A Game Theory Method To Cyber-Threat Information Sharing in Cloud Computing Technology

International Journal of Computer Science and Engineering Research Volume 11, Issue 4 – 2023
A Game Theory Method to Cyber-Threat Information Sharing in Cloud

Computing Technology
Mahyar Amini 1,3, Zavareh Bozorgasl 2

1
University Technology Malaysia (UTM), Malaysia
2
Shiraz University of Technology (SUTech), Iran
3
MahamGostar Research Group, Iran
ABSTRACT
Cybersecurity is a top priority in industry, academia, and government, and information sharing about
cyber-threats between different organizations has the potential to maximize vulnerability discovery
while minimizing cost. Sharing information about cyber-threats can reduce the chances of an attacker
exploiting the same vulnerability to launch multiple attacks on different organizations, and can also
decrease the likelihood of an attacker compromising an organization and collecting data to launch an
attack on other organizations. However, cyber interdependency is a well-known problem, particularly
in public cloud computing platforms where critical infrastructure owners are heavily dependent on one
another. The collective effort of organizations to develop countermeasures for cyber-breaches can
reduce the cost of investment in cyber defense for each firm. Nonetheless, there are costs and risks
associated with sharing cyber-threat information, including the potential loss of reputation, market
share, and revenue if vulnerabilities are leaked to the public or to attackers. In this strategic
environment, firms may not truthfully share information due to their own self-interests. Furthermore,
some firms may limit their cybersecurity investment and rely on information shared by others, resulting
in underinvestment in cybersecurity if all participants adopt the same strategy. This paper uses game
theory to explore the circumstances in which multiple self-interested firms can invest in vulnerability
discovery and share their cyber-threat information. We apply our algorithm to a public cloud
computing platform, one of the fastest growing segments of cyberspace.
KEYWORDS: Cybersecurity, Cloud Computing, Game Theory, Information Sharing, Innovation Adoption
1.0 INTRODUCTION
The security and resilience of cyberspace are vital to many aspects of our lives, from national security
to economic prosperity to our daily activities. A secure cyberspace is essential to ensure the safety and
reliability of many critical systems and networks, including those that command and control our
weapon systems, manage financial transactions, and support our food and water supply. Despite the
increasing investment in technical solutions such as cryptography, formal verification, and intrusion
detection, cyberattacks are becoming more frequent and costly around the world. This highlights the
need for not just technical solutions, but also innovative mathematical approaches and strong laws and
regulations governing cybersecurity [1-7]. In particular, there have been numerous efforts in the United
States to promote information sharing among public and private organizations, including regulations
and executive orders requiring disclosure of cyber incidents and associated costs. While such efforts
can improve cybersecurity, many companies are still concerned about potential legal liability resulting
from such disclosures. Overall, ensuring a secure and resilient cyberspace remains a critical challenge
for individuals, organizations, and governments around the world. In response to the increasing
frequency and severity of cyber threats, the United States government has taken steps to improve
cybersecurity by implementing regulations and executive orders aimed at promoting information
sharing among public and private organizations [8-16]. In 2011, the SEC issued a guidance requiring
companies to disclose cyber incidents, including the associated costs. Similar laws have been passed in
more than 44 states in the US, but some companies are hesitant to share cybersecurity information due
to concerns about potential legal repercussions. Research has shown that mandated sharing of security
information can lead to reduced spending on information security, as companies may feel that they are
protected by the regulations. However, it is important for companies to weigh the risks and benefits of
sharing cybersecurity information in order to improve overall cybersecurity [1-13].
Copyright © The Author(s). Published by Scientific Academic Network Group. This work is licensed under the Creative Commons Attribution International License (CC BY).
Electronic copy available at: https://ssrn.com/abstract=4370033

President Barack Obama signed the Executive Order 13636, known as "Improving Critical
Infrastructure Cybersecurity," on February 12, 2013. The order urged critical infrastructure owners and
operators to voluntarily adopt the White House Cybersecurity Framework, a set of guidelines to
improve the cybersecurity posture of organizations. The Framework emphasizes the importance of
cyber-threat information sharing among different organizations, including the US government. One of
the key objectives of the Framework is to enable the US government to share both unclassified and
classified cyber-threat information with the private sector [14-19]. This would allow the private sector
to better understand the types of threats they face and take appropriate steps to mitigate them. The
Framework also aims to establish cyber-threat information sharing among private companies and
between private companies and the government. By sharing information about cyber threats and
vulnerabilities, organizations can better protect themselves against these threats. Overall, the
Framework is designed to improve the cybersecurity of critical infrastructure by providing
organizations with a flexible and risk-based approach to cybersecurity. It encourages organizations to
identify their critical assets and prioritize their cybersecurity efforts accordingly. However, it is
important to note that the adoption of the Framework is voluntary, and organizations can choose to
implement it fully or partially based on their specific needs and risk profile [20-28].
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S.
Department of Commerce that promotes innovation and industrial competitiveness by advancing
measurement science, standards, and technology in ways that enhance economic security and improve
our quality of life. In 2013, NIST proposed the preliminary version of the Framework, a voluntary set
of cybersecurity standards and best practices that organizations can use to manage and reduce
cybersecurity risk [29-37]. The final version of the Framework was released on February 13, 2014, and
it consists of three parts: The Framework Core, the Framework Implementation Tiers, and the
Framework Profiles. The Framework is designed to help critical infrastructure owners and operators to
better understand, manage, and reduce cybersecurity risk. The government wants to facilitate early
warnings of cyber threats before they turn into successful attacks on critical infrastructures. To achieve
this goal, the Framework includes provisions for the sharing of cyber-threat information among
different organizations, including the government and private companies. This sharing of information
is essential to enable organizations to detect and respond to cyber threats in a timely and effective
manner [38-46].
Cutting-edge research and development are crucial to understanding the impact of cyber-threat
information sharing among self-interested rational players, particularly because most critical
infrastructures are privately owned and operated. Researchers are working to develop mathematical
models and game-theoretic approaches to analyze the incentives and behavior of different actors in the
cybersecurity ecosystem, and to identify strategies for improving the overall cybersecurity posture of
the nation. In the context of cybersecurity, agents can refer to any entity or individual that interacts
within a system or network, such as users, network administrators, and attackers [47-51]. Each of these
agents has different goals or preferences in terms of the outcomes of their actions, leading to different
payoffs or utilities. For instance, attackers may want to maximize the damage they can cause to a
system, while defenders aim to minimize that damage and protect the system from attacks. Users may
prioritize convenience and ease of use, while network administrators focus on maintaining the stability
and security of the network. Game theory provides a framework for understanding the interactions and
conflicts that arise among these agents with different preferences and goals, as well as the strategies
that can be used to achieve those goals. By modeling the rational behavior of these agents, game theory
can help to identify and mitigate potential cybersecurity risks and threats [52-58].
Effective information sharing is an important component of preventing and mitigating cyber-attacks.

