S.D. Erokhin1, B.B. Borisenko2, A.S. Fadeev3, Yu.A. Konysheva4
1–3 MTUCI (Moscow, Russia)
4 RTU MIREA (Moscow, Russia)
1 esd@mtuci.ru, 2 fepem@yandex.ru, 3 aleksandr-sml@mail.ru, 4 konysheva@mirea.ru
In the field of information security, there is a need for effective models describing strategic confrontation between a defender and an attacker. Existing game-theoretic models often fail to account for the dynamics of conflict development and the specific characteristics of the protected system. This leads to limitations in solving practical problems, reduces the adequacy of threat assessment, and prevents timely adaptation of protective measures under continuously changing attack vectors.
The aim of this work is to develop a new game-theoretic model that, based on the features of the protected system (its architecture, vulnerabilities), can effectively counter information security threats by dynamically changing the state of the security system in response to the attacker’s actions.
The authors conduct an analysis of existing game-theoretic models used in information security tasks, identifying their advantages, disadvantages, and key limitations in practical use. Requirements for a new model are formulated, taking into account the specifics of the protected system. Factors influencing the outcome of strategic interactions are analyzed: attack costs, cost of defensive measures, potential damage, and benefits for both sides.
The developed model is a useful tool for analysis and decision support in defender-attacker conflict situations. It allows predicting probable attacker actions, selecting optimal defense mechanisms, and adapting security policies in real time. The application domain includes information security tasks such as protection of corporate networks, critical information infrastructure, and automated systems. The model is especially effective under continuously changing threats, where rapid reaction to changes in attacker tactics is required.
The proposed game-theoretic approach is not intended for feature selection per se but rather as a meta-model for decision-making when selecting the most informative features. It is valuable for adaptive feature selection, accounting for attack distributions, and handling misclassification costs.
Erokhin S.D., Borisenko B.B., Fadeev A.S., Konysheva Yu.A. A game-theoretic method for constructing training samples for machine learning models in cybersecurity // Highly Available Systems. 2026. V. 22. № 2. P. 109−117. DOI: https://doi.org/10.18127/
j20729472-202602-09
- Vavichkin N.A. Matematicheskie modeli v informacionnoj bezopasnosti. XVI Vseros. nauchno-prakt. konf. «Bezopasnost` informacionnogo prostranstva – 2017». Ekaterinburg: Izd-vo Ural`skogo un-ta. 2018. S. 148–150.
- Lavrent`ev A.V., Zyazin V.P. O primenenii metodov teorii igr dlya resheniya zadach komp`yuternoj bezopasnosti. Bezopasnost` informacionny`x texnologij. 2013. T. 20. № 3. S. 19–24.
- Basalova G.V. Primenenie metodov teorii igr v sistemax obnaruzheniya vtorzhenij. Izvestiya TulGU. Texnicheskie nauki. 2017. Vy`p. 10. S. 207–216.
- Eroxin S.D., Pilyugin P.L., Borisenko B.B., Fadeev A.S. Analiz i postroenie teoretiko-igrovy`x modelej protivodejstviya ugrozam informacionnoj bezopasnosti. Dokl. Vseros. konf., posvyashhyonnoj «Dnyu radio» (Moskva, 07–09 iyunya 2023 g.) «Radioe`lektronny`e ustrojstva i sistemy` dlya infokommunikacionny`x texnologij» («RE`US-IT 2023»). M.: Rossijskoe nauchno-texnicheskoe obshhestvo radiotexniki, e`lektroniki i svyazi im. A.S. Popova. 2023. S. 318–322. EDN MIZTUS.
- Eroxin S.D., Borisenko B.B., Fadeev A.S. Analiz i razrabotka teoretiko-igrovy`x modelej obespecheniya informacionnoj bezopasnosti kriticheskoj informacionnoj infrastruktury`. Sistemy` sinxronizacii, formirovaniya i obrabotki signalov. 2023. T. 14. № 6. S. 9–17. EDN ZHPGAZ.
- Eroxin S.D., Borisenko B.B., Fadeev A.S. Razrabotka teoretiko-igrovoj modeli protivodejstviya ugrozam informacionnoj bezopasnosti kriticheskoj informacionnoj infrastruktury`. Dokl. 4-oj Vseros. konf. (Moskva, 12–13 dekabrya 2023 g.) «Sovremenny`e texnologii obrabotki signalov (STOS-2023)». M.: Rossijskoe nauchno-texnicheskoe obshhestvo radiotexniki, e`lektroniki i svyazi im. A.S. Popova. 2023. S. 169–174. EDN UTSODB.
- Eroxin S.D., Borisenko B.B., Fadeev A.S. Ob obespechenii bezopasnosti kriticheskoj informacionnoj infrastruktury` na osnove teorii igr. Dokl. Vseros. konf., posvyashhennoj Dnyu radio (Moskva, 31 maya 2024 g.) «Radioe`lektronny`e ustrojstva i sistemy` dlya infokommunikacionny`x texnologij» («RE`US-IT 2024»). M.: Rossijskoe nauchno-texnicheskoe obshhestvo radiotexniki, e`lektroniki i svyazi im. A.S. Popova. 2024. S. 418–423. EDN EJBWBS.
- Ho E., Rajagopalan A., Skvortsov A., Arulampalam S., Piraveenan M. Game Theory in Defence Applications. A Review. Sensors. 2022; 22(3):1032.
- CSE-CIC-IDS2018 on AWS. A collaborative project between the Communications Security Establishment (CSE) & the Canadian Institute for Cybersecurity (CIC). URL: https://www.unb.ca/cic/datasets/ids-2018.html (data obrashheniya: 17.04.2026).

