Özet:

Game theory is one of the most powerful mathematical tools to model information security decision making. However, in game theory it is assumed that all the players have complete knowledge about each player’s strategies, preferences, and decision rules used. This assumption is very strong, in reality there is often significant information asymmetry between players. In many real world situations, decision makers do not always have all the information about each player’s true intentions, strategies or preferences. Consequently, they have to perceive the situation from their own points of view, and may err in their perceptions. Since the early developments of game theory attempts have been made to incorporate misperceptions in game models of either incomplete or imperfect information. However, most of these attempts are based on quantities (as probabilities, risk factors, etc.) which are too subjective in general. In this paper, we consider a special family of games of incomplete information called hypergames. Hypergame theory extends classical game theory with the ability to deal with differences in players' misperceptions. In the context of hypergames, few works have addressed the study of information security decision making. This paper presents a hypergame approach as an analysis tool in the context of information security. The proposed two level hypergame models defender’s and attacker’s perception of the information security situation as a series of games. Finally, we conclude and present some future work.

Anahtar Kelimeler: