Quanyan Zhu

This groundbreaking book is the first to establish a clear and comprehensive link between game theory and deep learning, demonstrating the critical importance of this interplay for solving key technological challenges such as those found in future wireless and energy networks. It delves into the latest connections between game theory and generative AI, including large language models, showcasing how these advanced concepts can be harnessed to address complex real-world problems. Readers will gain a deep understanding of how these two powerful fields intersect and the practical applications of this knowledge, making it an essential resource for anyone looking to stay at the forefront of technological innovation. With this book the reader will be able to: Develop a solid foundation in game theory and understand interactive scenarios in both engineering and everyday life; Effectively apply their knowledge to practical problems, including resource allocation, security, and influence maximization; Design strategies that optimally exploit available information through successive optimization, reinforcement learning, deep learning, and generative AI techniques.

Dieses Buch stellt ein Kompendium ausgewählter spiel- und entscheidungstheoretischer Modelle zur Erreichung und Bewertung der Sicherheit kritischer Infrastrukturen vor. Angesichts aktueller Berichte über Sicherheitsvorfälle verschiedenster Art lässt sich ein Paradigmenwechsel hin zu immer heterogeneren Angriffen erkennen. Hierbei werden verschiedene Techniken kombiniert werden, was zu einer fortgeschrittenen, anhaltenden Bedrohung führen kann. Sicherheitsvorkehrungen müssen diesen vielfältigen Bedrohungsmustern in ebenso vielfältiger Weise gerecht werden. Als Antwort darauf bietet dieses Buch eine Fülle von Techniken zum Schutz vor und zur Abschwächung von IT-Angriffen. Ein Großteil der traditionellen Sicherheitsforschung konzentriert sich auf bestimmte Angriffsszenarien oder Anwendungen und ist bestrebt, einen Angriff "praktisch unmöglich" zu machen. Ein neueres Sicherheitskonzept betrachtet die Sicherheit als ein Szenario, in dem die Kosten eines Angriffs den möglichen Nutzen übersteigen. Dies schließt die Möglichkeit eines Angriffs nicht aus, sondern minimiert die Wahrscheinlichkeit eines solchen auf das geringstmögliche Risiko. Das Buch folgt dieser ökonomischen Definition von Sicherheit und bietet eine managementwissenschaftliche Sichtweise, die ein Gleichgewicht zwischen Sicherheitsinvestitionen und dem daraus resultierenden Nutzen anstrebt. Es konzentriert sich auf die Optimierung von Ressourcen angesichts von Bedrohungen wie Terrorismus und fortgeschrittenen, anhaltenden Bedrohungen. Ausgehend von der Erfahrung der Autoren und inspiriert von realen Fallstudien bietet das Buch einen systematischen Ansatz für die Sicherheit und Widerstandsfähigkeit kritischer Infrastrukturen. Das Buch ist eine Mischung aus theoretischer Arbeit und praktischen Erfolgsgeschichten und richtet sich vor allem an Studenten und Praktiker, die eine Einführung in spiel- und entscheidungstheoretische Techniken für die Sicherheit suchen. Die erforderlichen mathematischen Konzepte sind in sich abgeschlossen, werden rigoros eingeführt und durch Fallstudien illustriert. Das Buch bietet auch Software-Tools, die den Leser bei der praktischen Anwendung der wissenschaftlichen Modelle und Berechnungsrahmen unterstützen. Dieses Buch ist eine Übersetzung einer englischen Originalausgabe. Die Übersetzung wurde mit Hilfe von künstlicher Intelligenz (maschinelle Übersetzung durch den Dienst DeepL.com) erstellt. Eine anschließende menschliche Überarbeitung erfolgte vor allem in Bezug auf den Inhalt, so dass sich das Buch stilistisch anders liest als eine herkömmliche Übersetzung.

