Skip to main content

Changing the game: Winning paper models cyberwarfare game theory

ASU professors' work honored in NSA's sixth annual competition

Tiffany Bao

Arizona State University Assistant Professor Tiffany Bao.

January 02, 2019

Arizona State University Assistant Professor Tiffany Bao won best paper for her collaborative research on cyberwarfare at the NSA’s sixth annual Best Scientific Cybersecurity Paper Competition.

Bao, a new faculty member in the School of Computing, Informatics, and Decision Systems Engineering, one of the six schools in ASU’s Ira A. Fulton Schools of Engineering, partnered with Fulton Schools Assistant Professors Yan Shoshitaishvili and Ruoyu Wang, and collaborations from Carnegie Mellon University and the University of California, Santa Barbara on the research.

The research paper, “How Shall We Play a Game? A Game-theoretical Model for Cyberwarfare Games,” explored ways of finding, exploiting and patching vulnerabilities to prepare for a strategic cyberbattle. Game theory allows researchers to model situations where decision-makers interact in a competitive activity. In the context of cyberwarfare, the decision-makers try to protect themselves or attack an organization’s information systems for strategic or military purposes.

Currently, players or decision-makers develop strategies manually, which slows down developments in the field. ASU researchers have created a new, more comprehensive cyberwarfare model that considers a greater number of decision-makers, actions and choices. Every action, including attacks and defensive maneuvers, reveals information to adversaries about vulnerabilities and choices. The new strategies aid both humans and computers in making decisions about previously unknown vulnerabilities in their own systems.

“Our model is capable of finding better solutions than previous work within seconds, making computer-time strategic reasoning a reality,” the researchers wrote in the recognized paper. “We also provide new insights, compared to previous models, on the impact of optimal strategies.”

Using this approach and strong scientific methods, the authors developed an improved cyberwarfare strategy and tested it on a previous Cyber Reasoning System entered into the DARPA Cyber Grand Challenge. In that competition, teams designed computer systems to identify flaws and protect their host systems.

“Our paper highlights the importance of making the right move in cybersecurity,” Bao said. “It reminds people that a software security technique has its practical merit only to the extent it can be used to achieve a security goal, such as protecting national computing resources.”

For the original paper, which was presented at the 30th IEEE Computer Security Foundations Symposium in 2017, Bao and five other researchers from across the country applied game theory toward advancing the human decision-making process.

Their winning paper was selected from 28 nominations of published papers in 2017.

“This is exactly the type of high-impact cybersecurity research we are conducting at ASU,” said Adam Doupé, associate director for the Center for Cybersecurity and Digital Forensics. “It shows the strength of our new faculty.”

More Science and technology


Two teenagers hug and smile at each other.

ASU study: Support from romantic partners protects against negative relationship stress in teens

Adolescents regularly deal with high levels of stress, which can increase the risk of substance use and experiencing mental…

May 22, 2024
A large bluish-white planet in space.

ASU scientists help resolve 'missing methane' problem of giant exoplanet

In the quest to understand the enigmatic nature of a warm gas-giant exoplanet, Arizona State University researchers have played a…

May 20, 2024
Digital rendering of cells.

Study finds widespread ‘cell cannibalism,’ related phenomena across tree of life

In a new review paper, Carlo Maley and Arizona State University colleagues describe cell-in-cell phenomena in which one cell…

May 20, 2024