HD: swagitda.com/speaking/us-17-Shortridge-Big-Game-Theory-Hunting.pdf
We all groan when we hear it's "time for some game theory," but traditional game theory – modelling conflict and cooperation between rational decision-makers – still pervades how we think of defensive strategy as an industry. This primitive analysis is a disservice to defenders, who are facing humans (and who are, in fact, humans themselves), but are modelling their own actions and opponent's actions based on the assumption of machine-like behavior.
In this session, I will examine traditional game theory and propose why behavioral game theory should take its place in the philosophy of defense. Next, I'll review the first principles of game theory, through the lens of behavioral game theory, which empirically measures how humans actually behave in games, rather than assumes they will behave coldly rational.
I'll explain the "rules" of the information security game and how traditional game theory is poorly suited to those conditions, along with the various behavioral models and why they are a superior fit. I'll then explore the two primarily methods that play into how humans make decisions in games – "thinking" and "learning" and what empirical data from behavioral game theory studies suggests on how to improve thinking and learning, extrapolating to applications for infosec defenders.
Finally, I'll present new insights from my own research, examining how defenders and attackers play the infosec game specifically, and bridging from theory to practice, to see how the lessons from behavioral game theory can be tangibly incorporated into defenders' strategic decision making processes. I'll conclude the session by outlining the practical steps for improving threat modelling, countering offensive moves, and deciding which products to use, so that defenders can start gaining the high ground in the infosec game.
Volatile Memory: Behavioral Game Theory in Defensive SecurityKelly Shortridge
This presentation will explore some of the teachings from the young field of behavioral game theory, which empirically measures how humans behave in games, as an improvement upon prior discussions involving traditional Game Theory models in which humans are considered perfectly rational. I will use behavioral game theory to examine how people’s natural cognitive biases lead to sub-optimal behavior in their decision-making processes in adversarial games – and specifically processes related to playing defense in the information security “game.”
I will detail various sorts of games in which this sub-optimal performance manifests, how humans cognitively approach these games and touch on some of the algorithms, such as self-tuning EWAs, that help predict how people will behave in certain defender-attacker-defender (DAD) games. Finally, I will explore what sort of strategies and counter-measures can be implemented to improve defense’s performance in DAD games, incorporating techniques such as belief prompting, improved incorporation of information and decision trees.
Behavioral Models of Information Security: Industry irrationality & what to d...Kelly Shortridge
I examine the information security industry through the lens of behavioral models. Traditional ways of thinking about defensive and offensive motivations focus on models such as game theory, which tend to assume the people on each side are “rational” actors. However, humans have lots of quirks in their thinking that are the result of cognitive biases, and that lead to “irrational” behaviors.
The question therefore is: what biases do defenders and attackers have when they make decisions, and how can we leverage these insights to improve the efficacy of defense? In particular, I’ll discuss what implications theories such as Prospect Theory, time inconsistency, less-is-better effect, sunk cost fallacy, dual system theory and social biases such as fairness and trust have for why the industry dynamics are the way they are.
Given at NCC Group's Security Open Forum on August 17, 2016
Understanding Game Analytics & Behavioral Clustering for GamesAnders Drachen
These are the slides from my presentation at the excellent AI/Game conference in Vienna July 2014 (http://gameaiconf.com/), covering two topics: 1) a broad introduction to the practice of game analytics; 2) a description of how to use cluster analysis to build profiles of players based on game telemetry.
Researchers at UC Santa Cruz and Electronic Arts used machine learning to analyze telemetry data from Madden NFL 11 to identify which gameplay features impacted player retention. They extracted features from play-by-play summaries of over 25,000 players and used regression models to predict number of games played. Analyzing the models revealed that play diversity, online franchise wins, running plays, and sacks increased retention while sacks allowed, peer quits, and actions per play decreased it. This informed changes like simplifying playbooks to improve new player experience.
This document summarizes Ben Weber's dissertation defense on integrating learning in a multi-scale agent. The dissertation aims to build an AI agent capable of expert-level gameplay in StarCraft II. The agent uses reactive planning to handle multi-scale reasoning. It learns strategies, state estimation, and goal formulation from expert gameplay demonstrations. These learned capabilities are integrated using a goal-driven autonomy framework. Experiments show the complete agent performs competitively against human amateur players. The dissertation contributes methods for multi-scale AI, learning from demonstration, and integrating learned skills in a reactive planning agent.
This document reviews three perspectives on theories of human behavior according to Milton Friedman, Daniel Kahneman, and Daniel McFadden. It also summarizes Kahneman's view that people make judgments intuitively and display biases, and McFadden's perspective that people aim to optimize utility subject to perceptual biases. The rest of the document discusses theories and models of perception, judgment, decision-making, and how the brain processes information efficiently.