Cloud computing is a rapidly growing segment of cyberspace, due in large part to its cost efficiency
and ease of access to information without the need for extensive up-front or long-term investment in
technology infrastructure [1-17]. However, security in cloud computing can be significantly more
complex and challenging than traditional network security, as virtual machines (VMs) can be started,
stopped, and moved across hypervisors with just the click of a button. Given the dynamic nature of
cloud computing and the ease with which VMs can be moved from one hypervisor to another,
traditional security approaches such as firewalls, intrusion detection and prevention systems, and
antivirus software may not be sufficient to ensure a secure cloud environment. Instead, cloud security
techniques must be able to effectively deal with these movements in order to maintain a high level of
security [59-66].
550

Moreover, the sharing of a common platform, such as the hypervisor, by different public cloud users
intensifies the problem of cybersecurity interdependency, since an attacker who gains access to the
hypervisor can potentially start, stop, and modify all of the VMs housed on that hypervisor. This
aggregation of risk from multiple users sharing the same platform makes the execution environment of
cloud computing more challenging, as a single attack on a cloud provider can result in the compromise
of thousands of users at a potentially enormous cost [22-31]. To address these challenges, researchers
have turned to game theory to model the cybersecurity investment of interconnected firms and nations.
For example, in a public cloud environment, a game model can provide incentives to all participants to
invest in vulnerability discovery and share cyber-threat information, despite the potential costs
involved. This game model can identify the necessary conditions under which a rational user in a
public cloud will share their discovered vulnerabilities. However, game theory also highlights the risk
of under-investment in information security, as firms and nations may not be willing to increase their
security investment when their trusted interdependence relationships with partners become tighter.
Furthermore, in the absence of economic incentives, at least one nation may have an incentive to not
share cyber threat information in order to pursue an offensive advantage while remaining at risk [5-23].
In conclusion, the growth of cloud computing has brought many benefits, but also significant security
challenges. To effectively mitigate these challenges, cloud security techniques must be tailored to deal
with the unique characteristics of cloud computing, including the ease of movement of VMs across
hypervisors and the increased risk aggregation resulting from multiple users sharing the same platform.
Game theory can provide valuable insights into how to incentivize effective information sharing and
security investment, but must also be cognizant of the risk of under-investment and the potential
incentives for offensive actions.
2.0 LITERATURE REVIEW
In this section, we provide an overview of cloud security to establish the context for our game model.
Cloud computing can be categorized into private and public structures, with private clouds being used
for inter-organizational operations without the involvement of a third party, while public and
community cloud computing rely on a third party to provide various service platforms such as
Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). An
IaaS cloud allows a user to access virtualized hardware presented by a hypervisor (such as VMware,
Xen, or KVM) and encapsulated in a virtual machine (VM), enabling the user to deploy and run any
software, including operating systems and applications, on the shared underlying hardware. On the
other hand, a PaaS cloud provides the user with a language-specific platform (such as JVM or .Net) to
deploy and run arbitrary applications developed using the given language on the underlying shared
platform [1-17]. A SaaS cloud gives the user access to a specific application (such as a web-based
email or document editor) to use the functionality provided by the underlying shared application. While
these different levels of cloud services can be developed separately, it has become increasingly
common to create a high-level cloud service using resources provided by a lower-level one. For
example, building a SaaS on resources from PaaS, and building a PaaS on resources from IaaS, can
allow the former to benefit from the elasticity and economics provided by the latter. This work
primarily focuses on hosting mission-critical applications on VMs in an IaaS setting, but the outcomes
can have an impact on other cloud computing models [18-27]. The issues of privacy, security, trust,
and cyber-threat information sharing mainly arise in public cloud platforms where users' computing
capabilities are outsourced to a third-party owner who leases the technology in various ways. As a
result, we focus on the public cloud, and private cloud entities will not be discussed further. In fact,
private clouds allow users from the same organization to run their internal applications on shared
resources, resulting in less conflict of interest among users as they belong to the same organization and
can freely share cyber-threat information [13-22]. However, the support for security isolations from
existing cloud systems is limited, and different VMs sharing the same resources may belong to
competing organizations or unknown attackers. Therefore, the threat landscape in public cloud
environments is more complex and requires more attention to security measures. In the context of
cloud security, the trustworthiness of the underlying hypervisor and co-resident VMs cannot be
guaranteed from a user's perspective [28-39]. This is due to the shared resources, which make perfect
isolation and privacy implausible. As a result, there is a risk of covert side channel attacks that extract
another user's secret information or launch a Denial of Service (DoS) attack. In a public cloud
environment where VMs share the same hypervisor, CPU, memory, storage, and network devices,
551

