Searching Compatible Theory - Report Example

?Searching Compatible Theory What does game theory has to do with cyber secure attack and defense? Indeed, attack and defense evolve in several aspects of human life, comprising games. Attack may have successes and failures, and games frequently have winners or losers. Moreover, Cyber security problems are often perplexing because the increase in complexity and interconnected nature of IT systems leads to limited capability of observation and control. According to McDonald (1949), to deal with this complexity and diverse challenges, deterrent theory is one among several theories that deal with cyber surveillance. Consideration of a threat doles out as a restriction or limitation that creates hindrances to perform required tasks as it dissuades to take action considering losses and costs. The whole process can be seen as a military action in which, concerned parties are restricted to take any military action that would affect the foreign policy objectives of the two involved states. Any sort of initiation of combating action is deterred. Rational choice theory is another theory that is influential in terms of cyber security. This theory allows contemplation and differentiation of varied accessible tactics. Cornish & Clarke (1986) inform that this theory emerged considering a notion related to cost benefit analysis. For example, a criminal conducts a crime when it appears advantageous to him. The theory also puts light on challenger’s haziness towards defender’s selected option. Nevertheless, the theory fails to resolve the strategized relationship between concerned parties, which are thoroughly reviewed in game theory (Understanding Society, 2008). The challengers select their intended defenders diligently and also work on their combating strategies considering previously employed strategies by the defenders. According to Cavusoglu, Raghunathan & Yue (2008), Decision theory is weak in handling the challengers’ worked out strategies and revisiting of defender’s actions because as per the theory, defender regards challenger’s devised performances as ‘exogenous’. According to the game theory, defender’s choices and challenger’s actions are endogenous. According to the decision theory, the scenarios according to which, the involved parties have to take action are predefined due to which, the actions performed by actors are regarded exogenous. Von Newmann and Morgenstern (1944) inform that each contestant is eligible to evaluate ‘variables’ of his actions only. There are rational rules involved in considering of variables and comprehension of variables of other’s actions, which cannot be determined statistically. Therefore, it has been required to explore a more viable theory that can be applied to cyber security. Researchers have moved towards game theory to comprehend the relationship between actors in cyber security issues. In addition, Nisan and Ronen (1999), Nisan (2007) inform about mechanism design that has assisted towards development of protection and privacy mechanisms. These mechanisms are designed with the support of systematic results. Because of usage of game theory, there are certain security decisions. These security decisions are supportive in terms of distribution of restricted resources, stability of professed problems and consideration of core inducement mechanisms. In game theoretical model, more than one person are involved in the decision making process and examining the decisions made where players are either directly or indirectly involved to share the resources provided in the game. Games relevant to the strategic security can be simple or complex. The game can be helpful in solving the simple as well as complex formulated security issues. The security issues can be related to the wireless or computer controlled communication programs. The strategy can provide a solution of the user privacy issues, etc. Utilizing this theoretical model, a defender keeps maintaining the security of the network and the system, while an attacker always tries to access the secure information that can be used to disrupt the network system or communication. Game theoretical model describes and evaluates the situation which involves the individuals as well as groups with the clearance of the outcomes. The action o the individuals may influence the decisions of the teams (Aumann Hart, 1992; Fudenberg & Tirole, 1991; von Neumann & Morgenstern, 1944). Major social applications of the game theory are voting system, political decisions and economic decisions (Bilbao, Fernandez, Jimenez, & Lopez, 2002). On the other hand, game theoretical model is used in to setup the military decisions (see Fent, Feichtinger, & Tragler, 2002). Game theory involves the control and manipulation. At least two person are required to make any decision by utilizing the game theory. However, the certain set of behavioral trends followed by the players may vary the decisions. Game theory very well suits the cyber communication system security. Most attackers follow the conventional methods to breach the security of the network and game theoretical model very well suits the strategic security of cyber system as conventional methods utilized by the cyber attackers are easily be blocked. The computer security defenders always maintain the system security by updating the system security and the attackers always try to breach the security. Viruses tend to explain the similar process (Turner, 2005). For example when a attackers attacks a network, he breaches the security of the system and makes certain choices, when the network administration notices something wrong with the network, he immediately tries to restrict the user from being privileged and tends to protect the system. Furthermore, rational for the choice of game theory is the use of cyber space in Information Age, the rise of networking Society (Castells, 2010) also usually known as the Computer Age or Digital Age (). Moreover, game theoretical model permits the utilization of mega plans, which are focused to degenerate the opponent in cyberspace. In game theoretical model, the players are able to generate multiple decisions in similar interval and utilize the strategy more efficiently. By utilizing the game theoretical model players utilize the different strategies; while in cyberspace the strategies seem to be work not in the similar manner. Opponents are allowed to counter attack in the similar manner (Littman, 1994), which seems to be not “constraining” in the cyberspace environment. (Carmel & Markovtich, 1996). However, time for a specific plan is not discussed. One primary supposition describing the theoretical model of the Information era depicts that the boundaries became blur between different processes (Lister, Dovey, Giddings, Grant, & Kelly, 2003) and thus alters to victory (Bubitt, 2002). In the Information Age, several things are different; the world isincoherent, intermittent,uncertain, and inconsistent. Internet and such type of advanced communication systems provide the players to access in the manner they want and create an environment they like the most. On the other hand, the attackers in the cyberspace can only be identified as their respective locations, age, etc that are normally considered as the identical among various attackers and can be regarded “as a result frequently perceived as nonidentity” (another Kramer, 1997, p. xviii). When the cyber security agents and the attackers are in confronting position, both are in their respective space and time (Kramer, 1997). Moreover, the advanced communication technologies permit the players to alter the aims and strategies more rapidly and more often (Carmel & Frequently, 1996). Generally, a game theory can be applied to at least two players. The triumph of a player utilizing the game theory is depends on the strategies and selectivity of the other players. However, game theory can be helpful in predicting the type of the internet based conflict. The strategies and the choices are closely related to that of the defenders’. One of the major concepts in the game theory is the evaluation of numerous cyber threats (Hamilton, Miller, Ott, & Saydjari. On the other hand, it is important not only to propose suitable methods to reduce the threats but also depicts the possible results of the actions being taken. Advanced computerized communication system can generate various outcome by mathematical calculation to control the threats. For the struggle between the attacker and defender both need to know about the strategies. According to Lye and Wing (2005), A web server administrator may attain an idea of the cyber attacker’s approach “and a plan for what to do in each state in the event of an attack” from a Nash equilibria (p. 9). However, the web server administrator should seek more knowledge about the best planned strategies of the cyber attacker to find more Nash equilibria. The administrator should respond as quickly as possible if an attack is expected to happen. However, it is equally difficult for the administrator to have knowledge about the attacker’s next move. Thus, the game theory can be considered more appropriate in the cyber environment as compared to all other theoretical models. The game theory allows maintaining a control on the network by evaluating the possible strategies of the attackers and allows to plan to reduce the security threats. It utilizes the mathematical model and methods to evaluate the possible choices of the attackers. However, in social perspective it is much difficult to use fixed mathematical formulae to depict the outcome of a certain action. In this way, game theoretical model can only provide generalized predictions through mathematical methods (Aumann and Maschler, 1995: 1-2). Qualitative for Uncertainty With the passage of time, people have started accepting the usage of causes related to probability and uncertainty. Wellman (1990) has described planning while Henrion & Druzdzel (1990) have explained about ‘plausible explanations’ as domains that define a ‘dialectical argumentation framework’ for analyzing uncertainty in scientific domains. Scientific philosophies and ‘theories of rational mutual discourse’ define the framework. Numerical approach is not problem free (Parsons, 2001). Usage of quantitative information for problem solving is problematic in terms of provision of quantitative information. In quantitative methodology, ‘probability theory’, ‘possibility theory’ and ‘Dempster-Shafer (1967, 1976) theory of evidence’ are used for handling flawed information. Special advantages can be taken from the Dempster-Shafer theoretical modal that uses the mathematical methods of probability to evaluate the results from the uncertain information. Parsons’ (2001) initially tried to formulate qualitative reasoning for uncertain information but the formulation seemed to be impractical for the uncertain information; however, it permits the qualitative circulation in communication system which depends on the Dempter’s probability theory. Instead of requiring the accurate mathematical information, qualitative method utilized the uncertain information such as the data of factors bringing the change, intervals between the change in the values, etc. Person (2001) is unable to provide a fully new method to provide reasons for the uncertain information but his methods enhances the use of qualitative methods. In order to describe the possibility of his theory to be successful, he presented the possibility theory, Dempster-Shafer theory and probability theory as their qualitative versions. Person views these theories as the complementary. These methods ensure to use more than method to make the outcome accurate. Read More