Defending Against Stealthy Attacks on Multiple Nodes With Limited Resources: A Game-Theoretic Analysis

Stealthy attacks have become a major threat to cybersecurity. Previous works in this direction fail to capture the practical resource constraints and mainly focus on one-node settings. In this article, we propose a two-player game-theoretic model, including a system of multiple independent nodes, a stealthy attacker, and an observable defender. In our model, the attacker can fully observe the defender's behavior and the system state, whereas the defender has zero feedback information. Furthermore, a strict resource constraint is introduced to limit the frequency of the attacks/defenses for both players. We characterize the best responses for both attacker and defender under both nonadaptive and adaptive strategies. We then study the sequential game where the defender first announces its strategy and the attacker then responds accordingly. We have designed an algorithm that finds a nearly optimal strategy for the defender and provides a full analysis of its complexity and performance guarantee.