A Game-Theoretic Model for Defending Against Malicious Users in RecDroid

Bahman Rashidi

December 5th, 2014

1

Overview

- Introduction

- RecDroid system

- Game theoretic model

- Nash equilibrium

- Discussion

- Conclusion

2

RecDroid system

- What is RecDroid?

- A framework, to improve and assist mobile (smartphone) users to control their

resource and privacy through crowd sourcing.

- Android OS permission granting All-or-Nothing

- Two app installation modes:

- Probation

- Trusted

- Real-time resource granting decisions

- Expert and peer recommendation system

3

RecDroid system (cont.)

- RecDroid UI

• Installation Process • Recommendation

4

RecDroid system (cont.)

- RecDroid Functionalities:

1. Collecting permission-request responses

2. Analyzing the responses

3. Recommend low-risk responses to permission requests

4. Expanding expert user base

5. Ranking the apps

5

RecDroid system (cont.)

- RecDroid’s Components

Verification system

Environment Knowledge

Expert users

Users

Malicious Regular

6

RecDroid system (cont.)

- Verification system

Environment knowledge

Previous responses

User behavior

App developer

Game model

Users’ type prediction Security improvement

7

Game Theoretic Model

- Normal- Form Representation

2 Players

Users (Malicious, Regular) RecDroid system

Strategies space

Users Malicious (Malicious, Not Malicious) Regular (Not malicious)

RecDroid (Verify, Not verify)

8

Game Theoretic Model (cont.)

- Normal- Form Representation

Payoff

Common parameters Special parameters

𝜔 :- Security value

- Equal to gain/loss (both of them)- Loss of reputation (RecDroid)- Loss of secrecy (Malicious users)

Cost of verification (RecDroid)

Cost of responding (Maliciously)

Recognition rate (true positive) of the RecDroid

False alarm rate (false positive rate)

𝑐𝑚:

𝛼 :𝛽 :

9

Game Theoretic Model (cont.)

- Payoff matrix

Player i is malicious

Player i is regular

→

10

Game Theoretic Model (cont.)

- Extensive form

Node N represents a “nature” node, who determines the type of player i (Attacker or Regular user)

Assumption: is a common prior

Player i knows RecDroid’s belief of

11

Game Theoretic Model (cont.)

- Bayesian Nash equilibrium

(Malicious (malicious user), Not malicious (regular user))

→

(Malicious, Verify), Not BNE

→if (Malicious, Verify)

(Malicious, Not Verify), Pure strategy BNE →

12

Game Theoretic Model (cont.)

- Bayesian Nash equilibrium

(Not Malicious (malicious user), Not malicious (regular user))

Regardless of :

RecDroid’s best strategy: Not verify (dominant)

Malicious user’s best strategy: Malicious

Reduces to the previous case (Not BNE)

13

Game Theoretic Model (cont.)

- Bayesian Nash equilibrium

We analyzed all the existing strategy combinations

No pure-strategy when

Mixed-strategy

14

Game Theoretic Model (cont.)

- Bayesian Nash equilibrium

Mixed-strategy

p : user plays Maliciousq : RecDroid plays Verify

→

(( if Malicious user, Not malicious if regular), , ) is the mixed-strategy

15

Discussion

- Impact of parameters

- Impact of : detection rate (true positive rate)

- is high- Depends on

- Impact of

- Impact on p is high

- Impact of : false alarm rate (false positive rate)

- When malicious user plays Not malicious and RecDroid plays Verify

p is high, RecDroid has a high outcome

p is low, User has a high outcome

→

16

Conclusion

- Modeling the RecDroid system as a game

- Interaction between the system and users

- Making the verification system more effective

- Environment knowledge + Game model as a tool

- More improvement : Dynamic Bayesian game

- Multi stage game

- Improving the and

Thank you !!!Question?