Applying Reactive Planning Idioms to Behavior TreesBen Weber
The document discusses applying reactive planning idioms from ABL (A Behavior Language) to behavior trees to extend their functionality. It describes several reactive planning concepts like daemon behaviors, message passing, and managers that were implemented in the EISBot StarCraft AI using ABL. These concepts allowed partitioning the bot into competence areas, decoupling components, and facilitating communication between them. The idioms enhanced behavior trees' ability to handle multi-scale problems by enabling concurrent goal pursuit and modular agent design.
This document discusses two new security paradigms: 1) Knowing your enemy by analyzing attackers and their methods through a game theoretic lens, and 2) Applied security by obscurity using logical complexity and one-way programming to obscure systems from attackers.
The document provides background on old security paradigms, including the view that security is an architectural problem solved by separating secure and insecure areas, and the assumption that attackers have unlimited logical and programming powers. It then introduces the new paradigm of knowing your enemy by modeling security as a game of incomplete information, where players try to learn about each other's capabilities and strategies. The document outlines a simple model of this security game.
The second new paradigm discussed is applied security
Volatile Memory: Behavioral Game Theory in Defensive SecurityKelly Shortridge
This presentation will explore some of the teachings from the young field of behavioral game theory, which empirically measures how humans behave in games, as an improvement upon prior discussions involving traditional Game Theory models in which humans are considered perfectly rational. I will use behavioral game theory to examine how people’s natural cognitive biases lead to sub-optimal behavior in their decision-making processes in adversarial games – and specifically processes related to playing defense in the information security “game.”
I will detail various sorts of games in which this sub-optimal performance manifests, how humans cognitively approach these games and touch on some of the algorithms, such as self-tuning EWAs, that help predict how people will behave in certain defender-attacker-defender (DAD) games. Finally, I will explore what sort of strategies and counter-measures can be implemented to improve defense’s performance in DAD games, incorporating techniques such as belief prompting, improved incorporation of information and decision trees.
Behavioral Models of Information Security: Industry irrationality & what to d...Kelly Shortridge
I examine the information security industry through the lens of behavioral models. Traditional ways of thinking about defensive and offensive motivations focus on models such as game theory, which tend to assume the people on each side are “rational” actors. However, humans have lots of quirks in their thinking that are the result of cognitive biases, and that lead to “irrational” behaviors.
The question therefore is: what biases do defenders and attackers have when they make decisions, and how can we leverage these insights to improve the efficacy of defense? In particular, I’ll discuss what implications theories such as Prospect Theory, time inconsistency, less-is-better effect, sunk cost fallacy, dual system theory and social biases such as fairness and trust have for why the industry dynamics are the way they are.
Given at NCC Group's Security Open Forum on August 17, 2016
Understanding Game Analytics & Behavioral Clustering for GamesAnders Drachen
These are the slides from my presentation at the excellent AI/Game conference in Vienna July 2014 (http://gameaiconf.com/), covering two topics: 1) a broad introduction to the practice of game analytics; 2) a description of how to use cluster analysis to build profiles of players based on game telemetry.
Researchers at UC Santa Cruz and Electronic Arts used machine learning to analyze telemetry data from Madden NFL 11 to identify which gameplay features impacted player retention. They extracted features from play-by-play summaries of over 25,000 players and used regression models to predict number of games played. Analyzing the models revealed that play diversity, online franchise wins, running plays, and sacks increased retention while sacks allowed, peer quits, and actions per play decreased it. This informed changes like simplifying playbooks to improve new player experience.
This document summarizes Ben Weber's dissertation defense on integrating learning in a multi-scale agent. The dissertation aims to build an AI agent capable of expert-level gameplay in StarCraft II. The agent uses reactive planning to handle multi-scale reasoning. It learns strategies, state estimation, and goal formulation from expert gameplay demonstrations. These learned capabilities are integrated using a goal-driven autonomy framework. Experiments show the complete agent performs competitively against human amateur players. The dissertation contributes methods for multi-scale AI, learning from demonstration, and integrating learned skills in a reactive planning agent.
This document reviews three perspectives on theories of human behavior according to Milton Friedman, Daniel Kahneman, and Daniel McFadden. It also summarizes Kahneman's view that people make judgments intuitively and display biases, and McFadden's perspective that people aim to optimize utility subject to perceptual biases. The rest of the document discusses theories and models of perception, judgment, decision-making, and how the brain processes information efficiently.
Applying Reactive Planning Idioms to Behavior TreesBen Weber
The document discusses applying reactive planning idioms from ABL (A Behavior Language) to behavior trees to extend their functionality. It describes several reactive planning concepts like daemon behaviors, message passing, and managers that were implemented in the EISBot StarCraft AI using ABL. These concepts allowed partitioning the bot into competence areas, decoupling components, and facilitating communication between them. The idioms enhanced behavior trees' ability to handle multi-scale problems by enabling concurrent goal pursuit and modular agent design.
