# Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach

## Abstract

**:**

## 1. Introduction

## 2. Theoretical Background

## 3. Game Setting

## 4. Building and Updating Awareness

## 5. Reasoning about Strategies

## 6. The Role of (Un)Awareness in Equilibrium

**Stage 1:**The manager chooses the strategy to counter the most common attack. In this stage, the manager’s best response is to choose $M1$ if the hacker’s strategy belongs to subset $T$, $M2$ if it belongs to subset $V$, and $M3$ if it belongs to subset $Z$. To maximize his/her expected payoff, the manager should assign probabilities as described in the previous chapter.

**Stage t (t > 1):**The manager updates his/her awareness based on the observed properties and chooses a strategy. In this stage, the manager updates his/her awareness by calculating the probabilities, $p\left(T\right)$, $p\left(V\right)$, and $p\left(Z\right)$, based on the observed properties, using Equations (1)–(3). Using the updated probabilities, the manager then updates the probabilities assigned to their strategies, ${p}_{M1\left(t\right)}$, ${p}_{M2\left(t\right)}$, and ${p}_{M3\left(t\right)}$, based on the updated awareness and past frequencies, F (Equations (4)–(6)).

**Repeat Stage t**until convergence or a maximum number of iterations. The manager repeats Stage t, updating his/her awareness and probabilities and choosing strategies based on expected payoffs until a convergence point or a maximum number of iterations is reached. Convergence can be defined based on a predetermined threshold for the differences between consecutive iterations or by reaching a stable set of probabilities. Nevertheless, the manager’s goal is anticipating the hacker’s behavior and successful defense, implying that meaningful convergence occurs only when the manager’s awareness of the hacker’s strategies distribution aligns with the hacker’s strategies distribution.

## 7. Algorithm for Strategic Interaction Simulation

- Initialization
- Input:
- Number of simulation rounds, T; initial frequencies; and probabilities.
- Define the players and strategies:
- Players: $P=\{Hacker,Manager\}$;
- Hacker’s strategies: $S=\{T,V,Z\}$;
- Manager’s strategies: $M=\{{M}_{1},{M}_{2},{M}_{3}\}$;
- Payoff matrices: hacker’s payoff, ${U}_{H}(S,M)$; manager’s payoff, ${U}_{M}(S,M)$.
- Initial strategy probabilities:
- ○
- Hacker’s strategy probabilities: ${P}_{H}=\{{p}_{HT},{p}_{HV},{p}_{HZ}\}$;
- ○
- Manager’s strategy probabilities: ${P}_{M}=\{{p}_{M1},{p}_{M2},{p}_{M3}\}$.

- Historical data initialization:
- ○
- Historical frequencies of attack types: $F=\{{F}_{T},{F}_{V},{F}_{Z}\}$;
- ○
- Probabilities of hacker’s choices based on hacker’s type: $H=\{{H}_{T},{H}_{V},{H}_{Z}\}$.

- Variables for tracking frequencies:
- ○
- Frequencies of strategies: ${F}_{S}=\{\frac{\sum _{k=1}^{t}T}{t},\frac{\sum _{k=1}^{t}V}{t},\frac{\sum _{k=1}^{t}Z}{t},t\}$;
- ○
- Outcomes tracking: $O=\{\frac{{O}_{H}\left(t\right)}{\mathrm{max}O},\frac{{O}_{M}\left(t\right)}{\mathrm{max}O},\mathrm{t}\}$;
- ○
- Simulation loop (for each iteration t from 1 to T):

- Hacker strategy probability determination:
- Calculate the hacker’s strategy probabilities based on the initial hacker’s strategy probabilities.

- Hacker strategy choice:
- Selection based on max probability: ${S}_{t}=argmax{P}_{H\left(t\right)}$.

- Property observation probability update (awareness update):
- Updated probabilities, ${P}_{obs}\left(S,M\right)$ based on ${P}_{H}\left(t\right)$ and ${P}_{M}\left(t\right)$; for each property $p$ in $S$: ${P}_{obs}\left(p\right|{S}_{t},M)=f({P}_{H}(t,{S}_{t}),{P}_{M}(t,M))$.

- Manager strategy probability update:
- Update based on observed properties, historical data, and outcome of the previous round: ${P}_{M}(t+1,M)=g\left({P}_{obs}\right(p\mid {S}_{t},M),F(S),H(S\left)\right)$.

- Manager strategy choice:
- Selection based on max probability: ${M}_{t}=argmax{P}_{M}(t+1)$.

