ICCK Transactions on Cybersecurity Home About Editors Current Issue
  1. Home
  2. Journals
  3. ICCK Transactions on Cybersecurity
  4. Volume 1, Issue 2
From Phishing to Prompt Bombing: Innovative Game-Theoretic Solutions for Modern Cyber Threats
Research Article | Published: 25 December 2025
ICCK Transactions on Cybersecurity Volume 1, Issue 2, 2025-2026: 35-57
Volume 1, Issue 2, ICCK Transactions on Cybersecurity
Volume 1, Issue 2, 2025-2026
Submit Manuscript Edit a Special Issue
Article QR Code
Article QR Code
Scan the QR code for reading
Popular articles
Case Studies on Integrating Artificial Intelligence in Finance to Transform Decision Making and Risk Management for Enhanced Financial Outcomes Reservoir Science: A Multi-Coupling Communication Platform to Promote Energy Transformation, Climate Change and Environmental Protection Reinforcement Learning for Prompt Optimization in Language Models: A Comprehensive Survey of Methods, Representations, and Evaluation Challenges From CO$_2$ Sequestration to Hydrogen Storage: Further Utilization of Depleted Gas Reservoirs AI and the Future of Education: Advancing Personalized Learning and Intelligent Tutoring Systems Effects of Crosslinking Agents and Reservoir Conditions on the Propagation of Fractures in Coal Reservoirs During Hydraulic Fracturing The Influence of Geological Factors and Transmission Fluids on the Exploitation of Reservoir Geothermal Resources: Factor Discussion and Mechanism Analysis YOLOv8-Lite: A Lightweight Object Detection Model for Real-time Autonomous Driving Systems Plant Disease Detection Using Deep Learning Techniques Current Status and Development Prospects of Carbon Capture, Utilization, and Storage (CCUS) in China: Technical, Policy, and Market Perspectives
ICCK Transactions on Cybersecurity, Volume 1, Issue 2, 2025-2026: 35-57

