This document provides an overview of a Ph.D. viva presentation on using game theory to model and address network attacks involving multiple compromised nodes. It discusses how hide-and-seek games can model such attacks as two-sided search problems. An empirical game theoretic analysis approach is proposed to study richer hide-and-seek models and derive strategies for both attackers and defenders. The methodology involves defining computational models, enumerating strategies, simulating strategy matchups, and analyzing results to determine optimal strategies.
1. Cyber Hide-and-Seek: Ph.D. Viva Presentation
Martin Chapman
Kingās College London
martin.chapman@kcl.ac.uk
November 30, 2015
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 1 / 45
Overview
High level overview of key themes in work; some comment on
methodology.
Designed as potential points for discussion; not exhaustive.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 2 / 45
2. Motivation I
Problem: Network attacks are becoming more frequent.
Traditional response to a network attack is to use human expertise.
(Generally) reliable and suited to the situation.
Slow.
Automated techniques exist, but they lack sophistication in that they
can only perform trivial remedial actions.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 3 / 45
Motivation II
Formal decision-making frameworks explicitly quantify the salient
elements of a phenomena such as a network attack.
This provides the opportunity for both fast...
Once a problem is quantiļ¬ed within a framework, it can be solved
automatically
...sophisticated...
Frameworks distill the knowledge of experts, such that each
framework can be applied to new situations, potentially with an
adjustment of variables (attacker or defender strategies, payoļ¬ values
etc.) to account for the particular situation.
... and scalable...
Capturing this knowledge allows situations to be addressed on a larger
scale.
...automated response.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 4 / 45
3. Existing Models I
Known as Network Security Games.
Game theoretic, in order to enable multi-player strategic
decision-making
Some models contain variables that can altered (as described
previously) and solution concepts that relate these variables in a
certain way [1]:
āĪ±c Ī±m
Ī²c āĪ²s
Ī±f 0
0 0
d1 nd
a1
na
D
A
pā
1 =
Ī±f
Ī±f + Ī±c + Ī±m
qā
1 =
Ī²s
Ī²c + Ī²s
.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 5 / 45
Existing Models II
Ī²c represents the detection penalty for an attacker, Ī²s the beneļ¬t
to an attacker from a successful attack, Ī±c the beneļ¬t to a defender
of detecting an attack, Ī±f the cost of a false alarm and Ī±m the
cost of missing an attack.
pā
1 is a probability distribution for the attack, where the potential for
attack increases with the potential for false alarm.
qā
1 is a probability distribution for the defender, where potential for
defending (i.e. the IDS monitoring) increases with the beneļ¬t to
attacking
This constitutes one solution to the game.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 6 / 45
4. Existing Models III
Some models estimate these variables instead, in an attempt to
make general comments about how to approach security situations
(e.g. attackers will often operate at a slightly lower capacity, in order
not to trigger a reaction from the defender [3]).
Most importantly, for our purposes, this ļ¬eld demonstrates an
important idea: games and game theory can be used to both model
and solve the problems exhibited by network attacks.
Common approach: take an existing game, and apply it to a
security scenario, based upon parallels between properties of the
game, and properties of the scenario e.g. a Stackelberg game;
attacker leads, defender follows [4].
Provides an accepted format in which problems can be understood.
May bring existing solutions to bear on a new problem.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 7 / 45
Multiple Node Attacks I
A speciļ¬c, yet important, category of network attacks, that havenāt
been examined in detail in the security games literature.
Attacks involve a signiļ¬cant number of intermediate nodes.
Botnets (a compromised set of slave nodes)
Problem: How do we discern compromised nodes in an overlay
network, such as a P2P network, from legitimate nodes?
Attack Pivoting (incremental intrusion into a network)
Problem: How do we organise the network, and the sensitive resources
within it, in order to account for incremental intrusion?
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 8 / 45
5. Multiple Node Attacks II
Same methodology: Find parallels between these types of attack,
and a game.
The link: two-sided search problem
Traditional search, but the item(s) being sought is not just lost but it
has been concealed.
Must take into account the strategy of the āconcealerā.
Multiple node attacks exhibit the two-sided search problem with
multiple hidden objects.
When facing a pivoting attack, the problem must be considered from
the reverse perspective (i.e. how will the attacker attempt to second
guess my hide locations).
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 9 / 45
Hide-and-Seek games I
Search games are designed to model and investigate the two-sided
search problem. Hide-and-seek games, a subset of search games, are
designed to do this for multiple hidden objects.
