HackAttack: Game-Theoretic Analysis of Realistic Cyber Conflicts

TL;DR

This paper introduces a more realistic game-theoretic model for cyber conflicts that incorporates hidden actions, probabilistic alerting, and resource differences, enabling analysis of complex strategic interactions.

Contribution

It presents the first analysis of a complex, realistic cyber conflict game using multi-step search methods, moving beyond overly simplistic models.

Findings

In high uncertainty, ignoring opponent moves can be optimal.

Simple evaluation functions can produce nuanced strategies.

The model is more representative of real cyber conflicts than previous models.

Abstract

Game theory is appropriate for studying cyber conflict because it allows for an intelligent and goal-driven adversary. Applications of game theory have led to a number of results regarding optimal attack and defense strategies. However, the overwhelming majority of applications explore overly simplistic games, often ones in which each participant's actions are visible to every other participant. These simplifications strip away the fundamental properties of real cyber conflicts: probabilistic alerting, hidden actions, unknown opponent capabilities. In this paper, we demonstrate that it is possible to analyze a more realistic game, one in which different resources have different weaknesses, players have different exploits, and moves occur in secrecy, but they can be detected. Certainly, more advanced and complex games are possible, but the game presented here is more realistic than any other game we know of in the scientific literature. While optimal strategies can be found for simpler games using calculus, case-by-case analysis, or, for stochastic games, Q-learning, our more complex game is more naturally analyzed using the same methods used to study other complex games, such as checkers and chess. We define a simple evaluation function and ploy multi-step searches to create strategies. We show that such scenarios can be analyzed, and find that in cases of extreme uncertainty, it is often better to ignore one's opponent's possible moves. Furthermore, we show that a simple evaluation function in a complex game can lead to interesting and nuanced strategies.