cross-side channel attacks are also possible. Some resources, such as last-level cache (LLC), memory
bandwidth, and IO buffers, cannot be partitioned and are shared among VMs. Attackers can exploit
these shared resources to launch cross-side channel attacks. Researchers have investigated cache-based
side channels, which allow a malicious user to analyze the cache to detect a co-resident VM's keystroke
activities and map the internal cloud infrastructure to launch a side-channel attack on a co-resident VM.
Bates demonstrated the ability to initiate a covert channel of 4 bits per second and confirm co-
residency with a target VM instance in less than 10 seconds. Therefore, cloud security gives rise to
interdependency among users with potential externalities. This interdependency can be used in a game
theoretic model to design incentives for cyber-threat information sharing. Each rational user will find
that their self-protection depends on the protection of others, which ultimately builds upon the cyber-
threat information shared [40-47].
In order to prevent future damage that may result from a similar attack on another VM, the possibility
of a side-channel attack in a public cloud can be turned into an incentive for all users to share all cyber-
threats with others. While researchers have analyzed information sharing in the context of
cybersecurity, they have not specifically looked at sharing cybersecurity information in cloud
computing. Our previous work presents an evolutionary game theoretic model that self-enforces firms
toward participating in a sharing framework by utilizing the participation cost in a tactical way. We use
a two-stage Bayesian game to analyze the information sharing decision of two strategic and competing
firms [48-56]. We establish that the sharing strategies are unique and dominant and are in the simple
forms of full-sharing or no sharing completely determined by the competitive nature of the security
findings. Gordon shows that information sharing can increase the level of information security while
reducing the amount spent on cybersecurity by each firm. Further, the optimum level of information
security for a firm without information sharing can be attained by the firm at a lower cost when cyber-
threat information is shared. However, without additional incentives to encourage full reporting, each
firm can free-ride on the information security of others. Free-riding will result in an offensive
advantage while remaining at risk [1-11]. At least one nation will have an incentive not to share cyber-
threat information. Therefore, in our game theoretic model, we take into account the competition, free
riding, and interconnection factors that impact cyber threat information sharing in the context of cloud
computing. We design incentives to encourage all users to share their cyber-threat information, which
will ultimately lead to a safer cloud environment for all [57-66]. The diagram in Figure 1 displays our
system model, which consists of a public cloud that accommodates m users labeled as User 1, User 2,
and so forth, each running several applications represented by Application 1 through Application k.
Although the users may operate varying numbers of applications, it does not impact the model. The
Monitor has three objectives: firstly, to supervise the activities of the underlying virtual machine (VM)
and collect data regarding cyber-threats; secondly, to distribute the compiled threat information
actively with the Information Sharing and Analysis Center (ISAC); and finally, to utilize the
information obtained from the ISAC to safeguard the user, VM, and operating system (OS).
The different applications necessitate an operating system to operate, which manages a VM in the
cloud. One user may use multiple operating systems or VMs in practice. However, for simplicity in our
illustration, we consider the architecture in Figure 1. Commonly, in a public cloud, different VMs from
distinct users utilize the same hypervisor and hardware, as presented in Figure 1, with the hypervisor
being of diverse types such as KVM, Xen, and VMware. Despite the type of hypervisor, the VMs share
the same platform, which exposes each user to potential collateral damage. As we concentrate on
intelligent cyber-attacks, we neglect the rare possibility of random hardware failure and concentrate on
the potential for cyber-attacks [1-9]. The security of users heavily relies on the cloud provider, and we
assume that the provider monitors and shares all cyber-threats as we analyze cybersecurity information
sharing based on interdependence among users. This differentiation is vital to separate cloud client-to-
client vulnerability sharing from cloud host-to-client vulnerability sharing. Nonetheless, any model that
scrutinizes cloud host-to-client vulnerability sharing can be superimposed on our model. Therefore, the
attacker compromises the hypervisor in two phases: the first phase involves compromising a user's
VM, while the second phase employs the compromised VM to attack the hypervisor [10-16]. We
distinguish two types of attacks based on the extent of the consequences: a restricted attack and an
unrestricted attack. A restricted attack on User I only compromises the applications, operating system,
and VM that belongs to User i, without affecting the hypervisor. In contrast, an unrestricted attack's
impact can cross a VM to compromise the hypervisor. If the hypervisor is compromised, all users on
the cloud are at risk of collateral damage. Therefore, a rational user has a strong incentive to share their
cyber-threats to prevent collateral damage, which is one of the incentives in our model [17-28].
552

