Incorporating attack-type uncertainty into network protection

Andrey Garnaev, Melike Baykal-Gursoy, H. Vincent Poor

Research output: Contribution to journalArticlepeer-review

49 Scopus citations


Network security against possible attacks involves making decisions under uncertainty. Not only may one be ignorant of the place, the power, or the time of potential attacks, one may also be largely ignorant of the attacker's purpose. To illustrate this phenomenon, this paper proposes a simple Bayesian game-theoretic model of allocating defensive (scanning) effort among nodes of a network in which a network's defender does not know the adversary's motivation for intruding on the network, e.g., to bring the maximal damage to the network (for example, to steal credit card numbers or information on bank accounts stored there) or to infiltrate the network for other purposes (for example, to corrupt nodes for a further distributed denial of service botnet attack on servers). Due to limited defensive capabilities, the defender faces the dilemma of either: 1) focusing on increasing defense of the most valuable nodes, and in turn, increasing the chance for the adversary to sneak into the network through less valuable nodes or 2) taking care of defense of all the nodes, and in turn, reducing the level of defense of the most valuable ones. An explicit solution to this dilemma is suggested based on the information available to the defender, and it is shown how this information allows the authorities to increase the efficiency of a network's defense. Some interesting properties of the rivals' strategies are presented. Notably, the adversary's strategy has a node-sharing structure and the adversary's payoffs have a discontinuous dependence on the probability of the attack's type. This discontinuity implies that the defender has to take into account the human factor since some threshold values of this inclination in the adversary's behavior could make the defender's policy very sensitive to small perturbations, while in other situations it produces minimal impact.

Original languageEnglish (US)
Article number6827188
Pages (from-to)1278-1287
Number of pages10
JournalIEEE Transactions on Information Forensics and Security
Issue number8
StatePublished - Aug 2014

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


  • Bayesian equilibrium
  • computer networks
  • infrastructure networks.
  • network protection
  • scan
  • search


Dive into the research topics of 'Incorporating attack-type uncertainty into network protection'. Together they form a unique fingerprint.

Cite this