE Transactions on Information Theory
Panaousis E
(2014)
Decision and Game Theory for Security
Description | we have introduced new mathematical techniques for decision support for investments in cybersecurity. We have developed an an extensive numerical modelling of cybersecurity data which is used by our methodology. We have developed refined computational optimizations so that onerous calculations like pareto fronts can be efficiently performed |
Exploitation Route | we have developed an online tool which implements the methodology developed in our research. This may be helpful to people in charge of cybersecurity for small companies, both in helping them determining an effective investment strategy and also as a cybersecurity self-assessment tool. |
Sectors | Digital/Communication/Information Technologies (including Software) |
Description | We have developed new game-theoretic models of cyber attacks and defence for Enterprise IT systems. We use these models to provide security engineers and systems administrators with advice on how to optimally deploy their limited resources in defending their systems against commodity-style attacks. We have developed an approach to compare several methods of allocating a cyber security budget. We considered a game-theoretic representation of the entire problem, a purely optimisation based approach that does not consider the adversary's strategy and a hybrid method combining the two. We have been able to identify the trade-offs that exist between the optimality of the solutions, computational complexity of generating the solutions and how easily the solutions can be interpreted for practitioners. Additionally, we have developed a more accurate mapping from the available resources to our model. This allows us to better represent the controls and vulnerabilities in our calculations. The outcome of this improved mapping is that it gives us greater confidence in not only the model, but in the reliability of the results to better reflect the real world environment. The case study considers an SME like entity and currently considers 37 different attacks and 27 different controls. The case study has been developed based on a new platform capable of numerically evaluating a wide range of kinds of cyber attacks. The system is designed to assume no technical knowledge of cyber security on the part of the user, but rather for them to supply information about their organisation consisting of their requirements and preferences. This allows us to create a profile of the organisation, which is used to better inform the internal algorithms. The system takes a UI approach based on a simple combination of menus and sliders that provide the input from users, where the advice is given in both a simple text form as well as in a graphical medium. The internal algorithms use lightweight optimisation algorithms to solve the game theory-based representation within the tool. For further information please see the impact description provided for EP/K005790/1 |
First Year Of Impact | 2019 |
Sector | Digital/Communication/Information Technologies (including Software) |
Impact Types | Societal,Economic |