This document discusses two new security paradigms: 1) Knowing your enemy by analyzing attackers and their methods through a game theoretic lens, and 2) Applied security by obscurity using logical complexity and one-way programming to obscure systems from attackers.
The document provides background on old security paradigms, including the view that security is an architectural problem solved by separating secure and insecure areas, and the assumption that attackers have unlimited logical and programming powers. It then introduces the new paradigm of knowing your enemy by modeling security as a game of incomplete information, where players try to learn about each other's capabilities and strategies. The document outlines a simple model of this security game.
The second new paradigm discussed is applied security
This document discusses a proactive approach to cybersecurity called cyber-attack forecasting. It involves using machine learning and game theory to model a cyber system and analyze interactions between attackers and defenders to predict future attacks. The approach includes using hierarchical clustering to group similar systems, detecting anomalies, and formulating interactions as games to determine optimal defense strategies like probing frequencies. This proactive approach aims to address limitations of reactive security by enabling preemptive countermeasures against sophisticated threats.
A presentation on the early-stage informed development of Project:Filter, a game about the ecological and environmental impact of water quality caused by human behaviour.
In this presentation we introduce the game balance "interesting strategies". It is especially important as games with a single dominant strategy are boring. No strategy must be much better than others and without drawbacks.
These slides were prepared by Dr. Marc Miquel. All the materials used in them are referenced to their authors.
This document provides a summary of key concepts from a document about creating a decision/action model for soccer. The summary is:
[1] The document discusses several common soccer models such as pressing/counterattacking, interval training, and youth development models. It also discusses limits of models and how all models are wrong to some degree.
[2] The Observe-Orient-Decide-Act (OODA) loop is presented as a process model for decision making in soccer. It describes the cognitive cycles of observation, orientation, decision, and action that players go through.
[3] The goal of human nature is described as surviving, surviving on one's own terms, or improving one's
This document provides a summary of key concepts from a document about creating a decision/action model for soccer. The summary is:
[1] The document discusses several existing models for soccer, such as pressing-counter attacking, interval training, and youth development models. It also discusses common constraints on models, such as their context dependence and limits based on reality.
[2] The document then introduces the concept of "wicked problems" which are complex problems with no clear solution. Starting a soccer club is provided as an example of a wicked problem.
[3] Finally, the document summarizes the observe-orient-decide-act (OODA) loop model for decision making, noting that speed
A constraints led, interdisciplinary model for survival, growth and winning in the game.
Visit the bettersoccermorefun channel on YouTube for videos that expand on these ideas.
Organizations interested in holding a workshop on decision/action models can contact me at larry4v4-at-hotmail.com for details.
Game theory is a mathematical approach to modeling strategic interactions between rational decision-makers. It assumes humans seek the best outcomes and makes predictions based on payoff matrices showing players' rewards for different strategy combinations. Common applications include economics, politics, and analyzing conflict and cooperation situations like the Prisoner's Dilemma. Game theory also studies concepts like Nash equilibrium, mixed strategies, and evolutionary stable strategies.
From Human Intelligence to Machine IntelligenceNUS-ISS
This in an introductory talk to get ready for the AI era, and will talk about human intelligence, the model view of intelligence and machine/artificial intelligence. There will be some coverage of AI roots and subfields.
The document discusses theorycrafting as a playful method to engage critical thinking. Theorycrafting involves playful experimentation to understand the underlying rules and build a model of how a game works. It involves entering thinking mode when rules seem inconsistent, questioning assumptions, observing, analyzing and experimenting to form hypotheses, and testing hypotheses. Theorycrafting can be used as an instructional method by having students analyze game rules and debate models to understand variable interdependencies. Open questions remain about transferring theorycrafting's playful approach to other learning environments.
The document discusses using agent-based simulation to model human behavior in security scenarios. It aims to create cognitive models for agents based on cognitive science and have them interact to analyze complex scenarios. This is an alternative to existing mathematical models, which are not always validated by empirical studies. The goals are to test existing models, integrate cognitive science and security economics, and better explain behaviors observed in simulations. Challenges include developing a generic framework and modeling diverse cognitive behaviors.
Planning and Integrating Deception into Computer Security DefensesMohammed Almeshekah
Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that uses deception were ad-hoc attempts to incorporate deceptive elements in them. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of why deception fundamentally works and what are the essential principles in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception to many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be de- signed to exploit specific adversaries’ biases. We investigate these biases and discuss how can they be used by presenting a number of examples.
This document discusses using deception in cybersecurity defenses. It begins by arguing that obscurity does provide some security benefits in practice. It then outlines several deception techniques like denial, degradation, and attribution. Examples of current deception research projects are presented, such as using fake passwords to thwart cracking and deceptive software patches. Modeling deception strategies using hypergames is also discussed. The document argues that deception methods show promise in improving security when combined with traditional defenses.
