Optimal Defense Strategy Selection for Spear-Phishing Attack Based on a Multistage Signaling Game

The integration of industrial control systems (ICS) with information technologies offers not only convenience but also creates security problems, from public networks to ICS. Spear-phishing attacks account for a considerable proportion of such security incidents. Therefore, there have been many studies about dealing with spear-phishing attacks. Most of these studies focus on studying strategies with better defense capabilities for spear-phishing attacks while neglecting the cost of implementing the strategies. However, a strategy with strong defense capabilities may not always be highly cost-effective. Moreover, considerable research has tended to consider the attacker and defender separately while ignoring the fact that the spear-phishing attack-defense process is a dynamic process of confrontation between the attacker and the defender. Actually, the deployment of defense strategies should comprehensively consider the defender's condition and the adversary's possible actions. Therefore, how to select the optimal strategy that defends against spear-phishing attacks with minimum overhead is a problem worthy of further study. Motivated by this consideration, we construct the multistage spear-phishing attack-defense signaling game model (MSPAD-SGM), which comprehensively considers the defense capability, the strategy cost, and the possible strategies of the two sides. Based on this model, we propose the optimal strategy selection algorithm for the spear-phishing attack-defense process. In addition, rather than numerical values, we adopt symbolic variables to quantify the payoffs and present a deep analysis of how the variation of payoffs influences the game result, which helps to reduce the subjectivity and improve the feasibility of our model. The simulation and deduction of the proposed approach are presented in a case study of MSPAD-SGM to demonstrate the feasibility and effectiveness of the proposed strategy's optimal selection approach. Our method provides decision support for the spear-phishing attack-defense process and improves the dynamic analysis efficiency of defense decision-making.