Ringkasan & Hubungan ke Vault

Game theory memberikan framework matematis untuk strategic interaction antara attacker dan defender. Catatan ini melengkapi purple-team-osi-killchain dengan reasoning: “given what Blue will do, what should Red do (and vice versa)?”.

Domain: Cyber Security / Strategic Tags: game-theory attacker-defender security-economics nash-equilibrium

1. Game Types in Security

Game TypePlayersDescriptionSecurity Example
Zero-sum2One wins, one losesAttacker compromises system → Blue failed
Non-zero-sum2+Both can win/loseBug bounty: researcher finds bug, company patches → both win
StackelbergLeader-followerDefender commits first (show defenses), attacker followsAirport security: randomized patrols
Bayesian2One player has private infoInsider threat: defender doesn’t know who is malicious
Repeated2+Multiple roundsAPT campaign: attack → defend → adapt → repeat

1.1 Defender’s Dilemma

                 Attacker
             Attack    Stay
Defender  ┌────────────────
Defend    │   -5, -5    -10, 0
Not Defend│    0, 10       0, 0
           └────────────────

If Defender defends + Attacker attacks = both lose (-5 each)
If Defender not defend + Attacker attacks = Attacker wins (10)
If Defender defends + Attacker stays = Defender loses resources (-10)

Nash Equilibrium: Defender randomized (mixed strategy)

📚 Referensi

  1. “The Mathematics of Crime” — M. D’Orsogna
  2. “Game Theory for Security” — Tambe, Yadav
  3. CySecGame: https://github.com/Limmen/cysecgame