This document discusses security and provides tips for thinking about it sensibly. It begins by saying security is about leading a peaceful life, not locking ourselves away. It then outlines that questions are welcome and answers aren't guaranteed but the discussion will be thoughtful. The rest of the document touches on defining security concepts, examining why security fails and myths about it, analyzing the spectrum of attacks, and providing exercises for thinking critically about securing systems and applications. The goal is to stimulate brain-intensive thinking about security.
This chapter provides a high-level overview of threat hunting. It defines hunting as finding ways for threats to perform malicious actions. It emphasizes that hunting goes beyond just waiting for alerts, and that organizations may define hunting in different ways based on their goals and environments. The chapter discusses that the most important assets for hunting are people, not technology. It stresses the importance of hiring the right people with varied skills and experience to build an effective hunting team. Each analyst will develop their own individual hunting style and processes over time.
There are games everywhere, and we are creating them all the time without even knowing it. We have the “get the project green” game, the “highest team velocity wins” game, and the “meet the go-live date” game. But it’s about time we learnt how to design better games, having people compete to win the “create the most value” game or “increase stakeholder happiness” - much better alternatives in our world.
Most commonly used in war games and global economics, game theory is a branch of mathematics not just reserved for those interested in world domination. Defined as “the study of mathematical models of conflict and cooperation between intelligent rational decision-makers”, it helps us understand and analyse how people may behave under different circumstances. It helps us analyse payoffs, determine implications and strategies that people will take and hence utilise this information to create games that drive behaviour.
Learn the basics of game theory through an exercise and examples, predict people’s next move and become a good (not evil) gamemaster.
This is a simple presentation on Game Theory in Network Security. I made it when I was searching for research points for my Master degree. Still searching for other research points. Any suggestions on research points in network security or network architecture? :)
This document discusses the application of game theory to strategic business decisions. It introduces the Priiva process, which uses game theory models to identify players and their options/preferences, predict outcomes from millions of potential scenarios, and develop strategic plans to achieve desired outcomes. The process aims to provide deep insights efficiently in 2-4 weeks. Examples show how it can identify fragile situations and influence maps. Benefits include strategic action plans, predictable outcomes, aligned executives, and confident boards. Priiva is a boutique consulting firm specialized in applying this methodology.
1) Dr. Joe Totherow discusses three options for using games for instructional goals: creating gamified activities, leveraging commercial games, and designing instructional games.
2) Important concepts in designing effective instructional games are ensuring the motivation - intrinsic or extrinsic - directs learners to the instructional content, and balancing the feasibility of a project with its expected impact.
3) Recommendations include starting with clear instructional objectives that map to interesting game mechanics, keeping early games simple, and prototyping mechanics for reuse across contexts.
Gamification uses game mechanics and design principles to engage learners and motivate behavior in non-game contexts like education. It works by rewarding learners intrinsically when they experience wanting and liking through feedback. To design effective gamified learning, one should understand the audience, clearly define goals and objectives, provide frequent feedback on progress, reward effort through incremental rewards and adaptive systems, and incorporate elements of chance, peer interaction, and surprise. An iterative process of testing assumptions early allows for improvement.
This document describes how the game mechanism WeQ can help teams transition from "Doing Agile" to "Being Agile" using neuroscience principles. WeQ is an interactive board game app that engages teams of up to 12 players. It uses science-backed game mechanics and repetitive sessions to help teams develop qualities like positivity, autonomy, and psychological safety that keep the team in a "reward state" and improve collective intelligence. The WeQ system assesses teams through questionnaires, provides customized feedback cards, and teaches neuroscience concepts to help teams understand how to give and receive feedback more effectively.
Resilience in information security is used as a buzzword, but hasn't been codified. I attempt to define what resilience means in cybersecurity, and look at cross-domain insights (climate change, disaster recovery, flood risk management) for practical ideas of how to implement it when architecting security strategy.
HQ here: http://swagitda.com/speaking/Red-Pill-of-Resilience-Shortridge-RSS-2017.pdf
We’ll be returning to first principles for how defenders in information security make decisions. Cognitive biases can lead to sub-optimal decision making both in individuals and teams, and in information security, defenders’ decision making processes are vital to improve resilience to attacks. This talk will explore how teams can tune their decision making processes to take these biases into account and guide themselves towards more rational thinking
Presented at Art into Science 2017
More Related Content
Similar to Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
This document discusses a proactive approach to cybersecurity called cyber-attack forecasting. It involves using machine learning and game theory to model a cyber system and analyze interactions between attackers and defenders to predict future attacks. The approach includes using hierarchical clustering to group similar systems, detecting anomalies, and formulating interactions as games to determine optimal defense strategies like probing frequencies. This proactive approach aims to address limitations of reactive security by enabling preemptive countermeasures against sophisticated threats.