Free to Read | Research Article | 25 December 2025
From Phishing to Prompt Bombing: Innovative Game-Theoretic Solutions for Modern Cyber Threats
by
Tummalapalli Sri Ganesh Vamsi Tummalapalli Sri Ganesh Vamsi 1
Manas Kumar Yogi Manas Kumar Yogi 1 *
Yamuna Mundru Yamuna Mundru 2
1 Department of Computer Science and Engineering, Pragati Engineering College, Andhra Pradesh 533437, India
2 Department of CSE (AIML), Pragati Engineering College, Andhra Pradesh 533437, India
* Corresponding Author: Manas Kumar Yogi, [email protected]
DOI: 10.62762/TC.2025.969565
ARK: ark:/57805/tc.2025.969565
Received: 17 August 2025, Accepted: 07 September 2025, Published: 25 December 2025  
   PDF  (1.79 MB)
Article Metrics Cite This Article
Abstract
The rise of multi-factor authentication (MFA) has significantly enhanced cybersecurity postures, yet its effectiveness is increasingly challenged by sophisticated social engineering attacks, particularly those exploiting MFA fatigue. MFA fatigue, a tactic where attackers inundate users with authentication prompts, aims to induce erroneous approvals, as notably exemplified by the 2022 Uber breach. This phenomenon undermines the very security MFA is designed to provide by leveraging human vulnerabilities. Game theory, a powerful mathematical framework for analyzing strategic decision-making, offers a robust methodology to model the dynamic interactions between attackers and defenders. By applying game theoretic principles, it becomes possible to predict attacker behaviors, understand user responses under pressure, and design optimal countermeasures. This article presents a comprehensive game-theoretic analysis of MFA fatigue attacks, including formal mathematical models, empirical validation through Monte Carlo simulations, and practical implementation frameworks. The proposed game-theoretic countermeasures reduce MFA fatigue attack success rates by 87% (from 68.3% to 8.9%) in simulations, with combined approaches achieving as low as 3.2% (=95% reduction) in some scenarios. The research synthesizes current approaches, provides novel theoretical contributions, and establishes a roadmap for future research in this critical cybersecurity domain.
Graphical Abstract
From Phishing to Prompt Bombing: Innovative Game-Theoretic Solutions for Modern Cyber Threats
Keywords
game theory
cybersecurity
social engineering
MFA fatigue
multi-factor authentication
strategic interaction
behavioral security
nash equilibrium
empirical validation
Data Availability Statement
Data will be made available on request.
Funding
This work was supported without any funding.
Conflicts of Interest
The authors declare no conflicts of interest.
Ethical Approval and Consent to Participate
This study was approved by the Institutional Review Board (IRB) of Pragati Engineering College (Approval No. PEC/IRB/21-7). All participants provided written informed consent prior to participation. The study was conducted in accordance with the Declaration of Helsinki.
References
  1. Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M. J. G., & Levi, M. (2012). The economics of information security and privacy. Measuring the Cost of Cybercrime, eds R. Böhme (Berlin: Springer).
    [Google Scholar]
  2. Do, C. T., Tran, N. H., Hong, C., Kamhoua, C. A., Kwiat, K. A., Blasch, E., ... & Iyengar, S. S. (2017). Game theory for cyber security and privacy. ACM Computing Surveys (CSUR), 50(2), 1-37.
    [CrossRef]   [Google Scholar]
  3. Farahmand, F. (2018). Applying behavior economics to improve cyber security behaviors.
    [Google Scholar]
  4. Jubur, M., Saxena, N., & Reegu, F. A. (2024). Usability and Security Analysis of the Compare-and-Confirm Method in Mobile Push-Based Two-Factor Authentication. IEEE Transactions on Mobile Computing.
    [CrossRef]   [Google Scholar]
  5. Cranor, L. F. (2008). A framework for reasoning about the human in the loop. https://www.usenix.org/legacy/event/upsec/tech/full_papers/cranor/cranor.pdf
    [Google Scholar]
  6. Das, S., Wang, B., Tingle, Z., & Camp, L. J. (2019). Evaluating user perception of multi-factor authentication: A systematic review. arXiv preprint arXiv:1908.05901.
    [Google Scholar]
  7. Egelman, S., & Peer, E. (2015, April). Scaling the security wall: Developing a security behavior intentions scale (sebis). In Proceedings of the 33rd annual ACM conference on human factors in computing systems (pp. 2873-2882).
    [CrossRef]   [Google Scholar]
  8. Felt, A. P., & Wagner, D. (2011). Phishing on mobile devices. https://people.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf
    [Google Scholar]
  9. Furnell, S., & Clarke, N. (2012). Power to the people? The evolving recognition of human aspects of security. computers & security, 31(8), 983-988.
    [CrossRef]   [Google Scholar]
  10. Grassi, P. A., Garcia, M. E., & Fenton, J. L. (2017). Draft nist special publication 800-63-3 digital identity guidelines. National Institute of Standards and Technology, Los Altos, CA.
    [Google Scholar]
  11. Herley, C., & Van Oorschot, P. (2011). A research agenda acknowledging the persistence of passwords. IEEE Security & privacy, 10(1), 28-36.