- Payoff calculation:
- ${U}_{H}({S}_{t},{M}_{t})=Lookup({U}_{H},{S}_{t},{M}_{t})$.
- ${U}_{M}({S}_{t},{M}_{t})=Lookup({U}_{M},{S}_{t},{M}_{t})$.

- Frequency and history update:
- Update historical frequencies for strategies and types of attacks: ${F}_{S}\left({S}_{t}\right)+1,O({U}_{H},{U}_{M})=O({U}_{H},{U}_{M})+1$.
- Update the historical frequency of the manager’s strategies.

- Awareness and strategy correction:
- Adjust probabilities if the payoff is below a certain threshold. That is, if ${U}_{M}({S}_{t},{M}_{t})<threshol{d}_{M}$, adjust ${P}_{M}$ accordingly.

- Store iteration results:
- Store ${S}_{t},{M}_{t},{U}_{H},{U}_{M},{P}_{H\left(t+1\right)},{P}_{M\left(t+1\right)}$ for analysis.

- Loop continuation check:
- If ‘I’ is less than ‘T’, then t = t + 1 and repeat steps in 2.

- After loop completion:
- Output: A data frame containing the results of each round.
- Collect and format the simulation results from all iterations for analysis.

- End of algorithm.

#### 7.1. An Example of a Use-Case Scenario

#### 7.2. Simulation Data Generation and Assumptions

## 8. Results and Discussion

#### 8.1. Different Hacker Types

#### 8.2. Different Prior Frequencies

#### 8.3. Theoretical Contributions

#### 8.4. Practical Implications and Future Directions

## 9. Conclusions

## Funding

## Data Availability Statement

## Conflicts of Interest

## Appendix A

Notation | |

$P$ | Set of players in the game. |

$S$ | Set of hacker’s strategies. |

$M$ | Set of manager’s strategies. |

${U}_{H}$ | Payoff function for the hacker. |

${U}_{M}$ | Payoff function for the manager. |

$T$ | Total number of iterations in the simulation. |

$Hacker$ | The adversary attempting to compromise the system. |

$Manager$ | The defender managing the system’s security. |

$T$ | A strategy representing a social engineering attack. |

$V$ | Another strategy representing software vulnerabilities exploit attack. |

$Z$ | Another strategy representing DDOS attack. |

${M}_{1},{M}_{2},{M}_{3}$ | Different strategies available to the manager for defending against attacks. |

${P}_{H}$ | Initial probability distribution over the hacker’s strategies. |

${P}_{M}$ | Initial probability distribution over the manager’s strategies. |

$F$ | Historical frequencies of attack types, indicating how often each type of attack has been used before the game. |

${p}_{Ta}\left(t\right),{p}_{Tb}\left(t\right),{p}_{Tc}\left(t\right),{p}_{Va}\left(t\right),{p}_{Vb}\left(t\right),{p}_{Vc}\left(t\right),{p}_{Za}\left(t\right),{p}_{Zb}\left(t\right),{p}_{Zc}\left(t\right)$ | Observed properties of the method (a), target (b), and consequences (c) of hacker’s strategies T, V, and Z. |

$H$ | Historical probabilities of the hacker’s choices, indicating past decision-making trends within the game. |

${F}_{S}$ | Frequencies of strategies, tracking how often each strategy is chosen. |

$O$ | Outcomes tracking, recording the results of interactions for historical analysis. |

${P}_{H}\left(t\right)$ | Probability distribution over the hacker’s strategies at iteration t. |

${P}_{M}\left(t\right)$ | Probability distribution over the manager’s strategies at iteration t. |

${S}_{t}$ | The hacker’s chosen strategy at iteration t. |

${M}_{t}$ | The manager’s chosen strategy at iteration t. |

${P}_{obs}$ | Probabilities of property observations, reflecting the likelihood of detecting specific attack properties. |

${U}_{H}({S}_{t},{M}_{t})$ | The hacker’s payoff given the chosen strategies at iteration t. |

${U}_{M}({S}_{t},{M}_{t})$ | The manager’s payoff given the chosen strategies at iteration t. |

${F}_{S}(t+1),O(t+1)$ | Updated frequencies of strategies and outcomes after iteration t. |