This book presents the latest research in cognitive security, a rapidly emerging field that addresses the vulnerabilities in human behavior and cognition that can lead to Cyber-Physical Systems (CPS) compromise. This book demonstrates that as adversaries increasingly use manipulative and deceptive information to disrupt human cognitive processes, including sensation, attention, memory, and mental operations, humans are misled into fallacious reasoning and manipulated decisions that can lead to system-level meltdown. Cognitive security aims to protect humans from the exploitation of cognitive vulnerabilities, help them make informed decisions that are free from manipulation and undue influence, and mitigate the aggravating risk in the ensuing steps of the attacker’s kill chain. This book offers solutions that work across different fields, such as psychology, neuroscience, data science, social science, and game theory, to deal with cognitive threats. It guides the reader through the core ideas with figures, real-life examples, and case studies. Moreover, it formally defines all research questions, presents the results using mathematical theorems and proofs, and obtains insights through numerical validation. This book provides a self-contained and brief overview of essential system-scientific tools for modeling, analyzing, and mitigating cognitive vulnerabilities. The concepts of human cognitive capacities and cognitive vulnerabilities are formally discussed, followed by two case studies in the scenarios of reactive and proactive attention vulnerabilities. This book provides insights and applications on this transdisciplinary topic, with the goal of motivating future research in this emerging area and pushing the frontier of human-technology convergence. This book is a valuable reference for researchers and advanced-level students studying or working in cognitive security and related fields. It is also useful for decision-makers, managers, and professionals working within these related fields.

This SpringerBrief presents a brief introduction to probabilistic risk assessment (PRA), followed by a discussion of abnormal event detection techniques in industrial control systems (ICS). It also provides an introduction to the use of game theory for the development of cyber-attack response models and a discussion on the experimental testbeds used for ICS cyber security research. The probabilistic risk assessment framework used by the nuclear industry provides a valid framework to understand the impacts of cyber-attacks in the physical world. An introduction to the PRA techniques such as fault trees, and event trees is provided along with a discussion on different levels of PRA and the application of PRA techniques in the context of cybersecurity. A discussion on machine learning based fault detection and diagnosis (FDD) methods and cyber-attack detection methods for industrial control systems are introduced in this book as well.A dynamic Bayesiannetworks based method that can be used to detect an abnormal event and classify it as either a component fault induced safety event or a cyber-attack is discussed. An introduction to the stochastic game formulation of the attacker-defender interaction in the context of cyber-attacks on industrial control systems to compute optimal response strategies is presented. Besides supporting cyber-attack response, the analysis based on the game model also supports the behavioral study of the defender and the attacker during a cyber-attack, and the results can then be used to analyze the risk to the system caused by a cyber-attack. A brief review of the current state of experimental testbeds used in ICS cybersecurity research and a comparison of the structures of various testbeds and the attack scenarios supported by those testbeds is included. A description of a testbed for nuclear power applications, followed by a discussion on the design of experiments that can be carried out on the testbed and the associated results is covered as well.This SpringerBrief is a useful resource tool for researchers working in the areas of cyber security for industrial control systems, energy systems and cyber physical systems. Advanced-level students that study these topics will also find this SpringerBrief useful as a study guide.

This SpringerBrief introduces methodologies and tools for quantitative understanding and assessment of supply chain risk to critical infrastructure systems. It unites system reliability analysis, optimization theory, detection theory and mechanism design theory to study vendor involvement in overall system security. It also provides decision support for risk mitigation.This SpringerBrief introduces I-SCRAM, a software tool to assess the risk. It enables critical infrastructure operators to make risk-informed decisions relating to the supply chain, while deploying their IT/OT and IoT systems.The authors present examples and case studies on supply chain risk assessment/mitigation of modern connected infrastructure systems such as autonomous vehicles, industrial control systems, autonomous truck platooning and more. It also discusses how vendors of different system components are involved in the overall security posture of the system and how the risk can be mitigatedthrough vendor selection and diversification. The specific topics in this book include:Risk modeling and analysis of IoT supply chainsMethodologies for risk mitigation, policy management, accountability, and cyber insurance Tutorial on a software tool for supply chain risk management of IoT These topics are supported by up-to-date summaries of the authors’ recent research findings. The authors introduce a taxonomy of supply chain security and discusses the future challenges and directions in securing the supply chains of IoT systems. It also focuses on the need for joint policy and technical solutions to counter the emerging risks, where technology should inform policy and policy should regulate technology development.This SpringerBrief has self-contained chapters, facilitating the readers to peruse individual topics of interest. It provides a broad understanding of the emerging field of cyber supply chain security in the context of IoT systems to academics, industry professionals and government officials.

