Data Driven Game Theoretic Cyber Threat Mitigation
Abstract
Penetration testing is regarded as the gold-standard for understanding how well an organization can withstand sophisticated cyber-attacks. However, the recent prevalence of markets specializing in zero-day exploits on the darknet make exploits widely available to potential attackers. The cost associated with these sophisticated kits generally precludes penetration testers from simply obtaining such exploits – so an alternative approach is needed to understand what exploits an attacker will most likely purchase and how to defend against them. In this paper, we introduce a data-driven security game framework to model an attacker and provide policy recommendations to the defender. In addition to providing a formal framework and algorithms to develop strategies, we present experimental results from applying our framework, for various system configurations, on realworld exploit market data actively mined from the darknet.
Cite
Text
Robertson et al. "Data Driven Game Theoretic Cyber Threat Mitigation." AAAI Conference on Artificial Intelligence, 2016. doi:10.1609/AAAI.V30I2.19082Markdown
[Robertson et al. "Data Driven Game Theoretic Cyber Threat Mitigation." AAAI Conference on Artificial Intelligence, 2016.](https://mlanthology.org/aaai/2016/robertson2016aaai-data/) doi:10.1609/AAAI.V30I2.19082BibTeX
@inproceedings{robertson2016aaai-data,
title = {{Data Driven Game Theoretic Cyber Threat Mitigation}},
author = {Robertson, John and Paliath, Vivin and Shakarian, Jana and Thart, Amanda and Shakarian, Paulo},
booktitle = {AAAI Conference on Artificial Intelligence},
year = {2016},
pages = {4041-4046},
doi = {10.1609/AAAI.V30I2.19082},
url = {https://mlanthology.org/aaai/2016/robertson2016aaai-data/}
}