CyGATE: Game-Theoretic Cyber Attack-Defense Engine for Patch Strategy Optimization

TL;DR

CyGATE introduces a game-theoretic framework utilizing LLMs and RAG to dynamically model attacker-defender interactions, improving patch prioritization under uncertainty in cyber defense scenarios.

Contribution

The paper presents CyGATE, a novel, adaptable game-theoretic framework that integrates LLMs with RAG for real-time threat intelligence and dynamic patch strategy optimization.

Findings

Effectively prioritizes high-risk vulnerabilities in dynamic scenarios

Enhances adaptability through real-time threat integration

Optimizes resource use in patch scheduling

Abstract

Modern cyber attacks unfold through multiple stages, requiring defenders to dynamically prioritize mitigations under uncertainty. While game-theoretic models capture attacker-defender interactions, existing approaches often rely on static assumptions and lack integration with real-time threat intelligence, limiting their adaptability. This paper presents CyGATE, a game-theoretic framework modeling attacker-defender interactions, using large language models (LLMs) with retrieval-augmented generation (RAG) to enhance tactic selection and patch prioritization. Applied to a two-agent scenario, CyGATE frames cyber conflicts as a partially observable stochastic game (POSG) across Cyber Kill Chain stages. Both agents use belief states to navigate uncertainty, with the attacker adapting tactics and the defender re-prioritizing patches based on evolving risks and observed adversary behavior. The framework's flexible architecture enables extension to multi-agent scenarios involving coordinated attackers, collaborative defenders, or complex enterprise environments with multiple stakeholders. Evaluated in a dynamic patch scheduling scenario, CyGATE effectively prioritizes high-risk vulnerabilities, enhancing adaptability through dynamic threat integration, strategic foresight by anticipating attacker moves under uncertainty, and efficiency by optimizing resource use.