This book introduces game theory as a means to conceptualize, model, and analyze cyber deception. Drawing upon a collection of deception research from the past 10 years, the authors develop a taxonomy of six species of defensive cyber deception. Three of these six species are highlighted in the context of emerging problems such as privacy against ubiquitous tracking in the Internet of things (IoT), dynamic honeynets for the observation of advanced persistent threats (APTs), and active defense against physical denial-of-service (PDoS) attacks. Because of its uniquely thorough treatment of cyber deception, this book will serve as a timely contribution and valuable resource in this active field. The opening chapters introduce both cybersecurity in a manner suitable for game theorists and game theory as appropriate for cybersecurity professionals. Chapter Four then guides readers through the specific field of defensive cyber deception. A key feature of the remaining chapters is the development of a signaling game model for the species of leaky deception featured in honeypots and honeyfiles. This model is expanded to study interactions between multiple agents with varying abilities to detect deception. Game Theory for Cyber Deception will appeal to advanced undergraduates, graduate students, and researchers interested in applying game theory to cybersecurity. It will also be of value to researchers and professionals working on cybersecurity who seek an introduction to game theory.

This book introduces a cross-layer design to achieve security and resilience for CPSs (Cyber-Physical Systems). The authors interconnect various technical tools and methods to capture the different properties between cyber and physical layers. Part II of this book bridges the gap between cryptography and control-theoretic tools. It develops a bespoke crypto-control framework to address security and resiliency in control and estimation problems where the outsourcing of computations is possible. Part III of this book bridges the gap between game theory and control theory and develops interdependent impact-aware security defense strategies and cyber-aware resilient control strategies.With the rapid development of smart cities, there is a growing need to integrate the physical systems, ranging from large-scale infrastructures to small embedded systems, with networked communications. The integration of the physical and cyber systems forms Cyber-Physical Systems (CPSs), enabling the use of digital information and control technologies to improve the monitoring, operation, and planning of the systems. Despite these advantages, they are vulnerable to cyber-physical attacks, which aim to damage the physical layer through the cyber network.This book also uses case studies from autonomous systems, communication-based train control systems, cyber manufacturing, and robotic systems to illustrate the proposed methodologies. These case studies aim to motivate readers to adopt a cross-layer system perspective toward security and resilience issues of large and complex systems and develop domain-specific solutions to address CPS challenges.A comprehensive suite of solutions to a broad range of technical challenges in secure and resilient control systems are described in this book (many of the findings in this book are useful to anyone working in cybersecurity). Researchers, professors, and advanced-level students working in computer science and engineering will find this book useful as a reference or secondary text. Industry professionals and military workers interested in cybersecurity will also want to purchase this book.