A presentation on the early-stage informed development of Project:Filter, a game about the ecological and environmental impact of water quality caused by human behaviour.
In this presentation we introduce the game balance "interesting strategies". It is especially important as games with a single dominant strategy are boring. No strategy must be much better than others and without drawbacks.
These slides were prepared by Dr. Marc Miquel. All the materials used in them are referenced to their authors.
This document provides a summary of key concepts from a document about creating a decision/action model for soccer. The summary is:
[1] The document discusses several common soccer models such as pressing/counterattacking, interval training, and youth development models. It also discusses limits of models and how all models are wrong to some degree.
[2] The Observe-Orient-Decide-Act (OODA) loop is presented as a process model for decision making in soccer. It describes the cognitive cycles of observation, orientation, decision, and action that players go through.
[3] The goal of human nature is described as surviving, surviving on one's own terms, or improving one's
This document provides a summary of key concepts from a document about creating a decision/action model for soccer. The summary is:
[1] The document discusses several existing models for soccer, such as pressing-counter attacking, interval training, and youth development models. It also discusses common constraints on models, such as their context dependence and limits based on reality.
[2] The document then introduces the concept of "wicked problems" which are complex problems with no clear solution. Starting a soccer club is provided as an example of a wicked problem.
[3] Finally, the document summarizes the observe-orient-decide-act (OODA) loop model for decision making, noting that speed
A constraints led, interdisciplinary model for survival, growth and winning in the game.
Visit the bettersoccermorefun channel on YouTube for videos that expand on these ideas.
Organizations interested in holding a workshop on decision/action models can contact me at larry4v4-at-hotmail.com for details.
Game theory is a mathematical approach to modeling strategic interactions between rational decision-makers. It assumes humans seek the best outcomes and makes predictions based on payoff matrices showing players' rewards for different strategy combinations. Common applications include economics, politics, and analyzing conflict and cooperation situations like the Prisoner's Dilemma. Game theory also studies concepts like Nash equilibrium, mixed strategies, and evolutionary stable strategies.
From Human Intelligence to Machine IntelligenceNUS-ISS
This in an introductory talk to get ready for the AI era, and will talk about human intelligence, the model view of intelligence and machine/artificial intelligence. There will be some coverage of AI roots and subfields.
The document discusses theorycrafting as a playful method to engage critical thinking. Theorycrafting involves playful experimentation to understand the underlying rules and build a model of how a game works. It involves entering thinking mode when rules seem inconsistent, questioning assumptions, observing, analyzing and experimenting to form hypotheses, and testing hypotheses. Theorycrafting can be used as an instructional method by having students analyze game rules and debate models to understand variable interdependencies. Open questions remain about transferring theorycrafting's playful approach to other learning environments.
The document discusses using agent-based simulation to model human behavior in security scenarios. It aims to create cognitive models for agents based on cognitive science and have them interact to analyze complex scenarios. This is an alternative to existing mathematical models, which are not always validated by empirical studies. The goals are to test existing models, integrate cognitive science and security economics, and better explain behaviors observed in simulations. Challenges include developing a generic framework and modeling diverse cognitive behaviors.
Planning and Integrating Deception into Computer Security DefensesMohammed Almeshekah
Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that uses deception were ad-hoc attempts to incorporate deceptive elements in them. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of why deception fundamentally works and what are the essential principles in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception to many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be de- signed to exploit specific adversaries’ biases. We investigate these biases and discuss how can they be used by presenting a number of examples.
This document discusses using deception in cybersecurity defenses. It begins by arguing that obscurity does provide some security benefits in practice. It then outlines several deception techniques like denial, degradation, and attribution. Examples of current deception research projects are presented, such as using fake passwords to thwart cracking and deceptive software patches. Modeling deception strategies using hypergames is also discussed. The document argues that deception methods show promise in improving security when combined with traditional defenses.
This document discusses security and provides tips for thinking about it sensibly. It begins by saying security is about leading a peaceful life, not locking ourselves away. It then outlines that questions are welcome and answers aren't guaranteed but the discussion will be thoughtful. The rest of the document touches on defining security concepts, examining why security fails and myths about it, analyzing the spectrum of attacks, and providing exercises for thinking critically about securing systems and applications. The goal is to stimulate brain-intensive thinking about security.
This chapter provides a high-level overview of threat hunting. It defines hunting as finding ways for threats to perform malicious actions. It emphasizes that hunting goes beyond just waiting for alerts, and that organizations may define hunting in different ways based on their goals and environments. The chapter discusses that the most important assets for hunting are people, not technology. It stresses the importance of hiring the right people with varied skills and experience to build an effective hunting team. Each analyst will develop their own individual hunting style and processes over time.
