Roi Naveiro Flores, Tahir Ekin, David Ríos Insua y Alberto Torres Barrán, Premio SEIO-Fundación BBVA a la Mejor contribución metodológica en Investigación Operativa

Roi Naveiro Flores, Tahir Ekin, David Ríos Insua and Alberto Torres Barrán

SPANISH SOCIETY OF STATISTICS AND OPERATIONS RESEARCH (SEIO)-BBVA FOUNDATION AWARDS

Best Methodological Contribution in Operations Research

2023

For their paper “Augmented probability simulation methods for sequential games,” published in the European Journal of Operational Research, and hailed by the committee as “an important contribution in adversarial risk analysis, with strong applications in adversarial machine learning approaches.”

CONTRIBUTION

Cybersecurity is, at heart, a game of cat and mouse. Businesses and home users install anti-virus, firewalls and other barriers on their computers, which hackers study carefully to devise ways to crack them. The study carried out by Roi Naveiro Flores, Professor of Quantitative Methods at CUNEF University in Madrid; Tahir Ekin, Steven R. Gregg Associate Professor of Quantitative Methods at Texas State University, United States; David Ríos Insua, Research Professor in the Institute of Mathematical Sciences, ICMAT, of the Spanish National Research Council; and Alberto Torres Barrán, Chief Technology Officer at Komorebi AI S.L., aims to build on classical game theory tools to adapt them for cybersecurity purposes.

“Technology is advancing so fast that the messages that reach us are more and more personalized. Some training in statistics is essential to make better decisions and avoid falling into logical fallacies” – Roi Naveiro Flores

In their paper “Augmented probability simulation methods for sequential games,” published in the European Journal of Opera­tional Research, as well as proposing a theoretical framework, the authors describe an algorithm that can help firms decide which cyber security tools are right for them, setting their cost against the client’s vulnerability to attacks.

In the classical approach, the defender is assumed to have full knowledge of the attackers’ possible actions, uncertainty judgments and interests,” Naveiro explains. But it is not wholly realistic to expect such total knowledge. The researchers accordingly envision a way to factor uncertainty into the attacker’s decision process in order to choose the best defence strategy.

Moreover, classical theory was developed for the human scale, when choices were made from among a limited number of decisions. But in the cybersecurity context, decisions may draw on millions of options, too many for traditional techniques. The algorithms proposed by the awardee team work best when choosing among many possible decisions. And the award, says Naveiro, “comes as a recognition that encourages us to go on working to transcend the current paradigms in game theory.”

The researcher believes that statistics is increasingly vital in today’s society, since “technology is advancing so fast that the messages that reach us are more and more personalized, which can make people more easily manipulated. So some training in statistics is essential to make better decisions and avoid falling into logical fallacies.”