RESOURCE MANAGEMENT FOR ON-DEMAND MISSION-CRITICAL INTERNET OF THINGS APPLICATIONS Discover an insightful and up-to-date treatment of resource management in Internet of Things technology In Resource Management for On-Demand Mission-Critical Internet of Things ­Applications, an expert team of engineers delivers an insightful analytical perspective on modeling and decision support for mission-critical Internet of Things applications. The authors dissect the complex IoT ecosystem and provide a cross-layer perspective on the design and operation of IoT, especially in the context of smart and connected communities. The book offers an economic perspective on resource management in IoT systems with a particular emphasis on three main areas: spectrum management via reservation, allocation of cloud/fog resources to IoT applications, and resource provisioning to smart city service requests. It leverages theories from dynamic mechanism design, optimal control theory, and spatial point processes, providing an overview of integrated decision-making frameworks. Finally, the authors discuss future directions and relevant problems on the economics of resource management from new perspectives, like security and resilience. Readers will also enjoy the inclusion of: A thorough introduction and overview of IoT applications in smart cities, mission critical IoT services and requirements, and key metrics and research challengesA comprehensive exploration of the allocation of spectrum resources to mission critical IoT applications, including the massive surge of IoT and spectrum scarcity problemPractical discussions of the provisioning of cloud/fog computing resources to IoT applications, including allocation policyIn-depth examinations of resource provisioning to spatio-temporal service requests in smart cities Perfect for engineers working on Internet of Things and cyber-physical systems, Resource Management for On-Demand Mission-Critical Internet of Things Applications is also an indispensable reference for graduate students, researchers, and professors with an interest in IoT resource management.

Robotics is becoming more and more ubiquitous, but the pressure to bring systems to market occasionally goes at the cost of neglecting security mechanisms during the development, deployment or while in production. As a result, contemporary robotic systems are vulnerable to diverse attack patterns, and a posteriori hardening is at least challenging, if not impossible at all. This book aims to stipulate the inclusion of security in robotics from the earliest design phases onward and with a special focus on the cost-benefit tradeoff that can otherwise be an inhibitor for the fast development of affordable systems. We advocate quantitative methods of security management and design, covering vulnerability scoring systems tailored to robotic systems, and accounting for the highly distributed nature of robots as an interplay of potentially very many components. A powerful quantitative approach to model-based security is offered by game theory, providing a rich spectrum of techniques to optimize security against various kinds of attacks. Such a multi-perspective view on security is necessary to address the heterogeneity and complexity of robotic systems. This book is intended as an accessible starter for the theoretician and practitioner working in the field.

This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an advanced persistent threat. Security precautions must match these diverse threat patterns in an equally diverse manner; in response, this book provides a wealth of techniques for protection and mitigation. Much traditional security research has a narrow focus on specific attack scenarios or applications, and strives to make an attack “practically impossible.” A more recent approach to security views it as a scenario in which the cost of an attack exceeds the potential reward. This does not rule out the possibility of an attack but minimizes its likelihood to the least possible risk. The book follows this economic definition of security, offering a management scientific view that seeks a balance between security investments and their resulting benefits. It focuses on optimization of resources in light of threats such as terrorism and advanced persistent threats. Drawing on the authors’ experience and inspired by real case studies, the book provides a systematic approach to critical infrastructure security and resilience. Presenting a mixture of theoretical work and practical success stories, the book is chiefly intended for students and practitioners seeking an introduction to game- and decision-theoretic techniques for security. The required mathematical concepts are self-contained, rigorously introduced, and illustrated by case studies. The book also provides software tools that help guide readers in the practical use of the scientific models and computational frameworks.

This book introduces game theory as a means to conceptualize, model, and analyze cyber deception. Drawing upon a collection of deception research from the past 10 years, the authors develop a taxonomy of six species of defensive cyber deception. Three of these six species are highlighted in the context of emerging problems such as privacy against ubiquitous tracking in the Internet of things (IoT), dynamic honeynets for the observation of advanced persistent threats (APTs), and active defense against physical denial-of-service (PDoS) attacks. Because of its uniquely thorough treatment of cyber deception, this book will serve as a timely contribution and valuable resource in this active field. The opening chapters introduce both cybersecurity in a manner suitable for game theorists and game theory as appropriate for cybersecurity professionals. Chapter Four then guides readers through the specific field of defensive cyber deception. A key feature of the remaining chapters is the development of a signaling game model for the species of leaky deception featured in honeypots and honeyfiles. This model is expanded to study interactions between multiple agents with varying abilities to detect deception. Game Theory for Cyber Deception will appeal to advanced undergraduates, graduate students, and researchers interested in applying game theory to cybersecurity. It will also be of value to researchers and professionals working on cybersecurity who seek an introduction to game theory.