Proposal
It is logical to study hide-and-seek games in order to study multiple node
attacks.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 10 / 45
6. Hide-and-Seek games II
Diļ¬erent permutations on same basic model. The permutation of
interest to us:
Two competing players; the hider and the seeker
A search space; for our purposes, a network
Hidden objects to be concealed on the network
Some cost to seeker for undertaking a search; the hider is rewarded in
an inverse amount.
This model is simple, but already promising in what it can capture
from a multiple node attack.
Richer variants to the model are natural, why arenāt they explored?
āComplexityā.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 11 / 45
Complexity of analytic solution
Gal: āNetworks of arbitrary topology are likely to have a very diļ¬cult
analytic solutionā [2]
Increasing the richness of a game representation makes it increasingly
diļ¬cult to derive a solution
Why?
It becomes less apparent what the payoļ¬ values attributed to each
potential strategy are or how to formalise a relationship between the
variables in the framework as part of a solution.
Richer games often have diļ¬erent conļ¬gurations. This greatly
increases the strategy space.
Tacking this complexity: Empirical Game Theoretic Analysis
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 12 / 45
7. Methodology
Empirical Game Theoretical Analysis (EGTA) estimates the payoļ¬
values associated with diļ¬erent strategies by realising computational
representations of them.
This computational environment, and the EGTA methodology, also
indirectly fosters the derivation of the strategies themselves.
Solution concepts
Candidate strategies Estimated payoļ¬ matrix
Simulation
Strategic reasoningAdd candidates
Further simulations
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 13 / 45
Research Questions I
In order to study a richer hider-and-seek model, amenable to
capturing the elements of a network attack at a less abstract level,
we choose to adopt this approach.
Studies that follow the EGTA methodology naturally pursue the
following three research questions:
1 Which strategies exist for both players?
2 What are the payoļ¬s for each strategy?
3 What is the solution to the game?
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 14 / 45
8. Research Questions II
Therefore, in this thesis, we ask:
1 Which strategies exist for both the hider and the seeker?
2 What are the payoļ¬s for each of these strategies?
3 What is the solution to the game?
Contribution: Recommendations for the hide-and-seek game, that
can directly inļ¬uence how the defender of a network approaches the
potential for, and responds to, a multiple node attack.
Long term aim: To provide a framework within which further
strategic experimentation can take place.
First, we need to deļ¬ne a new model of the game that facilitates
this method.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 15 / 45
Conceptual Model I
Despite the chosen methodology, it is still important to still deļ¬ne our
model conceptually; this provides the potential for future analytic
attention.
Our model exhibits a new constraint derived from explicitly treating
the hider and the objects as separate entities; the hider must traverse
the network in order to reach desired hide locations. This creates a
novel payoļ¬ structure:
A seekerās payoļ¬ is inversely proportional to the total cost of their
traversal in one interaction: Payoļ¬ (S) = āTCost(S).
A hiderās payoļ¬ is a seekerās traversal cost, minus their own traversal
cost in one interaction: Payoļ¬ (H) = TCost(S) ā TCost(H).
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 16 / 45
9. Conceptual Model II
This constraint coupled with an existing constraint ā an unknown
network ā creates challenges for the hider (and indeed the seeker)
not seen previously (e.g. strategies must respond as more is learnt
about the network, a hider no longer has complete freedom to move
anywhere etc.).
These features are the source of complexity, as previously described.
Complexity is also in the computational model...
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 17 / 45
Computation Model I
Conceptual model makes no assumption about the format of the
topology, but the actual variations in topology are provided within
the computational model.
Supported by the library JGraphT.
We end up with something tangible that can be run for an arbitrary
number of iterations
Implemented in Java as an interactive platform.
Structured for use by the community as a distributed research game.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 18 / 45
10. Computation Model II
A run of the computational model (otherwise known as a game) is
deļ¬ned by:
A set of hider and seeker strategies.
All pairwise meetings between the hider and the seeker, for each
strategy.
A particular conļ¬guration of variables in the model.
Each game is repeated multiple times to increase validity.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 19 / 45
Model conļ¬guration I
1 G Graph topology
2 N Number of nodes in network
3 K The number of hidden objects
4 c Upper limit on edge costs
5 R Number of interactions
6 ...
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 20 / 45
11. Model conļ¬guration II
The conditions under which we answer each research question.
Some conditions have a greater impact on some questions than others
(e.g. increasing the number of nodes doesnāt necessarily open up a
space for introducing a greater number of strategies.).