There are games everywhere, and we are creating them all the time without even knowing it. We have the “get the project green” game, the “highest team velocity wins” game, and the “meet the go-live date” game. But it’s about time we learnt how to design better games, having people compete to win the “create the most value” game or “increase stakeholder happiness” - much better alternatives in our world.
Most commonly used in war games and global economics, game theory is a branch of mathematics not just reserved for those interested in world domination. Defined as “the study of mathematical models of conflict and cooperation between intelligent rational decision-makers”, it helps us understand and analyse how people may behave under different circumstances. It helps us analyse payoffs, determine implications and strategies that people will take and hence utilise this information to create games that drive behaviour.
Learn the basics of game theory through an exercise and examples, predict people’s next move and become a good (not evil) gamemaster.
This is a simple presentation on Game Theory in Network Security. I made it when I was searching for research points for my Master degree. Still searching for other research points. Any suggestions on research points in network security or network architecture? :)
This document discusses the application of game theory to strategic business decisions. It introduces the Priiva process, which uses game theory models to identify players and their options/preferences, predict outcomes from millions of potential scenarios, and develop strategic plans to achieve desired outcomes. The process aims to provide deep insights efficiently in 2-4 weeks. Examples show how it can identify fragile situations and influence maps. Benefits include strategic action plans, predictable outcomes, aligned executives, and confident boards. Priiva is a boutique consulting firm specialized in applying this methodology.
1) Dr. Joe Totherow discusses three options for using games for instructional goals: creating gamified activities, leveraging commercial games, and designing instructional games.
2) Important concepts in designing effective instructional games are ensuring the motivation - intrinsic or extrinsic - directs learners to the instructional content, and balancing the feasibility of a project with its expected impact.
3) Recommendations include starting with clear instructional objectives that map to interesting game mechanics, keeping early games simple, and prototyping mechanics for reuse across contexts.
Gamification uses game mechanics and design principles to engage learners and motivate behavior in non-game contexts like education. It works by rewarding learners intrinsically when they experience wanting and liking through feedback. To design effective gamified learning, one should understand the audience, clearly define goals and objectives, provide frequent feedback on progress, reward effort through incremental rewards and adaptive systems, and incorporate elements of chance, peer interaction, and surprise. An iterative process of testing assumptions early allows for improvement.
This document describes how the game mechanism WeQ can help teams transition from "Doing Agile" to "Being Agile" using neuroscience principles. WeQ is an interactive board game app that engages teams of up to 12 players. It uses science-backed game mechanics and repetitive sessions to help teams develop qualities like positivity, autonomy, and psychological safety that keep the team in a "reward state" and improve collective intelligence. The WeQ system assesses teams through questionnaires, provides customized feedback cards, and teaches neuroscience concepts to help teams understand how to give and receive feedback more effectively.
Similar to Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game (20)
Resilience in information security is used as a buzzword, but hasn't been codified. I attempt to define what resilience means in cybersecurity, and look at cross-domain insights (climate change, disaster recovery, flood risk management) for practical ideas of how to implement it when architecting security strategy.
HQ here: http://swagitda.com/speaking/Red-Pill-of-Resilience-Shortridge-RSS-2017.pdf
We’ll be returning to first principles for how defenders in information security make decisions. Cognitive biases can lead to sub-optimal decision making both in individuals and teams, and in information security, defenders’ decision making processes are vital to improve resilience to attacks. This talk will explore how teams can tune their decision making processes to take these biases into account and guide themselves towards more rational thinking
Presented at Art into Science 2017
The information security industry can often feel inaccessible to outsiders, particularly those without a computer science background. However, there are ways to quickly dive into the field regardless of your background, many of which just require a time investment. I’ll talk about the numerous infosec careers available, how to network with community members, and how to build a knowledge base that is sustainable for the ever-evolving field.
Presented at DuoSecurity's Duo Tech Talk
The Art of Explanation: Behavioral models of infosecKelly Shortridge
This talk will examine the dynamics of the information security industry through the lens of behavioral economics. Traditional ways of thinking about defensive and offensive motivations focus on models such as game theory, which tend to assume the people on each side are “rational” actors. However, humans are predisposed to incorporate cognitive biases into their decision making, leading to “irrational” behaviors that are better described by behavioral models.
I'll explore what biases defenders and attackers have when they make decisions, and how these insights can be leveraged to improve defensive efficacy. In particular, I’ll discuss the implications of behavioral economics theories such as Prospect Theory, time inconsistency and dual-process theory and their explanatory power for why the industry dynamics are the way they are.
Presented at Hacktivity 2016
Recent controversies such as Apple vs FBI have highlighted that often strong security is a prerequisite for privacy, and that upholding privacy can ensure stronger security is built into software. Can the argument still be made that security must be sacrificed in place of privacy? How much are security and privacy inherently linked?
