Game theoretic approach applied in cybersecurity information exchange framework

Abstract

In CYBersecurity information EXchange (CYBEX) framework, Cyber Threat Intelligence (CTI) is shared among multiple organizations with a view of creating situational awareness. But there is a possibility that malicious organizations coexist with regular ones in this framework, which can get hold of the threat data shared by other organizations and can use it for carrying out malicious activities. We formulate the aforementioned problem as an incomplete information game assuming that whenever CYBEX receives any information, it processes the information for anomaly detection. We find the mixed strategy Nash equilibrium probabilities and corresponding Bayesian belief updates. We simulate the game to find the best response strategies with which regular and malicious organizations can play to increase their payoffs. Based on the best response strategies of organizations, we analyze that achieving more anomaly detection rate while keeping the processing rate minimum is the best action strategy with which CYBEX can play to increase the gain of both CYBEX and regular organizations over malicious organizations. We also find the approximate average minimum processing rate and anomaly detection rate with which CYBEX can play in order to maintain the payoff of itself and regular organizations higher than the malicious ones.