Analysis of Quantal Response Equilibrium and Deceptive Defense for Security Resource Allocation in Networked Cyber-Physical Systems Modeled by Attack Graphs

This thesis addresses the critical challenge of security resource allocation in modern systems, including cyber-physical systems (CPS), which face increasing threats from sophisticated cyberattacks. Traditional game-theoretic models often assume perfectly rational decision-making, neglecting the impact of human behavioral errors and the potential for deceptive strategies. This thesis develops a comprehensive framework to enhance the security of networked CPS systems modeled using attack graphs. The framework integrates game theory and behavioral economics, specifically employing quantal response equilibrium (QRE) to model probabilistic human choices. Furthermore, it incorporates the strategic use of deception by defenders to mislead attackers about security resource distribution. The thesis investigates security investment decisions in interdependent systems, simultaneous attacker-defender games, and sequential defense strategies, considering the influence of quantal response. Additionally, an analysis of deception in defense investment has been performed which provides an extra layer and dimension to the security enhancement. The findings contribute to a more realistic and predictive understanding of security dynamics, leading to improved defense strategies for complex cyber-physical environments.