Default conļ¬guration: 5% of nodes will contain hidden objects (K
= 5, N = 100). Why?
Reļ¬ect the āneedle in a haystackā element of a multiple node attack.
Other conļ¬guration: 50% of nodes will contain hidden objects
(N = 2K), for 1 ā¤ K ā¤ 100. Why?
Understand the impact that a greater number of nodes has on
diļ¬erent strategies
Understand the impact that having a higher ratio of hidden objects to
nodes has on diļ¬erent strategies
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 21 / 45
Main Conļ¬gurations
1 Games containing a single interaction.
2 Games containing multiple interactions.
Other variables are considered as sub-conļ¬gurations within these.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 22 / 45
12. Single Interaction Games I
Each game consists of a single interaction.
High frequency of attacks, but may be from diļ¬erent parties with
diļ¬erent strategies.
A speciļ¬c attack that is diļ¬cult to replicate (e.g. a targeted piece of
malware such as Stuxnet).
Player Strategy Description
Hider hRandomSet Chooses a subset of K nodes stochastically from all N nodes.
Seeker sBacktrackGreedy Traverses the graph by choosing the cheapest, unvisited outgoing edge from
amongst those edges connected to the current node, and previously visited
nodes.
Hider hFirstK Hides its start node, and the ļ¬rst K ā1 locations it reaches on a random walk.
Seeker sLinkedPath Attempts to ļ¬nd the trail of objects left by hFirstK by exploring until one
object is found, and then iteratively examining each connected node in turn,
backtracking if the path ends.
Hider hNotConnected Hides in the ļ¬rst K nodes which it visits that have no connections to any of
the nodes that already exist in the hide set.
Hider hLeastConnected Expresses a preference for concealing objects in nodes that have the lowest
degree centrality.
Hider hMaxDistance Expresses a preference for concealing objects in a set of nodes that exist at the
maximum distance from one another.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 23 / 45
Single Interaction Games II
Example application of methodology:
1 Enumerate strategies; in response to the behaviour of opponents,
behaviour in a network attack or simply natural behaviour. hFirstK,
hRandomSet, sBacktrackGreedy and sLinkedPath
2 Realise strategies in computational model.
3 Conļ¬gure parameters (K = 5, N = 100, c = 1).
4 Run simulation (containing suļ¬cient number of games (typically
1000)).
5 Measure performance of strategies in simulation (payoļ¬ is the typical
metric).
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 24 / 45
13. Single Interaction Games III
6 Plot results for analysis.
0.3
0.35
0.4
0.45
0.5
0.55
0.6
0.65
hFirstK
hRandom
Set
Payoļ¬
Strategy
sBacktrackGreedy
***
***
sLinkedPath
***
***
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 25 / 45
Single Interaction Games IV
7 Translate to payoļ¬ information in order to solve game.
ā6.0 ā3.0
6.0 3.0
ā6.0 ā10.0
4.0 8.0
sBacktrackGreedy sLinkedPath
hFirstK
hRandomSet
Hider: hFirstK (57.14%) hRandomSet (42.86%) (Payoļ¬: 5.14) and
Seeker: sBacktrackGreedy (71.43%) sLinkedPath (28.57%) (Payoļ¬:
-6.00)
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 26 / 45
14. Single Interaction Games V
Examples of translating solutions to the hide-and-seek game into
recommendations for network attacks.
āThe best strategy for a hider to adopt against sBacktrackGreedy,
depending on the existence of other strategies, is hFirstKā.
The hider is the defender.
Concealing vulnerabilities arbitrarily (hRandomSet) is costly, yet
desirable because it deters an attacker; the attacker knows this will
necessitate extensive tours once inside the network. This threat can
be maintained by adopting a strategy in which resource, unbeknown to
the attacker, and placed in close proximity, while simultaneously
reducing cost.
An element of psychology, further supporting the use of game theory.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 27 / 45
Single Interaction Games VI
āThe best strategy for a hider to adopt against sBacktrackGreedy and
sLinkedPath is hNotConnectedā.
The hider is the defender.
We now have a strategy that is dominant against a range of choices by
the defender; correctly balancing eļ¬ort with anonymity can deter an
attacker as much as taking the eļ¬ort to hide completely anonymously,
without the additional cost (as with hFirstK) and without the potential
for exploitation.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 28 / 45
15. Multiple Interaction Games (Reactive Strategies) I
Multiple interaction game: the same attacker and defender meet
each other multiple times. Natural if an attacker exerts eļ¬ort
establishing a botnet.