3.0 RESEARCH MODEL
Figure 1 illustrates our system model: A public cloud with m users that we denote User 1, User 2···
User m. Each user runs several applications illustrated by Application 1 · · · Application k in Figure 1.
Technically, the users may run a different number of applications without any impact on this model.
The Monitor has three purposes. First, it monitors the activities of the underlying VM to collect cyber-
threat information. Second, it actively shares the collected threats with the Information Sharing and
Analysis Center (ISAC). Finally, it consumes the information from the ISAC to protect the user, OS
and VM. The different applications require an operating system to function and that operating system
in turn manages a VM in the cloud. In practice, a single user may use several operating systems or
numerous VMs. However, we consider the architecture in Figure 1 to simplify the exposition. As it is a
common practice in a public cloud, we consider that the different VMs from the different users share
the same hypervisor and hardware, as depicted in Figure 1. The hypervisor can be of various types,
such as the Kernel-based Virtual Machine (KVM), Xen, and VMware. The common factor is that the
VMs share the same platform and in doing so expose each user to potential collateral damage. We
consider the possibility of a random hardware failure to be a rare event and neglect that possibility in
our analysis in order to focus on intelligent cyber-attacks. It is well known that the users’ security
heavily depends on the cloud provider. As we are analyzing cybersecurity information sharing based
on interdependency among the user, our model considers that the provider always monitors and shares
all cyber-threats. This is to separate cloud client-to-client vulnerability sharing and cloud host-to-client
vulnerability sharing. However, any model that analyzes cloud host-to-client vulnerability sharing can
be superposed to our model. Thus, the attacker compromises the hypervisor in two steps. The first step
is to compromise a user’s VM. The second step is to use the compromised VM to attack the hypervisor.
We distinguish two types of attacks depending on the extent of the consequence: a restricted attack and
an unrestricted attack. A restricted attack on User i only compromises the applications, operating
system and VM that belong to User i; the hypervisor is not affected after a restricted attack. An
unrestricted attack has consequences that can cross a VM to reach the hypervisor, i.e. the hypervisor is
compromised. We consider that all the users suffer the consequences (damage) if the hypervisor is
compromised. This is because an attacker who compromises the hypervisor can then compromise all
the VMs on that public cloud imposing collateral damage. Thus, a rational user has a strong incentive
to share his cyber-threats to prevent collateral damage. This will be one of the incentives in our model.
553

4.0 RESULT
Cyber-threat information sharing in a public cloud is a scenario suitable for game theoretic analysis.
That is because common resources shared by users such as the hypervisor make the security of each
user directly dependent on the security of others and these externalities are often overlooked. We
consider a two player game with two users that can share their vulnerabilities through the Information
Sharing and Analysis Center, as in Figure 1. The players are User i and User j that share the same
hypervisor on a public cloud as also illustrated in Figure 1. The exact number of vulnerabilities N in
the public cloud is unknown but has an expected value n known to the two players. Figure 2 shows the
Venn Diagram illustration of discovered vulnerabilities when both users invest to discover those
vulnerabilities. A user that does not invest to discover vulnerabilities will not discover any
vulnerability and thus has nothing to share. A user that invests in the discovery of vulnerabilities will
not discover all the vulnerabilities, so it is realistic to assume that some of the vulnerabilities may go
undetected despite the users’ investment. Users’ investment in our model is not to gather and examine
the information about past cyber-attacks (e.g., forensic), but to discover the vulnerabilities and patch
the system (VMs) before an attacker can exploit those vulnerabilities to launch an attack. Users invest
as a proactive measure. However, any model that deals with vulnerabilities post-attack could also be
superposed to this model. In the Venn diagram of Figure 2, the set of vulnerabilities discovered by
User i, User j, and the attacker are represented by Vi, Vj and Va respectively. Recall that a user who
does not invest to discover vulnerabilities will not discover any vulnerability. Therefore, Vi
(respectively Vj) is an empty set if User i, (respectively User j) choose not to invest. However, the set
Va is never empty since by its nature, the attacker is always looking for new vulnerabilities Vaij
represents the set of undiscovered vulnerabilities. The probability that a vulnerability belong to the set
Vi, Vj or Va is given by Pi , Pj and Pa respectively. Those probabilities can be estimated using a red
team experiment in a cloud to find the average number of vulnerabilities a player discover. Remember
that Pi = 0 (respectively Pj = 0) if User i, (respectively User j) choose not to invest. Similarly, the
definition of Pij , Pai , Paj , Paij , and Paij follow from the Venn diagram of Figure 2.
We assume that the attacker and the two users have similar capabilities to discover vulnerabilities and
they independently discover those vulnerabilities. Thus,
However, it is straightforward to extend our model to the case that the attacker and the two users have
different capabilities to discover vulnerabilities and their discovery of a vulnerability is not
independent. We denote by c a user’s cost associated with the investment in vulnerability discovery.
We assume that both users have similar costs and that the vulnerabilities are homogeneous. Moreover,
we consider that the attacker is always successful when exploiting a vulnerability that is not discovered
or shared between users. When a vulnerability is not discovered by User i and User j also does not
554