    [CrossRef]   [Google Scholar]
  12. Huang, L., & Zhu, Q. (2020). A dynamic games approach to proactive defense strategies against advanced persistent threats in cyber-physical systems. Computers & Security, 89, 101660.
    [CrossRef]   [Google Scholar]
  13. Ives, B., Walsh, K. R., & Schneider, H. (2004). The domino effect of password reuse. Communications of the ACM, 47(4), 75-78.
    [CrossRef]   [Google Scholar]
  14. Kahneman, D., & Tversky, A. (2013). Prospect theory: An analysis of decision under risk. In Handbook of the fundamentals of financial decision making: Part I (pp. 99-127).
    [CrossRef]   [Google Scholar]
  15. Karlsson, F., Åström, J., & Karlsson, M. (2015). Information security culture–state-of-the-art review between 2000 and 2013. Information & Computer Security, 23(3), 246-285.
    [CrossRef]   [Google Scholar]
  16. Laszka, A., Farhang, S., & Grossklags, J. (2017, October). On the economics of ransomware. In International conference on decision and game theory for security (pp. 397-417). Cham: Springer International Publishing.
    [CrossRef]   [Google Scholar]
  17. Hasan, S. S. U., Ghani, A., Daud, A., Akbar, H., & Khan, M. F. (2025). A Review on Secure Authentication Mechanisms for Mobile Security. Sensors, 25(3), 700.
    [CrossRef]   [Google Scholar]
  18. Manshaei, M. H., Zhu, Q., Alpcan, T., Bacşar, T., & Hubaux, J. P. (2013). Game theory meets network security and privacy. Acm Computing Surveys (Csur), 45(3), 1-39.
    [CrossRef]   [Google Scholar]
  19. Micallef, N., Just, M., Baillie, L., & Alharby, M. (2017, November). Stop annoying me! an empirical investigation of the usability of app privacy notifications. In Proceedings of the 29th Australian Conference on Computer-Human Interaction (pp. 371-375).
    [CrossRef]   [Google Scholar]
  20. Chonka, A. (2020). Cybersecurity framework, Version 1.1. National Institute of Standards and Technology (NIST) Special Publication 800-161.
    [Google Scholar]
  21. Akeiber, H. J. (2025). The Evolution of Social Engineering Attacks: A Cybersecurity Engineering Perspective. Al-Rafidain Journal of Engineering Sciences, 294-316.
    [CrossRef]   [Google Scholar]
  22. Ang, K. W., Chekole, E. G., & Zhou, J. (2025). Unveiling the Covert Vulnerabilities in Multi-Factor Authentication Protocols: A Systematic Review and Security Analysis. ACM Computing Surveys.
    [CrossRef]   [Google Scholar]
  23. Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & security, 31(4), 597-611.
    [CrossRef]   [Google Scholar]
  24. Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., & Wu, Q. (2010, January). A survey of game theory as applied to network security. In 2010 43rd Hawaii international conference on system sciences (pp. 1-10). IEEE.
    [CrossRef]   [Google Scholar]
  25. Xiao, L., Chen, T., Han, G., Zhuang, W., & Sun, L. (2017). Game theoretic study on channel-based authentication in MIMO systems. IEEE Transactions on Vehicular Technology, 66(8), 7474-7484.
    [CrossRef]   [Google Scholar]
  26. Schneier, B. (2013). Click Here to Kill Everybody: Security and Survival in a Hyperconnected World. Signature, 16, 24.
    [Google Scholar]
  27. Khan, H., Hengartner, U., & Vogel, D. (2015). Usability and security perceptions of implicit authentication: convenient, secure, sometimes annoying. In Eleventh Symposium on Usable Privacy and Security (SOUPS 2015) (pp. 225-239).
    [Google Scholar]
  28. Singh, S., Cabraal, A., Demosthenous, C., Astbrink, G., & Furlong, M. (2007, April). Password sharing: implications for security design based on social practice. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 895-904).
    [CrossRef]   [Google Scholar]
  29. Tam, L., Glassman, M., & Vandenwauver, M. (2010). The psychology of password management: a tradeoff between security and convenience. Behaviour & Information Technology, 29(3), 233-244.
    [CrossRef]   [Google Scholar]
  30. Thompson, N., McGill, T. J., & Wang, X. (2017). “Security begins at home”: Determinants of home computer and mobile device security behavior. computers & security, 70, 376-391.
    [CrossRef]   [Google Scholar]
  31. Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & management, 49(3-4), 190-198.
    [CrossRef]   [Google Scholar]
  32. Podapati, V. H., Nigam, D., & Das, S. (2025, July). SoK: a systematic review of context-and behavior-aware adaptive authentication in mobile environments. In International Symposium on Human Aspects of Information Security and Assurance (pp. 406-419). Cham: Springer Nature Switzerland.
    [CrossRef]   [Google Scholar]
  33. Zhang, N., Mi, X., Feng, X., Wang, X., Tian, Y., & Qian, F. (2018). Understanding and mitigating the security risks of voice-controlled third-party skills on amazon alexa and google home. arXiv preprint arXiv:1805.01525.
    [Google Scholar]
Cite This Article
APA Style
Vamsi, T. S. G., Yogi, M. K., & Mundru, Y. (2025). From Phishing to Prompt Bombing: Innovative Game-Theoretic Solutions for Modern Cyber Threats. ICCK Transactions on Cybersecurity, 1(2), 35–57. https://doi.org/10.62762/TC.2025.969565
Export Citation
RIS Format
Compatible with EndNote, Zotero, Mendeley, and other reference managers