This book introduces a cross-layer design to achieve security and resilience for CPSs (Cyber-Physical Systems). The authors interconnect various technical tools and methods to capture the different properties between cyber and physical layers. Part II of this book bridges the gap between cryptography and control-theoretic tools. It develops a bespoke crypto-control framework to address security and resiliency in control and estimation problems where the outsourcing of computations is possible. Part III of this book bridges the gap between game theory and control theory and develops interdependent impact-aware security defense strategies and cyber-aware resilient control strategies.With the rapid development of smart cities, there is a growing need to integrate the physical systems, ranging from large-scale infrastructures to small embedded systems, with networked communications. The integration of the physical and cyber systems forms Cyber-Physical Systems (CPSs), enabling the use of digital information and control technologies to improve the monitoring, operation, and planning of the systems. Despite these advantages, they are vulnerable to cyber-physical attacks, which aim to damage the physical layer through the cyber network.This book also uses case studies from autonomous systems, communication-based train control systems, cyber manufacturing, and robotic systems to illustrate the proposed methodologies. These case studies aim to motivate readers to adopt a cross-layer system perspective toward security and resilience issues of large and complex systems and develop domain-specific solutions to address CPS challenges.A comprehensive suite of solutions to a broad range of technical challenges in secure and resilient control systems are described in this book (many of the findings in this book are useful to anyone working in cybersecurity). Researchers, professors, and advanced-level students working in computer science and engineering will find this book useful as a reference or secondary text. Industry professionals and military workers interested in cybersecurity will also want to purchase this book.

This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an advanced persistent threat. Security precautions must match these diverse threat patterns in an equally diverse manner; in response, this book provides a wealth of techniques for protection and mitigation. Much traditional security research has a narrow focus on specific attack scenarios or applications, and strives to make an attack “practically impossible.” A more recent approach to security views it as a scenario in which the cost of an attack exceeds the potential reward. This does not rule out the possibility of an attack but minimizes its likelihood to the least possible risk. The book follows this economic definition of security, offering a management scientific view that seeks a balance between security investments and their resulting benefits. It focuses on optimization of resources in light of threats such as terrorism and advanced persistent threats. Drawing on the authors’ experience and inspired by real case studies, the book provides a systematic approach to critical infrastructure security and resilience. Presenting a mixture of theoretical work and practical success stories, the book is chiefly intended for students and practitioners seeking an introduction to game- and decision-theoretic techniques for security. The required mathematical concepts are self-contained, rigorously introduced, and illustrated by case studies. The book also provides software tools that help guide readers in the practical use of the scientific models and computational frameworks.

This brief introduces game- and decision-theoretical techniques for the analysis and design of resilient interdependent networks. It unites game and decision theory with network science to lay a system-theoretical foundation for understanding the resiliency of interdependent and heterogeneous network systems. The authors pay particular attention to critical infrastructure systems, such as electric power, water, transportation, and communications. They discuss how infrastructure networks are becoming increasingly interconnected as the integration of Internet of Things devices, and how a single-point failure in one network can propagate to other infrastructures, creating an enormous social and economic impact. The specific topics in the book include: · static and dynamic meta-network resilience game analysis and design; · optimal control of interdependent epidemics spreading over complex networks; and · applications to secure and resilient design of critical infrastructures. These topics are supported by up-to-date summaries of the authors’ recent research findings. The authors then discuss the future challenges and directions in the analysis and design of interdependent networks and explain the role of multi-disciplinary research has in computer science, engineering, public policy, and social sciences fields of study. The brief introduces new application areas in mathematics, economics, and system and control theory, and will be of interest to researchers and practitioners looking for new approaches to assess and mitigate risks in their systems and enhance their network resilience. A Game- and Decision-Theoretic Approach to Resilient Interdependent Network Analysis and Design also has self-contained chapters, which allows for multiple levels of reading by anyone with an interest in game and decision theory and network science.