discover it or decides not to share that vulnerability with User i, then an attacker can exploit that
vulnerability and this will result in a damage to User i that we denote d, and vice versa.
5.0 DISCUSSION
In this section, we report the results obtained from numerical analysis, showing the regional Nash
equilibrium plots under different values of the critical parameters like vulnerability discovery
probability (p), damage caused due to exploiting the discovered vulnerability (d), probability that
attacker compromises the hypervisor (π), cost of investment (c), and cost of sharing a vulnerability (s).
Figure (3) depicts the possible Nash equilibrium strategy profiles when the damage caused by a
vulnerability and probability of attacker compromising hypervisor vary, assuming c = 1,n = 10,s = 0.3,
andπ = 0.1. We observe that users prefer to both invest for vulnerability discovery and share them
when the damage caused due to the vulnerability and probability that an attacker compromises the
hypervisor is high. So the investment towards vulnerability discovery and sharing with peers user helps
the user to prevent the attacker’s effort to find the same vulnerability and exploit it. However, when the
damage cost is low and probability of compromising the hypervisor is also low, then the users better
off not sharing their discoveries because they do not lose substantially than when sharing their
vulnerabilities. The crucial point to notice here is that the users must invest to discover vulnerabilities
regardless of the damage caused by exploiting the vulnerability and the probability of an attacker
compromising the hypervisor, which will benefit the users to remain secured from the attacker’s
exploitation using the undiscovered vulnerabilities. However, sharing is a choice for the users
dependent on the cost involved in it.
To understand the NE strategy profile when vulnerability discovery probability (p) and hypervisor
compromising probability (π) vary, we have conducted experiment to find the Nash equilibrium
strategies for different π and p values by fixing the value of damage (d) as 20 and keeping the value of
other variables intact. As shown in Figure (4), the users prefer to invest in vulnerability discovery and
share, if the discovering probability is not very low or very high and hypervisor compromising
probability is not very low. This case occurs due to benefits of investment and sharing, which cannot
555

be derived from strategies (IS; IS) or (IS; IS). However, at very low probability of vulnerability
discovery (p), all players are demotivated to invest. When p increases and π is low, the users prefer to
invest without sharing their discoveries because the attacker is less likely to compromise the
hypervisor. At very high probability of vulnerability discovery (p), sharing vulnerability is not
profitable because each player has a high chance to discover all vulnerability itself without relying on
the help of others.
In Figure (5), we analyze the NE strategy profiles at different regions of p and d combinations.
Interestingly, we find that users are more inclined to invest in vulnerability discovery after a certain
threshold of discovering probability (p) beyond which users are satisfied with their vulnerability
discovery. However, they do not share these discoveries until damage cost exceeds a limit, after which
the users better off taking the NE strategy (I S ; I S ). It can be understood that users do not invest or
share if the discovery probability is very low, as the difficulty in discovering any vulnerabilities
prohibit investment. Hence, very high investment might not help in improving the vulnerability
discovery process. There remains a small chance that a user might free-ride on another user’s
vulnerability discovery if they can easily discover the vulnerabilities, i.e. the probability of
vulnerability discovery is close to 1. Therefore, this kind of scenario must be avoided to ensure that
every player truthfully behaves and reciprocates the exchange of vulnerability discoveries.
Figure (6) gives a summary of NE profiles at different cost of investment (c) and sharing vulnerability
(s) assuming d = 20,p = 0.6, while keeping other parameter intact. The users are inclined to invest for
vulnerability discovery and share them only when the cost of investment and sharing is low. If the cost
556

of investment is very high then the users avoid investment, thus do not share as well. It is observed that
if the cost of investment is less than certain threshold value and expected cost of vulnerability sharing
is more than certain limit, the users prefer not to share any vulnerabilities even though they invest to
discover more vulnerabilities. The center region and black region in the plot are the special cases
where, one user might take strategy IS and other takes exactly opposite, resulting in a free-ride
situation on the former user’s shared information. Free-riding behavior can be prevented by choosing
the cost of investment and cost of sharing carefully, which ensures that the players do not fall into the
center or black region.
Finally, we plot the expected payoff variation with respect to increasing vulnerability discovery
probability (p) and damage cost (d) in Figure (7). The dark bars in the figure point that the user changes
his strategy after the occurrence of the bar. The net payoff function follows a downward concave
characteristic w.r.t. probability of discovering vulnerability. We observe that when the damage cost is
low (d = 5), then the user mostly sticks to the NE strategy (I S ̄; I S ̄) after the vulnerability discovery
probability (p) exceeds 0.15, which is the center region of curve representing d = 5. However, when p
is very low the users neither invest nor share. As shown in to monitor and to share cyber-threats. At
very low probability of vulnerability discovery, all players are demotivated to invest and then will not
share any vulnerability. Also, user will not share vulnerability if they are easy to discover .Future
model extension includes the extension of the current model to more than two users and the
consideration of heterogeneous vulnerabilities, heterogeneous players and incomplete information. We
will also investigate the possibility of repeated interaction as a mean to enforce information sharing.
Finally, we will compare the theoretical prediction of our game model with real data on cyber-threat
information sharing.
557