Limitation of strategies in a single game: Preference strategies
are natural, but ill-suited to a single game interaction.
Instead, with the multiple interaction dynamic, we consider how
strategies (existing and new) are able to react based upon acquiring
incremental knowledge of their environment, their opponentās
actions and their own past actions.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 29 / 45
Multiple Interaction Games (Reactive Strategies) II
Player Strategy Description
Seeker sLeastConnectedFirst Visits those nodes with the lowest connectivity,
ļ¬rst.
Seeker sMaxDistanceFirst Visits those nodes that it computes to be at the
diameter of the graph, ļ¬rst.
Seeker sHighProbability Visits those nodes that have been hidden in most
frequently by a hider, ļ¬rst.
Seeker sInverseHighProbability Visits those nodes that a hider has not yet hidden
in, ļ¬rst.
Hider hDeceptive Hides in K nodes for a set number of rounds, and
then in the remaining rounds never hides in these
nodes again.
Hider hUniqueRandomSet Does not repeat its choice of hide location for as
along as possible, and then restarts this process.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 30 / 45
16. Multiple Interaction Games (Reactive Strategies) III
āThe best strategy for a seeker to adopt against hMaxDistance, when
there are multiple interactions, is sMaxDistanceFirst, but this is the
worst strategy to play against hLeastConnectedā
The seeker is the defender.
If a defender is able to correctly second guess the mentality (i.e. the
strategy) of the attacker, in terms of their selection of nodes to
compromise as bots, they are rewarded highly. However, if their
estimation is wrong, they suļ¬er.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 31 / 45
Multiple Interaction Games (Reactive Strategies) IV
āThe best strategy for a seeker to adopt against both hMaxDistance
and hLeastConnected is sHighProbabilityā
The seeker is the defender.
Rather than trying to second guess the actions of an attacker, a
defender can wait for evidence of their behaviour. In this instance,
they cannot exploit the attacker to the same extent as if they made a
correct estimation, but instead protect themselves by reacting to
behaviour.
The best response from an attacker to this is to āspaceā bots out within
the compromised overlay network (i.e. hMaxDistance). Achieving this
in practice requires additional eļ¬ort, and is a challenge logistically, so
the attacker may be deterred from attacking the network outright.
Again about psychology.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 32 / 45
17. Multiple Interaction Games (Meta Strategies) I
Limitation of reactive strategies: A short-sighted, reactive
approach has its limitations.
Meta-strategies: A framework that facilitates the gradual
acquisition of knowledge; react to how the opponent is playing, not
simply to patterns in their behaviour.
Abstracts the notion of strategy selection to a single strategy with
multiple behaviours.
Player Strategy Description
Seeker sMetaProbability Assesses whether an opponent is playing hRandom-
Set or hUniqueRandomSet, and acts accordingly.
Hider hMetaConnected Assesses whether there are a suitable number of low
connectivity nodes in the graph to make hLeastCon-
nected a viable strategy.
Hider hMetaRandom Aims to understand the suitability of the strategy
currently being emulated in order to respond to a
seeker playing either sHighProbability or sInverse-
HighProbability.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 33 / 45
Multiple Interaction Games (Meta Strategies) II
āThe best strategy to play against an opponent playing a concrete
strategy is a meta strategyā
A warning to a defender adopting a speciļ¬c defence mechanism (e.g.
speak up [5]); once an attacker understands that this is the mechanism
being used, they can adjust for it.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 34 / 45
18. Multiple Interaction Games (Meta Strategies) III
āThe best strategy to play against an opponent playing a meta
strategy is a concrete strategyā
Meta-strategies are useful when the opponent does not recognise that
their behaviour is being monitored, and respond.
If they do, we end up with a large amount of ļ¬ux in the choice of
strategy, as each player tries to better the other.
Reļ¬ects current state of aļ¬airs: defenders continually patch, while
attackers continually exploit.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 35 / 45
Potential Weaknesses?
Minor:
Parameter conļ¬gurations (e.g. the relative values of N and K), are
made without the inject of real data; setting values is a move towards
this, but more could easily be done.
Some may ļ¬nd the notion that strategies defeat each other
unintuitive; a component of the EGTA method, import tests for
robustness.
Worth elaboration:
Relationship with Security Literature
Recommendation Caveats
Abstraction
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 36 / 45
19. Relationship with Existing Security Literature
Existing security literature is contemporary. This work is essential.
Our work aims to complement this work by looking at the bigger
picture; aims to contribute some, or at least provide a framework in
which, ātimelessā strategies can be developed.