## References

- Berry, C.T.; Berry, R.L. An Initial Assessment of Small Business Risk Management Approaches for Cyber Security Threats. Int. J. Bus. Contin. Risk Manag.
**2018**, 8, 1. [Google Scholar] [CrossRef] - Tam, T.; Rao, A.; Hall, J. The Good, The Bad and The Missing: A Narrative Review of Cyber-Security Implications for Australian Small Businesses. Comput. Secur.
**2021**, 109, 102385. [Google Scholar] [CrossRef] - Antunes, M.; Maximiano, M.; Gomes, R.; Pinto, D. Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal. J. Cybersecur. Priv.
**2021**, 1, 219–238. [Google Scholar] [CrossRef] - Reegård, K.; Blackett, C.; Vikash, K. The Concept of Cybersecurity Culture. In Proceedings of the 29th European Safety and Reliability Conference, Hannover, Germany, 22–26 September 2019; pp. 4036–4043. [Google Scholar]
- Hudock, A.; Weidman, J.; Grossklags, J. Security Onboarding: An Interview Study on Security Training for Temporary Employees. In Proceedings of the Conference on Mensch und Computer, Magdeburg, Germany, 6–9 September 2020; ACM: Magdeburg, Germany, 2020; pp. 183–194. [Google Scholar]
- Ofte, H.J.; Katsikas, S. Understanding Situation Awareness in SOCs, a Systematic Literature Review. Comput. Secur.
**2023**, 126, 103069. [Google Scholar] [CrossRef] - Ključnikov, A.; Mura, L.; Sklenár, D. Information Security Management in SMEs: Factors of Success. J. Entrep. Sustain. Issues
**2019**, 6, 2081–2094. [Google Scholar] [CrossRef] [PubMed] - Alahmari, A.; Duncan, B. Cybersecurity Risk Management in Small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence. In Proceedings of the 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), Dublin, Ireland, 15–19 June 2020; IEEE: Dublin, Ireland, 2020; pp. 1–5. [Google Scholar]
- Kikerpill, K. Crime-As-Communication: Detecting Diagnostically Useful Information from the Content and Context of Social Engineering Attacks; University of Tartu Press: Tartu, Estonia, 2021. [Google Scholar]
- Dowd, M.; McDonald, J.; Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities; Pearson Education: Upper Saddle River, NJ, USA, 2006; ISBN 0-13-270193-6. [Google Scholar]
- Mansfield-Devine, S. The Growth and Evolution of DDoS. Netw. Secur.
**2015**, 2015, 13–20. [Google Scholar] [CrossRef] - Trim, P.R.J.; Lee, Y.-I. The Global Cyber Security Model: Counteracting Cyber Attacks through a Resilient Partnership Arrangement. Big Data Cogn. Comput.
**2021**, 5, 32. [Google Scholar] [CrossRef] - Leng, Q.; Yang, Y.; Pan, R.; Hu, H. Research of Complete Information Static Game Model for Software Manufacturer, White Hats and Black Hats. Procedia Comput. Sci.
**2018**, 131, 832–840. [Google Scholar] [CrossRef] - Robertson, J.; Diab, A.; Marin, E.; Nunes, E.; Paliath, V.; Shakarian, J.; Shakarian, P. Darknet Mining and Game Theory for Enhanced Cyber Threat Intelligence. Def. Rev.
**2016**, 1, 95–122. [Google Scholar] - Aggarwal, P.; Gonzalez, C.; Dutt, V. Cyber-Security: Role of Deception in Cyber-Attack Detection. In Advances in Human Factors in Cybersecurity, Proceedings of the AHFE 2016 International Conference on Human Factors in Cybersecurity, Walt Disney World®, Orlando, FL, USA, 27–31 July 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 85–96. [Google Scholar]
- Aggarwal, P.; Gonzalez, C.; Dutt, V. HackIt: A Real-Time Simulation Tool for Studying Real-World Cyberattacks in the Laboratory. In Handbook of Computer Networks and Cyber Security: Principles and Paradigms; Springer: Berlin/Heidelberg, Germany, 2020; pp. 949–959. [Google Scholar]
- Aggarwal, P.; Gautam, A.; Agarwal, V.; Gonzalez, C.; Dutt, V. Hackit: A Human-in-the-Loop Simulation Tool for Realistic Cyber Deception Experiments. In Advances in Human Factors in Cybersecurity, Proceedings of the AHFE 2019 International Conference on Human Factors in Cybersecurity, Washington, DC, USA, 24–28 July 2019; Springer: Berlin/Heidelberg, Germany, 2020; pp. 109–121. [Google Scholar]
- Aggarwal, P.; Moisan, F.; Gonzalez, C.; Dutt, V. Understanding Cyber Situational Awareness in a Cyber Security Game Involving Recommendations. Int. J. Cyber Situational Aware.
**2018**, 3, 11–38. [Google Scholar] [CrossRef] - Dutt, V.; Ahn, Y.-S.; Gonzalez, C. Cyber Situation Awareness: Modeling Detection of Cyber Attacks with Instance-Based Learning Theory. Hum. Factors
**2013**, 55, 605–618. [Google Scholar] [CrossRef] [PubMed] - Kostelić, K. Implications of (Un) Awareness for Decision-Making in Strategic Interaction: Another Take on the Prisoner’s Dilemma. Decision
**2023**, 50, 251–268. [Google Scholar] [CrossRef] - Blasch, E.; Shen, D.; Pham, K.D.; Chen, G. Review of Game Theory Applications for Situation Awareness; Pham, K.D., Chen, G., Eds.; SPIE: Baltimore, MD, USA, 2015; Volume 9469, pp. 141–150. [Google Scholar]
- Franke, M. Pragmatic Reasoning About Unawareness. Erkenntnis
