Abstract
The well-worn George Box aphorism “all models are wrong, but some are useful” is particularly salient in the cybersecurity domain, where the assumptions built into a model can have substantial financial or even national security impacts. Computer scientists are often asked to optimize for worst-case outcomes, and since security is largely focused on risk mitigation, preparing for the worst-case scenario appears rational. In this work, we demonstrate that preparing for the worst case rather than the most probable case may yield suboptimal outcomes for learning agents. Through the lens of stochastic Bayesian games, we first explore different attacker knowledge modeling assumptions that impact the usefulness of models to cybersecurity practitioners. By considering different models of attacker knowledge about the state of the game and a defender’s hidden information, we find that there is a cost to the defender for optimizing against the worst case.
Funded by the Auerbach Berger Chair in Cybersecurity held by Spiros Mancoridis, at Drexel University.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Also known as the Stackelberg game.
- 2.
- 3.
References
Agarwal, R., Schwarzer, M., Castro, P.S., Courville, A.C., Bellemare, M.: Deep reinforcement learning at the edge of the statistical precipice. Adv. Neural. Inf. Process. Syst. 34, 29304–29320 (2021)
Aggarwal, P., et al.: Designing effective masking strategies for cyberdefense through human experimentation and cognitive models. Comput. Secur. 117, 102671 (2022)
Albrecht, S.V., Ramamoorthy, S.: A game-theoretic model and best-response learning method for ad hoc coordination in multiagent systems. In: Proceedings of the 2013 International Conference on Autonomous Agents and Multi-agent Systems, pp. 1155–1156 (2013)
Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Hoboken (2020)
Andrew, A., Spillard, S., Collyer, J., Dhir, N.: Developing optimal causal cyber-defence agents via cyber security simulation. In: Workshop on Machine Learning for Cybersecurity (ML4Cyber) (2022)
Brooks, C.: Cybersecurity trends & statistics for 2023; what you need to know (2023). https://www.forbes.com/sites/chuckbrooks/2023/03/05/cybersecurity-trends--statistics-for-2023-more-treachery-and-risk-ahead-as-attack-surface-and-hacker-capabilities-grow/
Campbell, R.G.: Autonomous Network Defense Using Multi-Agent Reinforcement Learning and Self-Play. Ph.D. thesis, San Jose State University (2022)
Chatterjee, S., Tipireddy, R., Oster, M., Halappanavar, M.: Propagating mixed uncertainties in cyber attacker payoffs : exploration of two-phase monte carlo sampling and probability bounds analysis. In: IEEE International Symposium on Technologies for Homeland Security. IEEE (2016)
Clark, C.E.: The pert model for the distribution of an activity time. Oper. Res. 10(3), 405–406 (1962)
Standen, M., et al.: Cyber operations research gym (2022). https://github.com/cage-challenge/CybORG
Ellsberg, D.: Risk, Ambiguity and Decision. Routledge, Abingdon (2015)
Ethayarajh, K., Xu, W., Muennighoff, N., Jurafsky, D., Kiela, D.: Kto: model alignment as prospect theoretic optimization. arXiv preprint arXiv:2402.01306 (2024)
Foley, M., Hicks, C., Highnam, K., Mavroudis, V.: Autonomous network defence using reinforcement learning. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 1252–1254 (2022)
Galinkin, E., Pountourakis, E., Carter, J., Mancoridis, S.: Simulation of attacker defender interaction in a noisy security game. In: AAAI-23 Workshop on Artificial Intelligence for Cyber Security (2023)
Galinkin, E., Singh, A., Vamshi, A., Hwong, J., Estep, C., Canzanese, R.: The future of cyber attacks and defense is in the cloud. In: Proceedings - IEEE MALCON (2019). https://www.researchgate.net/publication/336592029
Illés, T., Terlaky, T.: Pivot versus interior point methods: pros and cons. Eur. J. Oper. Res. 140(2), 170–190 (2002)
Khouzani, M.H., Sarkar, S., Altman, E.: Saddle-point strategies in malware attack. IEEE J. Sel. Areas Commun. 30(1), 31–43 (2012). https://doi.org/10.1109/JSAC.2012.120104
Kohgadai, A.: Alert fatigue: 31.9% of it security professionals ignore alerts (2017). https://virtualizationreview.com/articles/2017/02/17/the-problem-of-security-alert-fatigue.aspx
Kumar, S., et al.: An emerging threat fileless malware: a survey and research challenges. Cybersecurity 3(1), 1–12 (2020)
Liang, X., Xiao, Y.: Game theory for network security. IEEE Commun. Surv. Tutor. 15(1), 472–486 (2013). https://doi.org/10.1109/SURV.2012.062612.00056
Lowe, R., Wu, Y.I., Tamar, A., Harb, J., Pieter Abbeel, O., Mordatch, I.: Multi-agent actor-critic for mixed cooperative-competitive environments. Adv. Neural Inf. Process. Syst. 30 (2017)
Moalla, S., Miele, A., Pascanu, R., Gulcehre, C.: No representation, no trust: connecting representation, collapse, and trust issues in ppo. arXiv preprint arXiv:2405.00662 (2024)
Nguyen, T.H., Yadav, A.: The risk of attacker behavioral learning: can attacker fool defender under uncertainty? In: Fang, F., Xu, H., Hayel, Y. (eds.) GameSec 2022, pp. 3–22. Springer, Heidelberg (2022)
Pawlick, J., Zhu, Q.: Game Theory for Cyber Deception. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-66065-9
Ridley, A.: Machine learning for autonomous cyber defense. The Next Wave: The National Security Agency’s Review of Emerging Technologies (2018)
Schulman, J., Wolski, F., Dhariwal, P., Radford, A., Klimov, O.: Proximal policy optimization algorithms. arXiv preprint arXiv:1707.06347 (2017)
Security, O.: 2022 cloud security alert fatigue report (2022). https://orca.security/lp/sp/2022-cloud-security-alert-fatigue-report-thank-you/
Shostack, A.: Threat Modeling. Wiley, Hoboken (2014)
Simard, F., Desharnais, J., Laviolette, F.: General cops and robbers games with randomness. Theor. Comput. Sci. 887, 30–50 (2021)
Sokri, A.: Game theory and cyber defense. In: Games in Management Science: Essays in Honor of Georges Zaccour, pp. 335–352 (2020)
Thakoor, O., Jabbari, S., Aggarwal, P., Gonzalez, C., Tambe, M., Vayanos, P.: Exploiting bounded rationality in risk-based cyber camouflage games. In: GameSec 2020. LNCS, vol. 12513, pp. 103–124. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64793-3_6
Tomášek, P., Bošanský, B., Nguyen, T.H.: Using one-sided partially observable stochastic games for solving zero-sum security games with sequential attacks. In: GameSec 2020. LNCS, vol. 12513, pp. 385–404. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64793-3_21
TTCP: cage-challenge (2021). https://github.com/cage-challenge
Tversky, A., Kahneman, D.: Advances in prospect theory: cumulative representation of uncertainty. J. Risk Uncertain. 5(4), 297–323 (1992)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Galinkin, E., Pountourakis, E., Mancoridis, S. (2025). The Price of Pessimism for Automated Defense. In: Sinha, A., Fu, J., Zhu, Q., Zhang, T. (eds) Decision and Game Theory for Security. GameSec 2024. Lecture Notes in Computer Science, vol 14908. Springer, Cham. https://doi.org/10.1007/978-3-031-74835-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-74835-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-74834-9
Online ISBN: 978-3-031-74835-6
eBook Packages: Computer ScienceComputer Science (R0)