Optimizing defense–attack strategies in dynamic, resource-constrained networks remains challenging due to interdependent node vulnerabilities, heterogeneous attack vectors, and budget limitations. Method: This paper proposes the first non-zero-sum game-theoretic model for such settings, integrating node criticality, attack success probability, defense cost, and honeypot deployment overhead into a multi-factor weighted payoff function; Nash equilibrium is computed to derive optimal defense policies. Contribution/Results: We uncover a novel mechanism—network scale expansion dilutes attacker efficacy and improves defender payoff—contrary to conventional assumptions of diminishing returns. Large-scale simulations demonstrate that high-probability, low-cost attacks (e.g., phishing, social engineering) dominate adversarial behavior and thus warrant prioritized mitigation. Furthermore, defender expenditure scales sublinearly with network size, validating the model’s strong scalability and operational effectiveness in real-world deployments.

In the contemporary digital landscape, cybersecurity has become a critical issue due to the increasing frequency and sophistication of cyber attacks. This study utilizes a non-zero-sum game theoretical framework to model the strategic interactions between cyber attackers and defenders, with the objective of identifying optimal strategies for both. By defining precise payoff functions that incorporate the probabilities and costs associated with various exploits, as well as the values of network nodes and the costs of deploying honeypots, we derive Nash equilibria that inform strategic decisions. The proposed model is validated through extensive simulations, demonstrating its effectiveness in enhancing network security. Our results indicate that high-probability, low-cost exploits like Phishing and Social Engineering are more likely to be used by attackers, necessitating prioritized defense mechanisms. Our findings also show that increasing the number of network nodes dilutes the attacker's efforts, thereby improving the defender's payoff. This study provides valuable insights into optimizing resource allocation for cybersecurity and highlights the scalability and practical applicability of the game-theoretic approach.