Game Theoretic approach applied in Cybersecurity Information Exchange Framework

Abstract

In CYBersecurity Information Exchange (CYBEX) framework, Cyber Threat Intelligence (CTI) is shared among multiple organizations with a view of creating situationalawareness. But there is a possibility of malicious organizations to coexist with regular ones in this framework, which can get hold of the threat data shared by otherorganizations and can use it for carrying out malicious activities. We formulate theaforementioned problem as an incomplete information game assuming that wheneverCYBEX receives any information, it processes the information for anomaly detection.We find the mixed strategy Nash equilibrium and corresponding Bayesian belief updates. We simulate the game to find the best response strategies with which regularand malicious organizations can play to increase their payoffs. Based on the bestresponse strategies of organizations, we analyze that achieving more anomaly detection rate while keeping the processing rate minimum is the best action strategy withwhich CYBEX can play to increase gain of both CYBEX and regular organizationsover malicious organizations. We also find the approximate average minimum processing rate and anomaly detection rate with which CYBEX can play in order toreduce the negative impact of malicious organizations over the framework as a whole.