6.0 CONCLUSION
Our research team has developed an innovative analytical framework that utilizes game theory to
model the sharing of cyber-threat information in public cloud computing. This framework addresses
the trade-offs between the desirable security of public cloud users and the potential risks of sharing
cyber-threats. The game theoretic model we have constructed captures the conditions under which
public cloud users are motivated to monitor and share cyber-threats. We have found that at very low
probabilities of vulnerability discovery, all players are demotivated to invest and will not share any
vulnerability information. Similarly, if vulnerabilities are easy to discover, users are less likely to share
them. Our game theoretic framework serves as a valuable tool for understanding the dynamics of
cyber-threat information sharing in public cloud computing. However, there is room for further
development and extension of this model. For example, our future work will involve extending the
current model to accommodate more than two users, taking into account heterogeneous vulnerabilities
and players, and incorporating incomplete information.We will also investigate the possibility of
repeated interaction as a means of encouraging information sharing among public cloud users. This can
be a powerful tool for enforcing cooperation and enhancing the security of the public cloud computing
environment. Finally, we plan to validate the theoretical predictions of our game model by comparing
them with real-world data on cyber-threat information sharing. This will enable us to further refine and
improve our analytical framework, and to develop more effective strategies for promoting information
sharing and enhancing the security of public cloud computing.
REFERENCES
[1] Tosh, Deepak, et al. "An evolutionary game-theoretic framework for cyber-threat information sharing."
2015 IEEE International Conference on Communications (ICC). IEEE, 2015.
[2] Owen, Guillermo. Game theory. Emerald Group Publishing, 2013.
[3] Osborne, Martin J. An introduction to game theory. Vol. 3. No. 3. New York: Oxford university press, 2004.
[4] Do, Cuong T., et al. "Game theory for cyber security and privacy." ACM Computing Surveys (CSUR) 50.2
(2017): 1-37.
[5] Chukwudi, Amadi Emmanuuel, Eze Udoka, and Ikerionwu Charles. "Game theory basics and its application
in cyber security." Advances in Wireless Communications and Networks 3.4 (2017): 45-49.
[6] Melnyk, Steven A., et al. "New challenges in supply chain management: cybersecurity across the supply
chain." International Journal of Production Research 60.1 (2022): 162-183.
[7] Spott, Jessica L., Kara Page, Narges Hadi, Terra Tindle Williams, and Kamau O. Siwatu. "Exploring the
formal and informal stages in the socialization process in graduate students’ professional development."
Empowering student researchers (2021): 237-252.
[8] Boyes, Hugh. "Cybersecurity and cyber-resilient supply chains." Technology Innovation Management
Review 5.4 (2015): 28.
[9] Collins, Brandon, Shouhuai Xu, and Philip N. Brown. "Paying Firms to Share Cyber Threat Intelligence."
Decision and Game Theory for Security: 12th International Conference, GameSec 2021, Virtual Event,
October 25–27, 2021, Proceedings. Cham: Springer International Publishing, 2021.
[10] Golmohammadi, Amir-Mohammad, Negar Jahanbakhsh Javid, Lily Poursoltan, and Hamid Esmaeeli.
"Modeling and analyzing one vendor-multiple retailers VMI SC using Stackelberg game theory." Industrial
Engineering and Management Systems 15, no. 4 (2016): 385-395.
[11] Cheung, Kam-Fung, Michael GH Bell, and Jyotirmoyee Bhattacharjya. "Cybersecurity in logistics and
supply chain management: An overview and future research directions." Transportation Research Part E:
Logistics and Transportation Review 146 (2021): 102217.
[12] Hadiana, Hengameh, Amir Mohammad Golmohammadib, Hasan Hosseini Nasabc, and Negar Jahanbakhsh
Javidd. "Time Parameter Estimation Using Statistical Distribution of Weibull to Improve Reliability."
(2017).
[13] Simon, Jay, and Ayman Omar. "Cybersecurity investments in the supply chain: Coordination and a strategic
attacker." European Journal of Operational Research 282.1 (2020): 161-171.
[14] Chukwudi, Amadi Emmanuuel, Eze Udoka, and Ikerionwu Charles. "Game theory basics and its application
in cyber security." Advances in Wireless Communications and Networks 3.4 (2017): 45-49.
[15] Hadi, Narges. "Examining the effect of distance learning environment on graduate students’ research self-
efficacy: An investigation of the mediating effects of achievement goal orientations." PhD diss., 2021.
[16] Kumar, Subodha, and Rakesh R. Mallipeddi. "Impact of cybersecurity on operations and supply chain
management: Emerging trends and future research directions." Production and Operations Management
31.12 (2022): 4488-4500.
[17] Moskal, Stephen, Shanchieh Jay Yang, and Michael E. Kuhl. "Cyber threat assessment via attack scenario
558