Focusses on literature from well established areas; game theory,
network security games etc.
As such, compromises some contemporary themes; easy to update
the model to account for more contemporary information.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 37 / 45
Recommendation Caveats I
The model is abstract; it is not a network simulator, nor was it
designed to be (explained momentarily...). This means
recommendations require further veriļ¬cation; they are heuristics.
Important to diļ¬erentiate them as heuristics by leaving them in the
context of the model.
This is not an exhaustive list (but logical within the scope deļ¬ned);
we are not claiming to have all the answers; instead the model
provides a framework within which further recommendations can be
derived.
Recommendations are often intuitive, but sometimes not; changing
strategy in response to your opponentās change in strategy (i.e. also
adopting a meta-strategy) is of no beneļ¬t. Knowing something is
diļ¬erent to showing it.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 38 / 45
20. Recommendation Caveats II
In the end, the recommendations are important, but the impact of
this work goes above that, in accordance with the aim highlighted
earlier:
Furthers the important methodology of abstraction, and the
methodology of applying games to new problems.
Contributes a model (both in its conceptual and computation form) to
the research community as a whole; distributed research game.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 39 / 45
Recommendation Caveats III
Youāre helping the attacker as well as the defender!
Because an attacker and a defender can be either the hider or the
seeker, recommendations could, in theory, help both.
Understanding how an attacker may think, and their optimal
course of play, is essential.
Often ļ¬nd that there are natural restrictions when the attacker is the
hider.
e.g. While it may seem that an attacker will also beneļ¬t from the
recommendation that hiding in adjacent nodes achieves comparable
anonymity to hiding uniformly randomly, being in a network outside of
their control limits the freedom they have to hide anywhere.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 40 / 45
21. Abstraction I
Why do we approach the problem at this level?
An important ļ¬rst step in solving problems.
Studies that attempt to model problems such as multiple node attacks
directly, often end up unwieldly.
Initially motivated by multiple node attacks, but could have
applications elsewhere.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 41 / 45
Abstraction II
Potential issues:
1 Veriļ¬cation (mentioned)
Common in computer science. There are therefore mechanisms in place
to enable this.
2 Implicit expectation that hider and seeker can be used
interchangeably with attacker or defender; nice because it helps
harmonise the concepts, but may lead to ambiguities, or further
questions of applicability e.g. Chapter 1 considers the hider as the
benign entity, while Chapter 2 considers the seeker as the benign entity.
Flexibility outweighs the potential ambiguity.
Important to consider the level of abstraction in relation to existing
hide-and-seek games.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 42 / 45
22. Strengths
Multiple Interaction Games with Meta Strategies (Chapter 5).
Distributed Research Game (DRG)
Abstraction, while a challenge, is also a signiļ¬cant strength in terms
of versatility and providing a new perspective on problems.
Classiļ¬cation of Network Attacks (D2C3).
Investigating the hide-and-seek game from a computational
perspective, and search games in general, is itself a whole new ļ¬eld.
...
Also could provide the basis for future publication
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 43 / 45
Looking to the future...
In the process of listing desirable features to extend a search game
prior to conducting the study, we also introduce the potential for
future work:
Speciļ¬c:
Strategies with a greater number of topological preferences.
A greater number of rounds in a game.
Further permutations on the meta-strategy model (varying degrees
of knowledge regarding when and how to change behaviour).
General:
Further validate heuristics; provide more heuristics as a result of
expanding the model.
Where cost falls in the model (Edges and Nodes?)
The impact of multiple hiders and seekers.
...
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 44 / 45
23. References
Tansu Alpcan and Tamer BaĀøsar.
Network Security: A Decision and Game-theoretic Approach.
Cambridge University Press, 2010.
Shmuel Gal.
Search games.
In Wiley Encyclopedia of Operations Research and Management Scilence. Wiley,
2011.
Jorma Jormakka and Jarmo MĀØolsĀØa.
Modelling Information Warfare as a Game.
Journal of Information Warfare, 4(2):12ā25, 2005.
Heinrich Von Stackelberg.
Market Structure and Equilibrium.
Springer Science and Business Media, 2010.
Michael Walļ¬sh, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott
Shenker.
Ddos Defense by Oļ¬ense.
In Proceedings of The 2006 Conference on Applications, Technologies,
Architectures, and Protocols for Computer Communications (SIGCOMM 06),
pages 303ā314, 2006.
Martin Chapman (Kingās College London) Cyber Hide-and-Seek November 30, 2015 45 / 45