A four period game between two firms and two hackers is analyzed. The firms first defend and the hackers thereafter attack and share information. Each hacker seeks financial gain, beneficial information exchange, and reputation gain. The two hackers’ attacks and the firms’ defenses are...

The focus of this review is the long and broad history of attacker-defender games as a foundation for the narrower and shorter history of cyber security. The purpose is to illustrate the role of game theory in cyber security and which areas have received attention and to indicate future research...

In a two-period game, Player 1 produces zero-day exploits for immediate deployment or stockpiles for future deployment. In Period 2, Player 1 produces zero-day exploits for immediate deployment, supplemented by stockpiled zero-day exploits from Period 1. Player 2 defends in both periods. The...

We build an analytical framework to model the strategic interactions between a firm and hackers. Firms invest in security to defend against cyber attacks by hackers. Hackers choose an optimal attack, and they share information with each other about the firm's vulnerabilities. Each hacker prefers...