This document provides an overview of how to get started in cyber security education through self-directed learning. It discusses the various career paths available in cyber security, such as network security, vulnerability research, and application security. It then offers recommendations for how to learn more through formal education, online courses, conferences, meetups, academic papers, and social media. The document emphasizes the importance of networking and maintaining connections. It also provides suggestions for news sources and social media to stay up-to-date on trends in the field. The overall message is that cyber security offers many opportunities for different interests and skill sets.
Cyber Education: Your Options & Resources Mapped OutKelly Shortridge
The document discusses various options and resources for pursuing a career in cyber education. It provides an overview of the career paths available in information security and the skills required for different roles. It also outlines both formal and informal educational opportunities, emphasizing the importance of networking through conferences, competitions, and maintaining an active social network in the field.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
12. 12
1. Why traditional game theory isn’t even a
theory and is unfit for strategy-making
2. A new framework for modeling the infosec
game based on behavioral insights
3. New defensive strategies that exploit your
adversaries’ “thinking” and “learning”
29. Nash Equilibrium = optimal outcome of a non-
cooperative game
Players are making the best decisions for
themselves while taking their opponent’s
decisions into account
29
33. Defender should play extremely fast so the
attacker drops out of the game
Better to invest in security than not invest,
regardless of attacker strategy (wow!)
Just apply tons of mathematical equations!
33
35. Use GT for its expressive power in describing a
framework for the infosec game
Look at data outside GT, e.g. from experiments
in domains similar to infosec, to select correct
assumptions
35
39. 39
Have you heard infosec described as
a “cat and mouse” game before?
40. 40
Traditional Game Theory doesn’t
allow for those…
…or most of the characteristics of the
“infosec game”
41. Assumes people are rational (they aren’t)
Assumes static vs. dynamic environments
Can’t ever be “one step ahead” of your adversary
Deviations from Nash Equilibrium are common
41
42. 42
“I feel, personally, that the study of
experimental games is the proper route of
travel for finding ‘the ultimate truth’ in
relation to games as played by human
players”
—John Nash
49. Humans learn through “error-reinforcement
learning” (trial & error)
People have “learning rates,” how much
experiences factor into decision making
Dopamine neurons encode errors
49
50. Veksler & Buchler study
200 consecutive “security games” across 4
strategies
Different learning rates for attackers
Tested # of prevented attacks for each strategy
50
51. Fixed strategy = prevent 10% - 25% of attacks
Game Theory strategy = prevent 50% of attacks
Random strategy = prevent 49.6% of attacks
Cognitive Modeling strategy = prevent between
61% - 77%
51
57. Model SWOT for yourself in relation to your
adversary
Model SWOT for your adversary in relation to
you
57
58. “The primary insight of GT is the
importance of focusing on others – of
putting yourself in the shoes of other
players and trying to play out all the
reactions…as far ahead as possible”
– Adam Brandenburger
58
59. 59
Strengths Weaknesses
Opportunities Threats
▪ Inadequate budget
▪ Lack of personnel
▪ Limited employee training
▪ Understanding of target
environment
▪ Motivation to not be
breached
▪ Leverage new tech to allow
for tear up/down
▪ Increased board attention
to get budget
▪ Attackers can use new tech
for scalability
▪ Hard to keep up with pace
of new attack surface
63. “Core rigidities” = deeply embedded knowledge
sets that create problems
Compliance, fixed security guidelines
Top management can be the wrong people for
an evolving environment
63
64. Attacker strength = having time to craft an attack
Leverage that “strength” with strategies leading
down rabbit holes and wasting their time
64
65. Attacker strength = access to known vulns
Confuse them with fake architecture so they
can’t be certain what systems you’re running
65
68. “Prompt” the player to consider who their
opponents are & how their opponents will react
Model assumptions around capital, time, tools,
risk aversion
68
69. Your goal is to ask, “if I do X, how will
that change my opponent’s strategy?”
69
71. How would attackers pre-emptively bypass the
defensive move?
What will the opponent do next in response?
Costs of the opponent’s offensive move?
Probability the opponent will conduct the move?
71
73. Perform local recon, escalate to whatever privs
they can get
Counter: priv separation, don’t hardcode creds
Leads to: attacker must exploit server, risk =
server crashes
73
75. Model decision trees both for offense & defense
Theorize probabilities of each branch’s outcome
Creates tangible metrics to deter self-
justification
75
76. “Attackers will take the least cost path
through an attack graph from their start
node to their goal node”
– Dino Dai Zovi, “Attacker Math”
76
77. 77
Reality
Skiddies / Random Criminal Group
Nation State
Priv Separation
Known exploit
GRSecseccomp
Elite
0day
Use DB
on box
Role sep
Win
Tokenization,
segmentation
Absorb into
botnet
Anomaly
detection
1day
Win
0%
60%
50%
50%
98%
2%
5%
10%
50%
40%
25%
30%
100%
0%
60%
40%
70% 0%
0%
65%
10%
25%
78. 1. Which of your assets do attackers want?
