Affiliation:
1. Pennsylvania State University, University Park, PA
2. Monmouth University, West Long Branch, NJ
Abstract
Although the ability to model and infer attacker intent, objectives, and strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this paper, we present a general incentive-based method to model AIOS and a game-theoretic approach to inferring AIOS. On one hand, we found that the concept of incentives can unify a large variety of attacker intents; the concept of utilities can integrate incentives and costs in such a way that attacker objectives can be practically modeled. On the other hand, we developed a game-theoretic AIOS formalization which can capture the inherent interdependency between AIOS and defender objectives and strategies in such a way that AIOS can be automatically inferred. Finally, we use a specific case study to show how attack strategies can be inferred in real-world attack--defense scenarios.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference34 articles.
1. C4I defensive infrastructure for survivability against multi-mode attacks
2. Burke D. 1999. Towards a Game Theory Model of Information Warfare. Tech. rep. Air force Institute of Technology. Master's Thesis. Burke D. 1999. Towards a Game Theory Model of Information Warfare. Tech. rep. Air force Institute of Technology. Master's Thesis.
3. Multipart pricing of public goods
4. Conitzer V. and Sandholm T. 2002. . . . . . . . . . . . . . . . Carnegie Mellon University. CMU-CS-02-135. Conitzer V. and Sandholm T. 2002. Complexity Results About Nash Equilibria. Tech. rep. Carnegie Mellon University. CMU-CS-02-135.
Cited by
96 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献