simulation using an integrated adversary and network modeling approach." The Journal of Defense
Modeling and Simulation 15.1 (2018): 13-29.
[18] Zavareh, Bozorgasl, Hossein Foroozan, Meysam Gheisarnejad, and Mohammad-Hassan Khooban. "New
trends on digital twin-based blockchain technology in zero-emission ship applications." Naval Engineers
Journal 133, no. 3 (2021): 115-135.
[19] Wong, Lai-Wan, et al. "The role of cybersecurity and policy awareness in shifting employee compliance
attitudes: Building supply chain capabilities." International Journal of Information Management 66 (2022):
102520.
[20] Gong, Seonghyeon, and Changhoon Lee. "Cyber threat intelligence framework for incident response in an
energy cloud platform." Electronics 10.3 (2021): 239.
[21] Bozorgasl, Zavareh, and Mohammad J. Dehghani. "2-D DOA estimation in wireless location system via
sparse representation." In 2014 4th International Conference on Computer and Knowledge Engineering
(ICCKE), pp. 86-89. IEEE, 2014.
[22] Gupta, Nikhil, et al. "Additive manufacturing cyber-physical system: Supply chain cybersecurity and risks."
IEEE Access 8 (2020): 47322-47333.
[23] Hadi, Narges, Jessica L. Spott, and Raegan Higgins. "Underrepresented Students' Experiences in STEM at
Community Colleges: A Qualitative Exploration of Self-Identified Challenges and Supports." Journal of The
First-Year Experience & Students in Transition 34.2 (2022): 65-82.
[24] Sawik, Tadeusz. "A linear model for optimal cybersecurity investment in Industry 4.0 supply chains."
International Journal of Production Research 60.4 (2022): 1368-1385.
[25] Nazari Enjedani, Somayeh, and Mahyar Amini. "The role of traffic impact effect on transportation planning
and sustainable traffic management in metropolitan regions ." International Journal of Smart City Planning
Research 12.9 (2023): 688-700
[26] Sobb, Theresa, Benjamin Turnbull, and Nour Moustafa. "Supply chain 4.0: A survey of cyber security
challenges, solutions and future directions." Electronics 9.11 (2020): 1864.
[27] Jahanbakhsh Javidi, Negar, and Mahyar Amini. "Evaluating the effect of supply chain management practice
on implementation of halal agroindustry and competitive advantage for small and medium enterprises ."
International Journal of Computer Science and Information Technology 15.6 (2023): 8997-9008
[28] Boiko, Andrii, Vira Shendryk, and Olha Boiko. "Information systems for supply chain management:
uncertainties, risks and cyber security." Procedia computer science 149 (2019): 65-70.
[29] Amini, Mahyar, and Negar Jahanbakhsh Javidi. "A Multi-Perspective Framework Established on Diffusion
of Innovation (DOI) Theory and Technology, Organization and Environment (TOE) Framework Toward
Supply Chain Management System Based on Cloud Computing Technology for Small and Medium
Enterprises ." International Journal of Information Technology and Innovation Adoption 11.8 (2023): 1217-
1234
[30] Pandey, Shipra, et al. "Cyber security risks in globalized supply chains: conceptual framework." Journal of
Global Operations and Strategic Sourcing (2020).
[31] Amini, Mahyar and Ali Rahmani. "Agricultural databases evaluation with machine learning procedure."
Australian Journal of Engineering and Applied Science 8.6 (2023): 39-50
[32] Nagurney, Anna, Patrizia Daniele, and Shivani Shukla. "A supply chain network game theory model of
cybersecurity investments with nonlinear budget constraints." Annals of operations research 248 (2017):
405-427.
[33] Amini, Mahyar, and Ali Rahmani. "Machine learning process evaluating damage classification of
composites." International Journal of Science and Advanced Technology 9.12 (2023): 240-250
[34] Li, Yanhui, and Lu Xu. "Cybersecurity investments in a two-echelon supply chain with third-party risk
propagation." International Journal of Production Research 59.4 (2021): 1216-1238.
[35] Amini, Mahyar, Koosha Sharifani, and Ali Rahmani. "Machine Learning Model Towards Evaluating Data
gathering methods in Manufacturing and Mechanical Engineering." International Journal of Applied Science
and Engineering Research 15.4 (2023): 349-362.
[36] Luo, Suyuan, and Tsan-Ming Choi. "E-commerce supply chains with considerations of cyber-security:
Should governments play a role?." Production and Operations Management 31.5 (2022): 2107-2126.
[37] Sharifani, Koosha and Amini, Mahyar and Akbari, Yaser and Aghajanzadeh Godarzi, Javad. "Operating
Machine Learning across Natural Language Processing Techniques for Improvement of Fabricated News
Model." International Journal of Science and Information System Research 12.9 (2022): 20-44.
[38] Robertson, John, et al. "Data driven game theoretic cyber threat mitigation." Proceedings of the AAAI
Conference on Artificial Intelligence. Vol. 30. No. 2. 2016.
[39] Amini, Mahyar, et al. "MAHAMGOSTAR.COM AS A CASE STUDY FOR ADOPTION OF LARAVEL
FRAMEWORK AS THE BEST PROGRAMMING TOOLS FOR PHP BASED WEB DEVELOPMENT
FOR SMALL AND MEDIUM ENTERPRISES." Journal of Innovation & Knowledge, ISSN (2021): 100-
110.
[40] Amini, Mahyar, and Aryati Bakri. "Cloud computing adoption by SMEs in the Malaysia: A multi-
perspective framework based on DOI theory and TOE framework." Journal of Information Technology &
Information Systems Research (JITISR) 9.2 (2015): 121-135.
[41] Tosh, Deepak K., et al. "Risk management using cyber-threat information sharing and cyber-insurance."
Game Theory for Networks: 7th International EAI Conference, GameNets 2017 Knoxville, TN, USA, May
559