2. What’s the easiest way attackers get to those assets?
3. What countermeasures are on that path?
4. What new path will the attacker take given #3?
5. Repeat 1 – 4 until it’s “0day all the way down”
6. Assign rough probabilities
78
79. 79
Whiteboards + camera snaps (or “DO NOT ERASE!!!!”)
Draw.io, Gliffy (plugs into Confluence)
Google Docs (> insert drawing)
PowerPoint (what I used)
Visio (last resort)
81. Decision trees help for auditing after an incident
& easy updating
Serves as a historical record to refine decision-
making process
Mitigates “doubling down” effect by showing
where strategy failed
81
82. Defender’s advantage = knowing the home turf
Visualize the hardest path for attackers – how
can you force them onto to that path?
Commonalities on trees = which strategies
mitigate the most risk across various attacks
82
84. A new request for your pen-testers / red-team
The ask: outline which paths they did or didn’t
take, and why (a decision tree w/ explanations)
Helps you see the attacker perspective of your
defenses & where to improve
84
89. Defenders have info adversaries need to
intercept
Dynamic envs = frequently in learning phase
Hide or falsify data on the legitimate system side
89
93. 93
Goal is to remove the attacker’s scientific
method so they can’t test hypotheses
(Pretend like hashtags are a thing and tweet
#wastehackertime2017 with your own ideas)
94. 94
Create custom email rejection messages
Create honeydoc on the “Avallach Policy”
Have response to suspicious emails be, “This
violates the Avallach policy”
Track when the doc is accessed
95. 95
General strategy: create honeytokens that look
to describe legitimate policies or technologies
that would be useful in attacker recon
107. 107
Make the IsDebuggerPresent function call
always return non-zero
Create fake versions of driver objects like
.NTICE and .SyserDbgMsg
Set KdDebuggerEnabled to 0x03
108. 108
Load DLLs from AV engines using a Windows
loader with a forwarder DLL
ex64.sys (Symantec)
McAVSCV.DLL (McAfee)
SAUConfigDLL.dll (Sophos)
cbk7.sys (Carbon Black)
cymemdef.dll (Cylance)
CSAgent.sys (Crowdstrike)
109. 109
Deploy lightest weight hypervisor possible for
added “wolfskin”
https://github.com/asamy/ksm
https://github.com/ionescu007/SimpleVisor
https://github.com/Bareflank/hypervisor
111. 111
Minimax / maximin = minimize the possible loss
for a worst case maximum loss scenario
112. 112
Want to find the minimum of the sum of the
expected cost of protection and expected cost
of non-protection
113. 113
Don’t have a monoculture – diversity is strongly
beneficial for protection
Stochastic decisions may be better than
deterministic
From The Imitation Game: should only act on
Enigma info some of the time, not all
117. 117
Preferences change based on experience
Models incorporate the “post-decision-state”
Higher the attacker’s learning rate, easier to
predict their decisions
118. 118
ΔUA = α (R – UA), where:
▪ UA = expected utility of an offensive action
▪ α = learning rate
▪ R = feedback (success / failure)
119. 119
If α = 0.2, R = 1 for win & -1 for loss, then:
▪ ΔUA = 0.2(1- 0) = 0.2
Attacker is 20% more likely to do this again
From here, you can adjust the learning rate
based on data you see
120. 120
Track utility values for each attacker action
For detected / blocked actions, attacker action &
outcome are known variables (so utility is
calculable)
Highest “U” = action attacker will pursue
128. 128
Next step – how to begin model-
tracing attackers
After that – predict attacker behavior
129. 129
Try these at home – make your blue
team empirical
Worst case, random strategies beat
fixed ones & are just as good as GT
130. 130
“Good enough is good
enough. Good enough always
beats perfect.”
—Dan Geer
131. Suggested reading
▪ David Laibson’s Behavioral Game Theory lectures @ Harvard
▪ “Game Theory: A Language of Competition and Cooperation,” Adam Brandenburger
▪ “Advances in Understanding Strategic Behavior,” Camerer, Ho, Chong
▪ “Know Your Enemy: Applying Cognitive Modeling in the Security Domain,” Veksler, Buchler
▪ “Know Your Adversary: Insights for a Better Adversarial Behavioral Model,” Abbasi, et al.
▪ “Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous
Efforts,” Payappalli, Zhuang, Jose
▪ “Improving Learning and Adaptation in Security Games by Exploiting Information Asymmetry,”
He, Dai, Ning
▪ “Behavioral theories and the neurophysiology of reward,” Schultz
▪ “Evolutionary Security,” and “Measuring Security,” Dan Geer
131