A Game Theoretic Approach for Making IoT Device Connectivity Decisions During Malware Outbreak

Abstract

The paradigm of Internet of Things (IoT) aims to connect all the devices into a network. However, most IoT devices don’t have appropriate security protection, which allows cyber criminals to infect them through the network with malware and exploit them to launch attacks such as DDoS attacks or information stealing. Many proposed countermeasures, such as authentication enhancement and software update, are not practical d be to the constraints of IoT devices, malware’s fast spreading speed, and manufacturer laziness. One viable approach is to temporarily disconnect IoT devices to protect them from exploitation and to prevent infected ones from infecting more devices. However, in an IoT network, some devices may have significant responsibilities, for example serving as gateway to the Internet or in charge of critical monitoring or control tasks, and it may be beneficial to defer their disconnection. In this paper, we aim to apply game theory to formulate the problem of making decisions on the connectivity of IoT devices during malware outbreak as a repeated game, which allows individual IoT devices to make connectivity decision over time. We consider possible strategies that IoT devices can apply when calculating their payoff function, use numeric simulations to evaluate our game theoretic models, and derive several insights that can serve as guidelines for IoT network managers to configure the best connection/disconnection strategy for their IoT devices.