Incorporating attack-type uncertainty into network protection

Network security against possible attacks involves making decisions under uncertainty. Not only may one be ignorant of the place, the power, or the time of potential attacks, one may also be largely ignorant of the attacker's purpose. To illustrate this phenomenon, this paper proposes a simple Bayesian game-theoretic model of allocating defensive (scanning) effort among nodes of a network in which a network's defender does not know the adversary's motivation for intruding on the network, e.g., to bring the maximal damage to the network (for example, to steal credit card numbers or information on bank accounts stored there) or to infiltrate the network for other purposes (for example, to corrupt nodes for a further distributed denial of service botnet attack on servers). Due to limited defensive capabilities, the defender faces the dilemma of either: 1) focusing on increasing defense of the most valuable nodes, and in turn, increasing the chance for the adversary to sneak into the network through less valuable nodes or 2) taking care of defense of all the nodes, and in turn, reducing the level of defense of the most valuable ones. An explicit solution to this dilemma is suggested based on the information available to the defender, and it is shown how this information allows the authorities to increase the efficiency of a network's defense. Some interesting properties of the rivals' strategies are presented. Notably, the adversary's strategy has a node-sharing structure and the adversary's payoffs have a discontinuous dependence on the probability of the attack's type. This discontinuity implies that the defender has to take into account the human factor since some threshold values of this inclination in the adversary's behavior could make the defender's policy very sensitive to small perturbations, while in other situations it produces minimal impact.