Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Blackjack: a game model for cybersecurity + Gambling industry's suspect use of data

#1
C C Offline
What the gambling industry isn't telling us about its use of data
https://www.newstatesman.com/business/co...s-use-data

EXCERPT: In the past week, the New York Times and the BBC have reported that customers of Sky Bet, the UK’s most popular gambling app, were concerned that the data held by the company and third-party data providers had been used to identify them as “high-value”, but also that their patterns of play had included loss-chasing behaviour or periods in which they had given up gambling.

Both of the gamblers interviewed had incurred tens of thousands of pounds’ worth of debt by the time they approached Ravi Naik, a solicitor and founder of the digital rights agency AWO. Naik has filed a number of data subject access requests and legal motions with different gambling operators and the companies they work with to try to reveal more about how they use gamblers’ data – especially those who are at risk of addiction.

“Our clients’ experience is that companies are not being transparent”, Naik told me. “They have had to go through a convoluted process to try to understand what third-party companies are using their information […] our clients have to ask company one, who will tell you about companies three and four, who will tell you about companies six and seven – and then they have to get separate identifiers from each one to try to piece it all together […] It is really beyond most people, hence why our clients had to instruct lawyers.”

These webs of data use make it hard to say who is making decisions about gamblers’ behaviour, and why. For example, companies are supposed to check whether a gambler can afford their losses. To do this, Naik explains, “companies provide what they call a 'traffic lighting' system, with a 'green light' indication as to whether somebody can afford to bet. We had one client who clearly could not afford to bet, but who was greenlit. Our client had no clarity over who’s determining that – who’s deciding what’s a green light and a red light? Our client could not know the thresholds, nor challenge the decisions made.”

This is not the first time that gambling data requests have raised concerns.... (MORE - details)


Blackjack: A Game Model for Applying AI to Cybersecurity
https://towardsdatascience.com/blackjack...6746f46aa5

EXCERPTS: . . . Cybersecurity is not a static game. The rules constantly change. There are many different types of players, and each has its own objectives, strategies, and tactics. When an organization adapts its defenses, attackers improve their offenses, requiring the organization to further improve its defenses. The result is an endless escalation game.

This is very different than most traditional applications of machine learning, which make predictions, classify data, and detect anomalies with data that does not include an adversary. In cybersecurity each action a security manager takes may inform an attacker and may result in an unpredictable change in the next attack. To move from fundamental models of machine learning towards AI, we will need to go beyond pattern detection to understand this escalation game. If we apply game theory to explore strategic decisions in multiagent games, we can begin to apply AI.

[...] When exploring existing game models that are similar to cybersecurity, the common models seem inadequate. What type of game is cybersecurity? The challenge of finding a model is because cybersecurity is played very differently by different players. It is not a simple decision of whether the game is finite or infinite, since for some players it is finite, but for others the goal is to stay in the game. Casino games can be helpful in applying game theory to real world problems. Consider the game of blackjack [...see article for descriptive account...]

[...] In blackjack, we see both conflict and cooperation. We see players competing with a short-term perspective with a goal of winning. We also see dealers competing with a long-term perspective with a goal of staying in the game. And we see the house cooperating to create an environment that sustains game play. But the goal of this article is not about applying game theory to blackjack, so how does this relate to cybersecurity?

Cybersecurity and the Blackjack Model. To look at cybersecurity from the perspective of blackjack, consider how the players relate to one another. The equivalent of the house is the organization. Organizations exist to create value for shareholders, to maintain a profit, and to create opportunities for people to apply their skills and expertise together towards a common purpose. This is very similar to the house in our blackjack model. The purpose of most organizations is not to defend against cyber-attacks. Instead, organizations manage risk by ensuring that cyber-attacks do not prevent them from carrying out their primary functions.

The security manager is the equivalent of the dealer. The security manager may be an executive, like a chief information security officer in larger organizations, or an information technology leader who is the person accountable for cybersecurity. The security manager, like the dealer, follows established best practices. The security manager cooperates with the organization to ensure that there are sufficient resources to invest in the security practices that will preserve the organization’s objectives. The security manager competes with attackers on a regular basis. Like the dealer, the security manager competes one-on-one against each attacker and recognizes that there will be some wins, and some losses. Ultimately, the security manager stays in the game by following best practices and ensuring that, although attackers may win some of the skirmishes, they ultimately do not negatively impact the organization.

Attackers in cyber conflict are like the individual players in blackjack. Each sits at the table and is willing to place a bet on an attack that may result in a win. For the attacker, the win may be the initial compromise of an organization’s network. It may be the theft of intellectual property. It could be the encryption of the organizations data to coerce a ransom payment. Attackers generally play a finite game. What distinguishes them is that the cost of an attack may be very low compared to the investment required by an organization to defend against it. In addition, attacks are numerous, and the ability to attribute them is limited, so prosecution is rare. Attackers can maintain an asymmetric advantage and face little risk, since there are few down-sides for them.

So we see that there are interesting similarities between the game of blackjack and cyber conflict and cooperation. But these parallels are not yet enough to start applying AI. To move towards a model that will be useful in AI, we will need some way to calculate which decisions are the best decisions for each player... (MORE - details)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  But what if hypothetical Planet 9 has moons? (astronomical betting / gambling games) C C 0 54 Feb 13, 2023 07:10 PM
Last Post: C C
  The sports gambling gold rush is on. Should we be concerned? C C 0 68 Feb 23, 2022 07:31 AM
Last Post: C C
  What is the world's deepest cave? + State gambling regulators wonder where poker went C C 1 80 Jul 31, 2021 12:42 PM
Last Post: Zinjanthropos
  Study shows online gambling soared during lockdown, especially among regular gamblers C C 0 72 May 18, 2021 02:13 AM
Last Post: C C
  Why moral arguments against gambling have disappeared in recent years C C 2 167 Apr 16, 2021 11:44 PM
Last Post: Syne
  Oz government strives to cripple its own fledgling space industry (bureaucracy games) C C 0 128 Mar 19, 2021 10:40 AM
Last Post: C C
  When will sports come back? Will the pro & college industry even survive? C C 0 130 May 4, 2020 05:15 AM
Last Post: C C
  Model Who Tattooed Her Eyeball Is Now Partially Blind & Warning Others (hobbies) C C 2 407 Oct 1, 2017 11:19 PM
Last Post: Syne



Users browsing this thread: 1 Guest(s)