We consider a game in which a strategic defender classifies an intruder asspy or spammer. The classification is based on the number of file server andmail server attacks observed during a fixed window. The spammer naively attacks(with a known distribution) his main target: the mail server. The spystrategically selects the number of attacks on his main target: the fileserver. The defender strategically selects his classification policy: athreshold on the number of file server attacks. We model the interaction of thetwo players (spy and defender) as a nonzero-sum game: The defender needs tobalance missed detections and false alarms in his objective function, while thespy has a tradeoff between attacking the file server more aggressively andincreasing the chances of getting caught. We give a characterization of theNash equilibria in mixed strategies, and demonstrate how the Nash equilibriacan be computed in polynomial time. Our characterization gives interesting andnon-intuitive insights on the players' strategies at equilibrium: The defenderuniformly randomizes between a set of thresholds that includes very largevalues. The strategy of the spy is a truncated version of the spammer'sdistribution. We present numerical simulations that validate and illustrate ourtheoretical results.
展开▼
