Changing the game: Winning paper models cyberwarfare game theory


Tiffany Bao

Arizona State University Assistant Professor Tiffany Bao.

|

Arizona State University Assistant Professor Tiffany Bao won best paper for her collaborative research on cyberwarfare at the NSA’s sixth annual Best Scientific Cybersecurity Paper Competition.

Bao, a new faculty member in the School of Computing, Informatics, and Decision Systems Engineering, one of the six schools in ASU’s Ira A. Fulton Schools of Engineering, partnered with Fulton Schools Assistant Professors Yan Shoshitaishvili and Ruoyu Wang, and collaborations from Carnegie Mellon University and the University of California, Santa Barbara on the research.

The research paper, “How Shall We Play a Game? A Game-theoretical Model for Cyberwarfare Games,” explored ways of finding, exploiting and patching vulnerabilities to prepare for a strategic cyberbattle. Game theory allows researchers to model situations where decision-makers interact in a competitive activity. In the context of cyberwarfare, the decision-makers try to protect themselves or attack an organization’s information systems for strategic or military purposes.

Currently, players or decision-makers develop strategies manually, which slows down developments in the field. ASU researchers have created a new, more comprehensive cyberwarfare model that considers a greater number of decision-makers, actions and choices. Every action, including attacks and defensive maneuvers, reveals information to adversaries about vulnerabilities and choices. The new strategies aid both humans and computers in making decisions about previously unknown vulnerabilities in their own systems.

“Our model is capable of finding better solutions than previous work within seconds, making computer-time strategic reasoning a reality,” the researchers wrote in the recognized paper. “We also provide new insights, compared to previous models, on the impact of optimal strategies.”

Using this approach and strong scientific methods, the authors developed an improved cyberwarfare strategy and tested it on a previous Cyber Reasoning System entered into the DARPA Cyber Grand Challenge. In that competition, teams designed computer systems to identify flaws and protect their host systems.

“Our paper highlights the importance of making the right move in cybersecurity,” Bao said. “It reminds people that a software security technique has its practical merit only to the extent it can be used to achieve a security goal, such as protecting national computing resources.”

For the original paper, which was presented at the 30th IEEE Computer Security Foundations Symposium in 2017, Bao and five other researchers from across the country applied game theory toward advancing the human decision-making process.

Their winning paper was selected from 28 nominations of published papers in 2017.

“This is exactly the type of high-impact cybersecurity research we are conducting at ASU,” said Adam Doupé, associate director for the Center for Cybersecurity and Digital Forensics. “It shows the strength of our new faculty.”

More Science and technology

 

A group of people wearing matching black jackets pose for a photo in front of ASU's Old Main building.

Indigenous geneticists build unprecedented research community at ASU

When Krystal Tsosie (Diné) was an undergraduate at Arizona State University, there were no Indigenous faculty she could look to…

Collage of photos of covers of books by Professor Robert Boyd.

Pioneering professor of cultural evolution pens essays for leading academic journals

When Robert Boyd wrote his 1985 book “Culture and the Evolutionary Process,” cultural evolution was not considered a true…

Man crouched in the dirt in a desert landscape.

Lucy's lasting legacy: Donald Johanson reflects on the discovery of a lifetime

Fifty years ago, in the dusty hills of Hadar, Ethiopia, a young paleoanthropologist, Donald Johanson, discovered what would…