Exponential discounting in security games of timing

• Published in: Journal of cybersecurity (Oxford) Vol. 7; no. 1
• Main Authors: Merlevede, Jonathan, Johnson, Benjamin, Grossklags, Jens, Holvoet, Tom
• Format: Journal Article
• Language: English
• Published: Oxford Oxford University Press 01.01.2021
• Subjects: Game theory; Players; Security; Security management; APT; games of timing; game theory; discounting
• ISSN: 2057-2085; 2057-2093
• DOI: 10.1093/cybsec/tyaa008

Abstract Strategic game models of defense against stealthy, targeted attacks that cannot be prevented but only mitigated are the subject of a significant body of recent research, often in the context of advanced persistent threats (APTs). In these game models, the timing of attack and defense moves plays a central role. A common assumption, in this literature, is that players are indifferent between costs and gains now and those in the distant future, which conflicts with the widely accepted treatment of intertemporal choice across economic contexts. This article investigates the significance of this assumption by studying changes in optimal player behavior when introducing time discounting. Specifically, we adapt a popular model in the games of timing literature, the FlipIt model, by allowing for exponential discounting of gains and costs over time. We investigate changes of best responses and the location of Nash equilibria through analysis of two well-known classes of player strategies: those where the time between players’ moves is constant, and a second class where the time between players’ moves is stochastic and exponentially distributed. By introducing time discounting in the framework of games of timing, we increase its level of realism as well as applicability to organizational security management, which is in dire need of sound theoretic work to respond to sophisticated, stealthy attack vectors.