9, 2017, Proceedings. Cham: Springer International Publishing, 2017.
[42] Amini, Mahyar, and Nazli Sadat Safavi. "A Dynamic SLA Aware Heuristic Solution For IaaS Cloud
Placement Problem Without Migration." International Journal of Computer Science and Information
Technologies 6.11 (2014): 25-30.
[43] Zhang, Lixuan, et al. "Predicting Nodes' Performance in peer-to-peer network based on game
theory." International Journal of Information Systems and Management 17.18 (2023): 2418-2426.
[44] Chen, Lee, et al. "Defense Mechanism based on Game Theory for Securing Cloud Infrastructure against Co-
Resident DoS Attacks ." International Journal of Systems Management and Innovation Adoption 13.22
(2023): 8397-8404.
[45] Pan, Bing, et al. "Supply Chain Management System's Cybersecurity based on Blockchain
Technology." International Journal of Science and Advanced Technology 11.9 (2023): 76-83.
[46] Amini, Mahyar. "The factors that influence on adoption of cloud computing for small and medium
enterprises." (2014).
[47] Kamhoua, Charles, et al. "Cyber-threats information sharing in cloud computing: A game theoretic
approach." 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing. IEEE, 2015.
[48] Amini, Mahyar, et al. "Development of an instrument for assessing the impact of environmental context on
adoption of cloud computing for small and medium enterprises." Australian Journal of Basic and Applied
Sciences (AJBAS) 8.10 (2014): 129-135.
[49] Amini, Mahyar, et al. "The role of top manager behaviours on adoption of cloud computing for small and
medium enterprises." Australian Journal of Basic and Applied Sciences (AJBAS) 8.1 (2014): 490-498.
[50] Tosh, Deepak K., et al. "Three layer game theoretic decision framework for cyber-investment and cyber-
insurance." Decision and Game Theory for Security: 8th International Conference, GameSec 2017, Vienna,
Austria, October 23-25, 2017, Proceedings. Springer International Publishing, 2017.
[51] Amini, Mahyar, and Nazli Sadat Safavi. "A Dynamic SLA Aware Solution For IaaS Cloud Placement
Problem Using Simulated Annealing." International Journal of Computer Science and Information
Technologies 6.11 (2014): 52-57.
[52] Ogîgău-Neamțiu, Florin, and Horațiu Moga. "A cyber threat model of a nation cyber infrastructure based on
goel-okumoto port approach." Land Forces Academy Review 23.1 (2018): 75-87.
[53] Sadat Safavi, Nazli, Nor Hidayati Zakaria, and Mahyar Amini. "The risk analysis of system selection and
business process re-engineering towards the success of enterprise resource planning project for small and
medium enterprise." World Applied Sciences Journal (WASJ) 31.9 (2014): 1669-1676.
[54] Sadat Safavi, Nazli, Mahyar Amini, and Seyyed AmirAli Javadinia. "The determinant of adoption of
enterprise resource planning for small and medium enterprises in Iran." International Journal of Advanced
Research in IT and Engineering (IJARIE) 3.1 (2014): 1-8.
[55] Sadat Safavi, Nazli, et al. "An effective model for evaluating organizational risk and cost in ERP
implementation by SME." IOSR Journal of Business and Management (IOSR-JBM) 10.6 (2013): 70-75.
[56] Safavi, Nazli Sadat, et al. "An effective model for evaluating organizational risk and cost in ERP
implementation by SME." IOSR Journal of Business and Management (IOSR-JBM) 10.6 (2013): 61-66.
[57] Amini, Mahyar, and Nazli Sadat Safavi. "Critical success factors for ERP implementation." International
Journal of Information Technology & Information Systems 5.15 (2013): 1-23.
[58] Shen, Dan, et al. "An adaptive Markov game model for cyber threat intent inference." Theory and novel
applications of machine learning (2009): 376.
[59] Amini, Mahyar, et al. "Agricultural development in IRAN base on cloud computing theory." International
Journal of Engineering Research & Technology (IJERT) 2.6 (2013): 796-801.
[60] Oosthoek, Kris, and Christian Doerr. "Cyber threat intelligence: A product without a process?." International
Journal of Intelligence and CounterIntelligence 34.2 (2021): 300-315.
[61] Amini, Mahyar, et al. "Types of cloud computing (public and private) that transform the organization more
effectively." International Journal of Engineering Research & Technology (IJERT) 2.5 (2013): 1263-1269.
[62] Vakilinia, Iman, and Shamik Sengupta. "A coalitional game theory approach for cybersecurity information
sharing." MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM). IEEE, 2017.
[63] Amini, Mahyar, and Nazli Sadat Safavi. "Cloud Computing Transform the Way of IT Delivers Services to
the Organizations." International Journal of Innovation & Management Science Research 1.61 (2013): 1-5.
[64] Abdollahzadegan, A., Che Hussin, A. R., Moshfegh Gohary, M., & Amini, M. (2013). The organizational
critical success factors for adopting cloud computing in SMEs. Journal of Information Systems Research
and Innovation (JISRI), 4(1), 67-74.
[65] Robertson, John, et al. "Darknet mining and game theory for enhanced cyber threat intelligence." The Cyber
Defense Review 1.2 (2016): 95-122.
[66] Khoshraftar, Alireza, et al. "Improving The CRM System In Healthcare Organization." International Journal
of Computer Engineering & Sciences (IJCES) 1.2 (2011): 28-35.
560

A Game Theory Method To Cyber-Threat Information Sharing in Cloud Computing Technology

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A Game Theory Method To Cyber-Threat Information Sharing in Cloud Computing Technology

Uploaded by

Copyright:

Available Formats

International Journal of Computer Science and Engineering Research Volume 11, Issue 4 – 2023

A Game Theory Method to Cyber-Threat Information Sharing in Cloud

Mahyar Amini 1,3, Zavareh Bozorgasl 2

Electronic copy available at: https://ssrn.com/abstract=4370033

Effective information sharing is an important component of preventing and mitigating cyber-attacks.

Electronic copy available at: https://ssrn.com/abstract=4370033

2.0 LITERATURE REVIEW

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

Electronic copy available at: https://ssrn.com/abstract=4370033

You might also like