GameSec 2017

Conference on Decision and Game Theory for Security

October 23-25, 2017, Vienna, Austria

2017 Conference on Decision and Game Theory for Security

GameSec 2017, the 8th Conference on Decision and Game Theory for Security will take place in Vienna, Austria, on October 23-25, 2017.

The conference is over - THANKS TO ALL PARTICIPANTS for a great event!
Photos taken during the conference can be downloaded here (password-protected and available only to registered participants)

The conference proceedings published by Springer as LNCS series No 10575 are available here.


Nations, corporations, and individuals constantly need to reason about how to protect their sensitive assets in order to ensure economic growth and prosperity. Decision making for security and privacy of infrastructure and information needs a scientific framework that can handle challenges arising from modern-day heterogeneous, dynamic, and large-scale systems.

GameSec solicits theoretical and practical contributions towards a science of decision making in security. In particular, GameSec publishes papers that apply decision and game theory, as well as related techniques such as dynamic control and mechanism design, to build resilient, secure, and dependable networked systems.

Conference Topics

The goal of GameSec is to bring together academic and indus- trial researchers in an effort to identify and discuss the major technical challenges and recent results that highlight the connection between game theory, control, distributed optimization, economic incentives and real world security, reputation, trust and privacy problems in a variety of technological systems. Submissions should solely be original research papers that have neither been published nor submitted for publication elsewhere.

  • Game theory and mechanism design for security and privacy
  • Pricing and economic incentives for building dependable and secure systems
  • Dynamic control, learning, and optimization and approximation techniques
  • Decision making and decision theory for cybersecurity and security requirements engineering
  • Socio-technological and behavioral approaches to security
  • Risk assessment and risk management
  • Security investment and cyber insurance
  • Security and privacy for the Internet-of-Things (IoT), cyber-physical systems, resilient control systems
  • New approaches for security and privacy in cloud computing and for critical infrastructure
  • Security and privacy of wireless and mobile communications, including user location privacy
  • Game theory for intrusion detection
  • Empirical and experimental studies with game-theoretic or optimization analysis for security and privacy

Special Track on "Data-Centric Models and Approaches"

In cyber and physical security and privacy applications, data plays an important role and presents fundamental challenges. In some domains, it is difficult to gather a large amount of data, and the data available may suffer from severe class imbalance, high noise, and numerous missing entries. In other domains, when multiple agents are involved, how the data presented to the agents impacts their decision making is under-explored. It can be challenging to incorporate data of the available form into the game-theoretic and decision-theoretic models for these domains, since many current approaches apply to precisely defined models and how to define models using the available data is unclear in many cases. In addition to the data-related challenges in cyber and physical security domains, the use of data in many domains leads to security and privacy concerns, and game-theoretic and decision-theoretic models can be designed for addressing such concerns. This special track invites submissions on various data-centric models and approaches, including work on empirical game theory; adversarial machine learning; data collection through crowdsourcing; synthetic data generation; applications of machine learning methods; novel techniques for handling real-world data and evaluating models using data. Please submit to the special track under the topic "Data-Centric Models and Applications".

Plenary Speakers

Day 1

Photo: Professor V.S. Subrahmanian
V.S. Subrahmanian
V.S. Subrahmanian is The Dartmouth College Distinguished Professor in Cybersecurity, Technology, and Society. Prior to this, he was Professor of Computer Science for 28 years at the University of Maryland and Director of the Center for Digital International Government. He has developed data-driven algorithms that bring game theory and predictive analytics together for a variety of problems relating to counter-terrorism, cyber-security, and the airline industry. In cyber-security, he developed adversary models and Pareto optimal methods to help system administrators decide what vulnerabilities to patch and what vulnerable software to deactivate. He also extended this model to one where, additionally, the defender has honeypots that he can install in a strategic way. More recently, he has been looking at game-theoretic models in which the defender can provide "fake" scan results that enable a defender to divert the attack from network nodes containing truly valuable information. He led the team that won DARPA's 2015 Twitter Bot Challenge in the SMISC program. His Global Cyber Vulnerability Report is the biggest study to date of the vulnerability of 44 countries from over 20B malware and telemetry records. He has written over 300 refereed papers and (co-) authored 6 books. Prof. Subrahmanian serves on the editorial boards of journals such as Science, ACM Transactions on Intelligent Systems & Technology. ACM Transactions on Computational Logic, and more. In addition, he is the editor in chief of IEEE Intelligent Systems. A fellow of both AAAI and AAAS, he has delivered numerous invited talks and keynote addresses.
Keynote Speech:

A Probabilistic Logic of Cyber Deception
(slides are available for download)

Abstract: Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this talk, we describe a system that generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a Probabilistic Logic of Deception (PLD-Logic) and show that various computations are NP-hard. We model the attacker's state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage that the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run-time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD offline and storing the results, we can very efficiently answer run-time scan requests. Joint work with S. Jajodia, N. Park, F. Pierazzi, A. Pugliese, E. Serra, and G. Simari.

Day 2

Photo: Professor Piet Van Mieghem
Piet Van Mieghem
Piet Van Mieghem is professor at the Delft University of Technology with a chair in telecommunication networks and chairman of the section Network Architectures and Services (NAS) since 1998. His main research interests lie in the modelling and analysis of complex networks (such as infrastructural, biological, brain, social networks) and in new Internet-like architectures and algorithms for future communications networks. He is the author of four books: Performance Analysis of Communications Networks and Systems, Data Communications Networking, Graph Spectra for Complex Networks and Performance Analysis of Complex Networks and Systems. Currently, he serves on the editorial board of the OUP Journal of Complex Networks. Professor Van Mieghem received a Master and Ph. D. degree in Electrical Engineering from the K.U.Leuven (Belgium) in 1987 and 1991, respectively. Before joining Delft, he worked at the Interuniversity Micro Electronic Center (IMEC) from 1987 to 1991. During 1993 to 1998, he was a member of the Alcatel Corporate Research Center in Antwerp, where he was engaged in performance analysis of ATM systems and in network architectural concepts of both ATM networks (PNNI) and the Internet. He was a visiting scientist at MIT (department of Electrical Engineering, 1992-1993) and a visiting professor at UCLA (department of Electrical Engineering, 2005), at Cornell University (Center of Applied Mathematics, 2009) and at Stanford University (department of Electrical Egineering, 2015). He was member of the editorial board of Computer Networks (2005-2006), the IEEE/ACM Transactions on Networking (2008-2012), the Journal of Discrete Mathematics (2012-2014) and Computer Communications (2012-2015).
Keynote Speech:

A brief tour through Network Science
(slides are available for download)

Abstract: Our main aim is to briefly overview the main concepts of Network Science. Network Science is a relatively new field and its main objective is to understand the relation between the process (or function) over the network and the graph structure (or topology) of the network itself. This duality distinguishes Network Science from graph theory and from dynamic processes and system's theory. The talk is divided in three part: first, we present our personal view on the history of Network Science and its fascinations. Then, we talk about one process that can be dealt with in quite some mathematical detail: epidemic spread on networks, that has already led to many game-theoretical papers. The final part consists of an outlook on interesting network problems. Throughout the talk, I will suggest where game theory may help in solving network problems.

Conference Sponsors and Supporters

We thank all our sponsors for their kind support.