Modeling secrecy and deception in a multipleperiod attacker–defender signaling game
Advisor: Yeong-Sung Lin
Presented by I-Ju Shih
1
2011/9/13
Agenda
Introduction
Signaling game
Model formulation for repeated game
Attacker observes defensive investment from the
previous period
Attacker does not observe defensive investment
Conclusions and future research
2
2011/9/13
Agenda
Introduction
Signaling game
Model formulation for repeated game
Attacker observes defensive investment from the
previous period
Attacker does not observe defensive investment
Conclusions and future research
3
2011/9/13
Introduction
Most applications of game theory to homeland-security
resource allocation so far have involved only one-period
games.
Dresher (1961) was among the first researchers to apply game
theory to military strategic interactions. However, he did not
explicitly model deception and secrecy.
Recent game-theoretic research has also indicated that
publicizing defensive information instead of keeping it secret
may help to deter attacks.
4
2011/9/13
Introduction
In practice, however, security-related information such as
defensive resource allocations is often kept secret.
There is a long tradition of deception in the military arena, as
well as in business and capital ventures.
Few of these studies have focused specifically on disclosure
of resource allocations.
Defenders might also have incentives to deceive by either
overstating or understating their defenses, to deter or
disinterest potential attackers, respectively.
5
2011/9/13
Introduction
Zhuang and Bier (2007) indicate that truthful disclosure
should always be preferred to secrecy, which is not surprising,
since their model is a game of complete information.
Attacker uncertainty about defender private information can
create opportunities for either defender secrecy or deception.
Zhuang and Bier (2011) found that defender secrecy and/or
deception could be strictly preferred in a one-period game in
which the defender has private information (i.e., the attacker
is uncertain about the defender type).
6
2011/9/13
Introduction
Secrecy has been sometimes modeled as simultaneous play in
game theory, since in a simultaneous game, each player
moves without knowing the moves chosen by the other
players.
Some researchers have modeled deception as sending noisy
or imperfect signals to mislead one’s opponents.
Hespanha et al. (2000) and Brown et al. (2005) defined
deception in a zero-sum attacker-defender game as occurring
when the defender discloses only a subset of the defenses, in
an attempt to route attacks to heavily-defended locations.
7
2011/9/13
Introduction
By contrast, this paper defines deception as disclosing a
signal (in the domain of the action space) that differs from the
chosen (hidden) action.
This paper applies game theory to model strategies of secrecy
and deception in a multiple-period attacker-defender
resource-allocation and signaling game with incomplete
information.
8
2011/9/13
Introduction
Games are classified into two major classes: cooperative
games and non-cooperative games.
In traditional non-cooperative games it is assumed that
1. The players are rational.
2. There are no enforceable agreements between players.
3. The players know all the data of the game.
However, real-game situations may involve other types of
uncertainty.
9
2011/9/13
Introduction
In this paper they focus on the case where the defender does
have private information, while the attacker does not.
In this case, they allow two types of updates about the
defender type – the attacker updates his knowledge about the
defender type after observing the defender’s signals, and also
after observing the result of a contest (if one occurs in any
given time period).
10
2011/9/13
Agenda
Introduction
Signaling game
Model formulation for repeated game
Attacker observes defensive investment from the
previous period
Attacker does not observe defensive investment
Conclusions and future research
11
2011/9/13
Signaling game
Games are classified into four major classes.
12
2011/9/13
Signaling game
A signaling game is a dynamic game of incomplete
information involving two players, a Sender and a
Receiver.
It involves two players – one with private information,
the other without – and two moves:
first the informed player (Sender, she) makes a decision,
she "sends a signal".
then the uninformed player (Receiver, he) – having
observed the informed player’s decision but not her
private information – makes a decision, he "reacts to the
signal".
13
2011/9/13
Signaling game
The timing of the game is as follows:
14
Nature selects a type ti for Sender from a set of feasible
types T = {t1,..., tI} according to a commonly-known
probability distribution p(.), where p(ti) > 0 (prior belief) for
every i ∈{1,...,I} and Σ p(ti) = 1.
Sender observes ti and, on the basis of ti, chooses a
message mj from a set of feasible messages M = {m1,...,mJ}.
Receiver observes mj and, on the basis of mj, selects an
action ak from a set of feasible actions A ={a1,...,aK}.
Payoffs are realised: if nature has drawn type ti, S has
chosen message mj and R has selected action ak, then payoffs
2011/9/13
for S and R are uS(ti, mj, ak) and uR(ti, mj, ak).
Signaling game
15
2011/9/13
Signaling game
Spence’s (1973) job market signalling model:
Sender: a worker in search for a job.
Receiver: a (potential) employer (or the market of prospective
employers).
Type: the worker’s productivity.
Message: the worker’s education choice.
Action: the wage paid to the worker.
16
2011/9/13
Signaling game
In a signaling game, there can be any or all of the
following Perfect Bayesian Equilibrium (PBE):
Pooling equilibrium: In a pooling PBE, both types of
17
Sender choose the same message, so that they cannot be
distinguished on the basis of their behavior. (pure strategy)
Separating equilibrium: In a separating PBE, each Sender
type chooses a different message, so that the message
perfectly identifies the player type. (pure strategy)
Semi-separating equilibrium: In a semi-separating PBE,
one type of Sender plays a pure strategy while the other
plays a mixed strategy. As a result, Receiver is able to
imperfectly update his prior beliefs about Sender’s type.
