Cyberdefense When Attackers Mimic Legitimate Users: A Bayesian Approach

Cyber defenders cannot clearly identify attackers from other legitimate users on a computer network. The network administration can protect the network using an active or a passive defense. Attackers can mount attacks like denial of service attacks or try to gain entry into secure systems. We model cyber defense as a signaling game. We find Bayesian Nash equilibria for both the attacker and the defender and characterize how these equilibria respond to changes in underlying parameters. We explore the question, is there an optimal deterrence policy that utilizes passive and/or active defenses given that both attacks and defenses impose costs on legitimate users? Comparative static results show how exogenous changes in the context and the nature of the attack change optimal strategies for both the attacker and the defender. These results suggest that sensors should look for certain kinds of information and not others as well as technologies that can automatically calibrate a response. Results also suggest when attackers are more likely to break into secure systems relative to mounting DDoS attacks. We use simulation to verify the analytical results.