Toward a Theory of Cyber Attacks

TL;DR

This paper introduces a formal framework using Markov models to analyze defender-attacker interactions, providing rigorous security guarantees and insights into defense strategies' effectiveness over time.

Contribution

It develops a general methodology for modeling cyber attack games with Markov models and introduces a capacity region for analyzing strategic impacts on security.

Findings

Provides conditions for probabilistic attack success bounds

Defines a containment parameter for attack impact within time windows

Offers insights into defense learning rates and attack containment

Abstract

We provide a general methodology for analyzing defender-attacker based "games" in which we model such games as Markov models and introduce a capacity region to analyze how defensive and adversarial strategies impact security. Such a framework allows us to analyze under what kind of conditions we can prove statements (about an attack objective $k$) of the form "if the attacker has a time budget $T_{bud}$, then the probability that the attacker can reach an attack objective $\geq k$ is at most $poly(T_{bud})negl(k)$". We are interested in such rigorous cryptographic security guarantees (that describe worst-case guarantees) as these shed light on the requirements of a defender's strategy for preventing more and more the progress of an attack, in terms of the "learning rate" of a defender's strategy. We explain the damage an attacker can achieve by a "containment parameter" describing the maximally reached attack objective within a specific time window.