(mixed strategy)
2011/9/13
Agenda
Introduction
Signaling game
Model formulation for repeated game
Attacker observes defensive investment from the
previous period
Attacker does not observe defensive investment
Conclusions and future research
18
2011/9/13
Model formulation for repeated game
This paper’s game has two players: an attacker (he,
signal receiver, A); and a defender (she, signal sender,
D).
This paper’s model involves a N-period game with
private defender information.
19
2011/9/13
Model formulation for repeated game
• For simplicity, this paper considers only
a two-type model; i.e., the defender type θ equals θ1 with
probability p1 and θ2 with probability 1-p1.
• This paper assumes that p1, the attacker’s prior probability
at the beginning of the period 1, is common knowledge to
both the attacker and the defender.
20
2011/9/13
Model formulation for repeated game
• First, a defender of type θ chooses a strategy dt(θ) and a
signal st(θ) for θ = θ1, θ2.
• dt(θ) = 0 : The defender invests in short term expenses
(such as police patrol) in period t.
• dt(θ) = 1 : The defender invests in capital defenses in
period t.
• st(θ) ϵ {0, 1, S} be the signal sent by a defender of type θ
about its defensive choice.
21
2011/9/13
Model formulation for repeated game
• The attacker observes the signal st(θ), updates his belief
from the prior pt to the posterior p't, and chooses an attacker
response at(st).
• at(st) = 0 is the decision to do nothing during period t.
• at(st) = 1 represents the decision to launch an attack.
22
2011/9/13
Model formulation for repeated game
If both defender types send the same signal at
equilibrium, st(θ1) = st(θ2), then p't (posterior belief) =
pt (prior belief). (Pooling equilibrium)
If different defender types send different signals at
equilibrium, st(θ1) ≠ st(θ2), then the attacker is able to
recognize the defender type with certainty, in which
case p't = 1 with probability pt, and 0 with probability
1-pt. (Separating equilibrium)
23
2011/9/13
Model formulation for repeated game
24
2011/9/13
Model formulation for repeated game
This paper assumes for simplicity that the actual level
of damage to the target is either 100% or zero.
attacker
attack cost
Conditional
probability
attacker’s
that
target
an attack
valuations
would succeed
defender
Defense cost
Conditional probability
defender’s
thattarget
an attack
valuations
would succeed
25
2011/9/13
Model formulation for repeated game
This contest success function is assumed to be of the
form.
the effective defense
short-term
capital investment
where α > 1 is the effectiveness of defender short-term
expenses relative to defender capital investment in
security; ρt-k is the fraction of defensive capital from
period k that is still effective in period t.
26
2011/9/13
Model formulation for repeated game
27
2011/9/13
Model formulation for repeated game
Let βA and βD be the attacker and defender discount
factors, respectively.
attacker
defender
(the current payoff, plus the discounted expected future
equilibrium payoff)
28
2011/9/13
Model formulation for repeated game
Definition 1. We call the collection {a*(s), d*(θ), s*(θ),
p*, p'*} an equilibrium if the following four conditions
are satisfied:
29
2011/9/13
Model formulation for repeated game
Definition 1. We call the collection {a*(s), d*(θ), s*(θ),
p*, p'*} an equilibrium if the following four conditions
are satisfied:
30
2011/9/13
Model formulation for repeated game
Definition 1. We call the collection {a*(s), d*(θ), s*(θ),
p*, p'*} an equilibrium if the following four conditions
are satisfied:
31
2011/9/13
Model formulation for repeated game
Definition 2. In an equilibrium {a*(s), d*(θ), s*(θ), p*,
p‘*}, we say that in period t, a defender of type θ
chooses:
The cost of implementing truthful disclosure is lower
than the costs of implementing secrecy and deception,
respectively.
32
2011/9/13
Agenda
Introduction
Signaling game
Model formulation for repeated game
Attacker observes defensive investment from the
previous period
Attacker does not observe defensive investment
Conclusions and future research
33
2011/9/13
Attacker observes defensive investment
from the previous period
The model is under the assumption that the attacker
can observe the previous period’s defensive choice, dt-1,
at the beginning of period t.
They still allow the defender’s private information to
remain secret throughout the entire game, if not
revealed by the defender’s choices.
However, with this assumption, the defender cannot
choose deception or secrecy at optimality for more
than one time period.
34
2011/9/13
Attacker observes defensive investment
from the previous period
For computational convenience, they assume that
capital can be carried over only to the immediate next
period. (ρk = 0 for k ≥ 2, and ρ1 = ρ)
35
2011/9/13
Attacker observes defensive investment
from the previous period
36
2011/9/13
Attacker observes defensive investment
from the previous period
Case A (pt = 0 or pt =1): In this case, at the beginning
of period t, the attacker already knows whether the
defender is of type θ = θ2 or θ = θ1.