**2014**, 79, 729–767. [Google Scholar] [CrossRef] - Halpern, J.Y.; Rêgo, L.C. Extensive Games with Possibly Unaware Players. Math. Soc. Sci.
**2014**, 70, 42–58. [Google Scholar] [CrossRef] - Rêgo, L.C.; Halpern, J.Y. Generalized Solution Concepts in Games with Possibly Unaware Players. Int. J. Game Theory
**2012**, 41, 131–155. [Google Scholar] [CrossRef] - Halpern, J.Y.; Piermont, E. Dynamic Awareness. arXiv
**2020**, arXiv:2007.02823. [Google Scholar] - Halpern, J.Y.; Piermont, E. Partial awareness. In Proceedings of the AAAI Conference on Artificial Intelligence, Honolulu, HI, USA, 27 January–1 February 2019; Volume 33, pp. 2851–2858. [Google Scholar]
- Endsley, M.R. Situation Awareness Misconceptions and Misunderstandings. J. Cogn. Eng. Decis. Mak.
**2015**, 9, 4–32. [Google Scholar] [CrossRef] - Jiang, X.; Gao, G.; Yang, X. Evolutionary Game Analysis on Live Streaming Commerce Considering Brand Awareness and Anchor Influence. Kybernetes
**2022**, 52, 6467–6493. [Google Scholar] [CrossRef] - Liu, Z.L.; Anderson, T.D.; Cruz, J.M. Consumer Environmental Awareness and Competition in Two-Stage Supply Chains. Eur. J. Oper. Res.
**2012**, 218, 602–613. [Google Scholar] [CrossRef] - Duan, J.; Gao, D.; Yang, D.; Foh, C.H.; Chen, H.-H. An Energy-Aware Trust Derivation Scheme with Game Theoretic Approach in Wireless Sensor Networks for IoT Applications. IEEE Internet Things J.
**2014**, 1, 58–69. [Google Scholar] [CrossRef] - Halpern, J.Y. Awareness in Games, Awareness in Logic. In Proceedings of the International Conference on Logic for Programming Artificial Intelligence and Reasoning, Yogyakarta, Indonesia, 10–15 October 2010; Springer: Berlin/Heidelberg, Germany, 2010; p. 15. [Google Scholar]
- Feinberg, Y. Subjective Reasoning-Games with Unawareness. 2004. Research Paper No. 1875. Research Paper Series, Stanford Graduate School of Business. Available online: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=d9f4768ecdc72a001a3a192c9b6c28b634e552bf (accessed on 10 February 2019).
- Feinberg, Y. Games with Unawareness. B.E. J. Theor. Econ.
**2021**, 21, 433–488. [Google Scholar] [CrossRef] - Piermont, E. Unforeseen Evidence. J. Econ. Theory
**2021**, 193, 105235. [Google Scholar] [CrossRef] - Chen, G.; Shen, D.; Kwan, C.; Cruz, J.; Kruger, M. Game Theoretic Approach to Threat Prediction and Situation Awareness. In Proceedings of the 2006 9th International Conference on Information Fusion, Florence, Italy, 10–13 July 2006; IEEE: Florence, Italy, 2006; pp. 1–8. [Google Scholar]
- Von Thadden, E.-L.; Zhao, X. Incentives for Unaware Agents. Rev. Econ. Stud.
**2012**, 79, 1151–1174. [Google Scholar] [CrossRef] - Sarcia’, S.A. Timed Strategic Games A New Game Theory for Managing Strategic Plans in the Time Dimension. In Proceedings of the 2013 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), San Diego, CA, USA, 25–28 February 2013; IEEE: San Diego, CA, USA, 2013; pp. 187–194. [Google Scholar]
- Heifetz, A.; Meier, M.; Schipper, B.C. Dynamic Unawareness and Rationalizable Behavior. Games Econ. Behav.
**2013**, 81, 50–68. [Google Scholar] [CrossRef] - Kostelic, K. Guessing the Game: An Individual’s Awareness and Assessment of a Game’s Existence. Games
**2020**, 11, 17. [Google Scholar] [CrossRef] - Sadzik, T. Knowledge, Awareness and Probabilistic Beliefs. B.E. J. Theor. Econ.
**2021**, 21, 489–524. [Google Scholar] [CrossRef] - Hiscox Cyber Readiness Report 2023. Available online: https://www.hiscoxgroup.com/sites/group/files/documents/2023-10/Hiscox-Cyber-Readiness-Report-2023.pdf (accessed on 5 April 2024).
- Chen, D.; Ignatius, J.; Sun, D.; Zhan, S.; Zhou, C.; Marra, M.; Demirbag, M. Reverse Logistics Pricing Strategy for a Green Supply Chain: A View of Customers’ Environmental Awareness. Int. J. Prod. Econ.
**2019**, 217, 197–210. [Google Scholar] [CrossRef] - Cao, D.; Li, J.; Liu, G.; Mei, R. Can Decentralization Drive Green Innovation? A Game Theoretical Analysis of Manufacturer Encroachment Selection with Consumer Green Awareness. Processes
**2021**, 9, 990. [Google Scholar] [CrossRef] - Salehnejad, R. Rationality, Bounded Rationality and Microfoundations; Palgrave Macmillan: London, UK, 2007; ISBN 978-1-349-28149-7. [Google Scholar]
- CERT Godišnje Izvješće 2022. CARNET. Available online: https://www.cert.hr/wp-content/uploads/2023/02/CERT-G.I.-2022.pdf (accessed on 27 April 2023).
- Blum, D.; Sherry, D.; Schaufler, T. Case Study: Transforming Princeton’s Security Culture Through Awareness. ISCA J.
**2020**, 1, 4. Available online: https://www.isaca.org/resources/isaca-journal/issues/2021/volume-1/case-study-transforming-princetons-security-culture-through-awareness (accessed on 15 March 2024). - 10 Real and Famous Cases of Social Engineering Attacks, Gafety. June 2021. Available online: https://gatefy.com/blog/real-and-famous-cases-social-engineering-attacks/ (accessed on 18 March 2024).
- 15 Examples of Real Social Engineering Attacks, Tessian. 7 February 2023. Available online: https://www.tessian.com/blog/examples-of-social-engineering-attacks/ (accessed on 18 March 2024).
- Lallie, H.S.; Shepherd, L.A.; Nurse, J.R.C.; Erola, A.; Epiphaniou, G.; Maple, C.; Bellekens, X. Cyber Security in the Age of COVID-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic. Comput. Secur.
**2021**, 105, 102248. [Google Scholar] [CrossRef] - Xenofontos, C.; Zografopoulos, I.; Konstantinou, C.; Jolfaei, A.; Khan, M.K.; Choo, K.-K.R. Consumer, Commercial, and Industrial Iot (in) Security: Attack Taxonomy and Case Studies. IEEE Internet Things J.
**2021**, 9, 199–221. [Google Scholar] [CrossRef]