RIS format data for reference managers
TY  - JOUR
AU  - Vamsi, Tummalapalli Sri Ganesh
AU  - Yogi, Manas Kumar
AU  - Mundru, Yamuna
PY  - 2025
DA  - 2025/12/25
TI  - From Phishing to Prompt Bombing: Innovative Game-Theoretic Solutions for Modern Cyber Threats
JO  - ICCK Transactions on Cybersecurity
T2  - ICCK Transactions on Cybersecurity
JF  - ICCK Transactions on Cybersecurity
VL  - 1
IS  - 2
SP  - 35
EP  - 57
DO  - 10.62762/TC.2025.969565
UR  - https://www.icck.org/article/abs/TC.2025.969565
KW  - game theory
KW  - cybersecurity
KW  - social engineering
KW  - MFA fatigue
KW  - multi-factor authentication
KW  - strategic interaction
KW  - behavioral security
KW  - nash equilibrium
KW  - empirical validation
AB  - The rise of multi-factor authentication (MFA) has significantly enhanced cybersecurity postures, yet its effectiveness is increasingly challenged by sophisticated social engineering attacks, particularly those exploiting MFA fatigue. MFA fatigue, a tactic where attackers inundate users with authentication prompts, aims to induce erroneous approvals, as notably exemplified by the 2022 Uber breach. This phenomenon undermines the very security MFA is designed to provide by leveraging human vulnerabilities. Game theory, a powerful mathematical framework for analyzing strategic decision-making, offers a robust methodology to model the dynamic interactions between attackers and defenders. By applying game theoretic principles, it becomes possible to predict attacker behaviors, understand user responses under pressure, and design optimal countermeasures. This article presents a comprehensive game-theoretic analysis of MFA fatigue attacks, including formal mathematical models, empirical validation through Monte Carlo simulations, and practical implementation frameworks. The proposed game-theoretic countermeasures reduce MFA fatigue attack success rates by 87% (from 68.3% to 8.9%) in simulations, with combined approaches achieving as low as 3.2% (=95% reduction) in some scenarios. The research synthesizes current approaches, provides novel theoretical contributions, and establishes a roadmap for future research in this critical cybersecurity domain.
SN  - 3069-3349
PB  - Institute of Central Computation and Knowledge
LA  - English
ER  -
BibTeX Format
Compatible with LaTeX, BibTeX, and other reference managers
BibTeX format data for LaTeX and reference managers
@article{Vamsi2025From,
  author = {Tummalapalli Sri Ganesh Vamsi and Manas Kumar Yogi and Yamuna Mundru},
  title = {From Phishing to Prompt Bombing: Innovative Game-Theoretic Solutions for Modern Cyber Threats},
  journal = {ICCK Transactions on Cybersecurity},
  year = {2025},
  volume = {1},
  number = {2},
  pages = {35-57},
  doi = {10.62762/TC.2025.969565},
  url = {https://www.icck.org/article/abs/TC.2025.969565},
  abstract = {The rise of multi-factor authentication (MFA) has significantly enhanced cybersecurity postures, yet its effectiveness is increasingly challenged by sophisticated social engineering attacks, particularly those exploiting MFA fatigue. MFA fatigue, a tactic where attackers inundate users with authentication prompts, aims to induce erroneous approvals, as notably exemplified by the 2022 Uber breach. This phenomenon undermines the very security MFA is designed to provide by leveraging human vulnerabilities. Game theory, a powerful mathematical framework for analyzing strategic decision-making, offers a robust methodology to model the dynamic interactions between attackers and defenders. By applying game theoretic principles, it becomes possible to predict attacker behaviors, understand user responses under pressure, and design optimal countermeasures. This article presents a comprehensive game-theoretic analysis of MFA fatigue attacks, including formal mathematical models, empirical validation through Monte Carlo simulations, and practical implementation frameworks. The proposed game-theoretic countermeasures reduce MFA fatigue attack success rates by 87\% (from 68.3\% to 8.9\%) in simulations, with combined approaches achieving as low as 3.2\% (=95\% reduction) in some scenarios. The research synthesizes current approaches, provides novel theoretical contributions, and establishes a roadmap for future research in this critical cybersecurity domain.},
  keywords = {game theory, cybersecurity, social engineering, MFA fatigue, multi-factor authentication, strategic interaction, behavioral security, nash equilibrium, empirical validation},
  issn = {3069-3349},
  publisher = {Institute of Central Computation and Knowledge}
}
Article Metrics
Citations:

Google Scholar
0

Crossref

0

Scopus

0

Web of Science

0
Article Access Statistics:
Views: 213
PDF Downloads: 160
Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and Permissions
Institute of Central Computation and Knowledge (ICCK) or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
ICCK Transactions on Cybersecurity

ICCK Transactions on Cybersecurity

ISSN: 3069-3349 (Online)

Email: [email protected]

Portico

Portico

All published articles are preserved here permanently:
https://www.portico.org/publishers/icck/