37
2011/9/13
Attacker observes defensive investment
from the previous period
For all 48 cases, we calculate et using Eq. (11), and let
p't (posterior belief) = pt+1 (prior belief) = pt (prior
belief).
The attacker and defender total expected payoffs are
calculated as the sum of the current payoff plus the
discounted future equilibrium payoff:
38
2011/9/13
Attacker observes defensive investment
from the previous period
Case B (0 < pt < 1): In this case, at the beginning of
period t, the attacker is uncertain about the defender
type, and we have a three player, 8*6*6 game.
For all 288 cases, we calculate et(θ) using Eq. (11), and
then determine p't stochastically as a function of st(θ),
st(θ2), and pt, using condition 3 of Definition 1.
39
2011/9/13
Attacker observes defensive investment
from the previous period
the attacker payoff is given by:
the payoff to a defender of type h is given by:
40
2011/9/13
Attacker observes defensive investment
from the previous period
In the examples in the following sections, we use the
following baseline parameter values: N = 2; p1 = 0.9;
βA = 0.9; βD(θ1) = βD(θ2) = 0.9; ρ(θ1) = ρ(θ2) = 0.5;
α(θ1) = α(θ2) = 2; vA(θ1) = vA(θ2) = 20; vD(θ1) = vD(θ2)
= 20.
Moreover, we use the following baseline costs:
41
2011/9/13
Attacker observes defensive investment
from the previous period
1. Effectiveness of expenses as defender private information
Here, we let α(θ1) = 2 and α(θ2) = 4 be the defender private
information.
42
Defender’s strategy
Defender’s signal
2011/9/13
Attacker observes defensive investment
from the previous period
1. Effectiveness of expenses as defender private information
Here, we let α(θ1) = 2 and α(θ2) = 4 be the defender private
information.
Defender’s strategy
Defender’s signal
θ1
θ2
43
2011/9/13
Attacker observes defensive investment
from the previous period
1. Effectiveness of expenses as defender private information
Here, we let α(θ1) = 2 and α(θ2) = 4 be the defender private
information.
44
Defender’s strategy
Defender’s signal
2011/9/13
Attacker observes defensive investment
from the previous period
1. Effectiveness of expenses as defender private information
Here, we let α(θ1) = 2 and α(θ2) = 4 be the defender private
information.
45
Defender’s strategy
Defender’s signal
2011/9/13
Attacker observes defensive investment
from the previous period
2. Target valuation as private information
We consider α(θ1) = α(θ2) = 1.5; vA(θ1) = vD(θ1) = 10 and
vA(θ1) = vD(θ2) = 20.
Defender’s strategy
Defender’s signal
θ1
θ2
46
2011/9/13
Attacker observes defensive investment
from the previous period
3. Defender costs as private information
We consider α(θ1) = α(θ2) = 2 and the defender of type θ2
has higher costs for all signals than the defender of type
θ1 when the defenses are given by d = 0.
47
2011/9/13
Attacker observes defensive investment
from the previous period
3. Defender costs as private information
We consider α(θ1) = α(θ2) = 2 and the defender of type θ2
has higher costs for all signals than the defender of type
θ1 when the defenses are given by d = 0.
Defender’s strategy
48
Defender’s signal
2011/9/13
Attacker observes defensive investment
from the previous period
4. Other parameters as defender private information
In cases where the defender’s private information is
associated only with future payoffs (such as the carry-over
coefficients ρk and the discount rate βD), they have not
found deception or secrecy in their numerical model,
despite an extensive computer search.
49
2011/9/13
Agenda
Introduction
Signaling game
Model formulation for repeated game
Attacker observes defensive investment from the
previous period
Attacker does not observe defensive investment
Conclusions and future research
50
2011/9/13
Attacker does not observe defensive
investment
For simplicity, this paper also assumes that the attacker
does not observe the result of the contest from the
previous period.
Therefore, we need to solve a three-player 8N*6N*6N
game, where N is the number of periods.
We let the cost be the defender’s private information.
51
2011/9/13
Attacker does not observe defensive
investment
52
2011/9/13
Agenda
Introduction
Signaling game
Model formulation for repeated game
Attacker observes defensive investment from the
previous period
Attacker does not observe defensive investment
Conclusions and future research
53
2011/9/13
Conclusions and future research
This work uses game theory and dynamic
programming to model a multiple-period, attacker–
defender, resource-allocation and signaling game with
incomplete information.
This paper’s numerical examples show that defenders
can sometimes achieve more cost-effective security
through secrecy and deception in a multiple-period
game.
One limitation to this paper is that their algorithm does
not automatically identify mixed strategies.
54
2011/9/13
Conclusions and future research
Although they found secrecy and deception as
equilibrium strategies, which is somewhat unusual in
the literature, such equilibria were relatively rare and
difficult to obtain in our model, compared to the
frequency with which secrecy and deception are
observed in practice.
They suspect that this may be at least in part because
of some of the more unrealistic assumptions of game
theory (e.g., common knowledge, full rationality).
55
2011/9/13
Thanks for your listening.
56
2011/9/13
© Copyright 2026 Paperzz