**Figure 2.**Simulation-process diagram. Note: The diagram was created using drawio.com.

**Figure 3.**Manager’s (

**left**) and hacker’s (

**right**) frequencies of choosing strategies and shares of wins with different hacker types. Notes: Hacker types are predominantly T, V, and Z and versatile, respectively; wins are calculated based on the number of payoffs of c for both players (managers on the left and hackers on the right).

**Figure 4.**Manager’s (

**left**) and hacker’s (

**right**) frequencies of choosing strategies and shares of wins with different initial frequencies (common knowledge). Notes: The initial frequencies for each attack are equal in the first two graphs; 0.2, 0.7, and 0.1 in the second two graphs; and 0.1, 0.2, and 0.7 in the third two graphs. Wins are calculated based on the number of payoffs of c for both players (manager on the left and hacker on the right). The hacker’s type is versatile (chooses each strategy with an initial equal probability).

M1 | M2 | M3 | |
---|---|---|---|

T | −c, c | a, b | c, −c |

V | a, b | −c, c | a, b |

Z | c, −c | a, b | −c, c |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2024 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Kostelić, K.
Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach. *Games* **2024**, *15*, 13.
https://doi.org/10.3390/g15020013

**AMA Style**

Kostelić K.
Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach. *Games*. 2024; 15(2):13.
https://doi.org/10.3390/g15020013

**Chicago/Turabian Style**

Kostelić, Katarina.
2024. "Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach" *Games* 15, no. 2: 13.
https://doi.org/10.3390/g15020013