Phetmanee, Surasak (2025) Rational verification for Stackelberg Security Games. PhD thesis, University of Glasgow.
Due to Embargo and/or Third Party Copyright restrictions, this thesis is not available in this service.Abstract
Stackelberg Security Games (SSGs) are a game theory model used to help defenders analyse threats, plan strategies, and estimate resource allocation in cybersecurity. In an SSG, a defender (the leader) commits to a defensive strategy, which an attacker (the follower) observes before choosing their optimal response. However, a key limitation of this model is the absence of a formal approach to verify that the security properties of a defensive strategy hold under Stackelberg equilibrium conditions, particularly against adaptive adversaries. Rational verification addresses this by checking if a temporal logic formula is satisfied in some or all computed equilibria. This thesis introduces a framework that integrates rational verification into SSGs, and defenders can design rational defensive strategies.
We propose a methodology for analysing adaptive adversaries by formalising SSGs, a model that uses rational verification to incorporate equilibria and payoffs to synthesise dynamic strategies. We implement StEVe (Stackelberg Security Games and Equilibrium Verification), a tool that integrates game theory and formal verification for rationality in cybersecurity. The key features of StEVe include Attack Defence Trees (ADTs) to model threats, formalising security properties using temporal logic rPATL (Probabilistic Alternating-time Temporal Logic with Rewards), and an extension of PRISM-games to compute Stackelberg equilibria. StEVe gathers data from public vulnerability databases, such as Common Vulnerabilities and Exposures (CVEs), allowing defenders to tailor strategies to specific characteristics of cyber threat.
Our results show that the adaptive strategies produced by our framework yield a reduction in defender costs and system compromise compared to static approaches. The primary contribution of this work is a methodology and supporting tool that aim to improve the robustness of defensive strategies against adaptive threats by applying rational verification.
| Item Type: | Thesis (PhD) |
|---|---|
| Qualification Level: | Doctoral |
| Additional Information: | Supported by funding from the Royal Thai Government Scholarship. Due to copyright issues this thesis is not available for viewing. |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Colleges/Schools: | College of Science and Engineering > School of Computing Science |
| Funder's Name: | Royal Thai Government Scholarship |
| Supervisor's Name: | Sevegnani, Dr. Michele and Andrei, Dr. Oana |
| Date of Award: | 2025 |
| Depositing User: | Theses Team |
| Unique ID: | glathesis:2025-85556 |
| Copyright: | Copyright of this thesis is held by the author. |
| Date Deposited: | 30 Oct 2025 12:37 |
| Last Modified: | 30 Oct 2025 13:59 |
| Thesis DOI: | 10.5525/gla.thesis.85556 |
| URI: | https://theses.gla.ac.uk/id/eprint/85556 |
| Related URLs: |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year
Tools
Tools
