Quantifying mixed uncertainties in cyber attacker payoffs

Representation and propagation of uncertainty in cyber attacker payoffs is a key aspect of security games. Past research has primarily focused on representing the defender's beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and intervals. Within cyber-settings, continuous probability distributions may still be appropriate for addressing statistical (aleatory) uncertainties where the defender may assume that the attacker's payoffs differ over time. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker's payoff generation mechanism. Such epistemic uncertainties are more suitably represented as probability boxes with intervals. In this study, we explore the mathematical treatment of such mixed payoff uncertainties.

[1]  Salim Hariri,et al.  Game Theory Based Network Security , 2010, J. Information Security.

[2]  Milind Tambe,et al.  Approximation methods for infinite Bayesian Stackelberg games: modeling distributional payoff uncertainty , 2011, AAMAS.

[3]  Milind Tambe,et al.  A unified method for handling discrete and continuous uncertainty in Bayesian Stackelberg games , 2012, AAMAS.

[4]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[5]  Bo An,et al.  Regret-Based Optimization and Preference Elicitation for Stackelberg Security Games with Uncertainty , 2014, AAAI.

[6]  Milind Tambe,et al.  Stop the compartmentalization: unified robust algorithms for handling uncertainties in security games , 2014, AAMAS.

[7]  Vladik Kreinovich,et al.  Security games with interval uncertainty , 2013, AAMAS.

[8]  Mahantesh Halappanavar,et al.  Towards a theory of autonomous reconstitution of compromised cyber-systems , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[9]  Sushil Jajodia,et al.  Advances in Topological Vulnerability Analysis , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[10]  Milind Tambe,et al.  Robust Bayesian methods for Stackelberg security games , 2010, AAMAS.

[11]  Yevgeniy Vorobeychik,et al.  Optimal interdiction of attack plans , 2013, AAMAS.

[12]  Yevgeniy Vorobeychik,et al.  Securing interdependent assets , 2012, Autonomous Agents and Multi-Agent Systems.

[13]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[14]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[15]  Yang Xiao,et al.  Game Theory for Network Security , 2013, IEEE Communications Surveys & Tutorials.