The Critical Node Game
Gabriele Dragotto, Amine Boukhtouta, Andrea Lodi, Mehdi Taobane
TL;DR
We introduce the Critical Node Game, a two-player simultaneous attacker-defender model on cloud-network graphs $G=(V,E)$ where defender and attacker select $x\in\{0,1\}^{|V|}$ and $\alpha\in\{0,1\}^{|V|}$ under budgets $D$ and $A$ to maximize payoffs $f^d(x;\alpha)$ and $f^a(\alpha;x)$. Nash equilibria of this integer-programming game are computed by a tailored ZERO Regrets algorithm that handles the parametrized knapsack structure and attack-uncertainty, yielding pure or $\Phi$-approximate equilibria. The cloud-specific payoff model assigns node-level values $p^d_i$ and $p^a_i$ with multipliers $\delta,\eta,\epsilon,\gamma$, aggregating to $f^d$ and $f^a$, and is validated on synthetic graphs and a real-world cloud network to demonstrate prescriptive security guidance under adversarial conditions. The work shows practical scalability, reports both exact and approximate equilibria, and suggests extensions such as richer attacker dynamics and MITRE ATT&CK-informed constraints to enhance realism and robustness of the security recommendations.
Abstract
In this work, we introduce a game-theoretic model that assesses the cyber-security risk of cloud networks and informs security experts on the optimal security strategies. Our approach combines game theory, combinatorial optimization, and cyber-security and aims to minimize the unexpected network disruptions caused by malicious cyber-attacks under uncertainty. Methodologically, we introduce the critical node game, a simultaneous and non-cooperative attacker-defender game where each player solves a combinatorial optimization problem parametrized in the variables of the other player. Each player simultaneously commits to a defensive (or attacking) strategy with limited knowledge about the choices of their adversary. We provide a realistic model for the critical node game and propose an algorithm to compute its stable solutions, i.e., its Nash equilibria. Practically, our approach enables security experts to assess the security posture of the cloud network and dynamically adapt the level of cyber-protection deployed on the network. We provide a detailed analysis of a real-world cloud network and demonstrate the efficacy of our approach through extensive computational tests.