Files and links (1)
Preprint (Author's original)arXiv.org - Non-exclusive license to distribute, Open
Preprint
Simulation of Attacker Defender Interaction in a Noisy Security Game
08 Dec 2022
Abstract
In the cybersecurity setting, defenders are often at the mercy of their
detection technologies and subject to the information and experiences that
individual analysts have. In order to give defenders an advantage, it is
important to understand an attacker's motivation and their likely next best
action. As a first step in modeling this behavior, we introduce a security game
framework that simulates interplay between attackers and defenders in a noisy
environment, focusing on the factors that drive decision making for attackers
and defenders in the variants of the game with full knowledge and
observability, knowledge of the parameters but no observability of the state
(``partial knowledge''), and zero knowledge or observability (``zero
knowledge''). We demonstrate the importance of making the right assumptions
about attackers, given significant differences in outcomes. Furthermore, there
is a measurable trade-off between false-positives and true-positives in terms
of attacker outcomes, suggesting that a more false-positive prone environment
may be acceptable under conditions where true-positives are also higher.
Metrics
12 Record Views
Details
- Title
- Simulation of Attacker Defender Interaction in a Noisy Security Game
- Creators
- Erick GalinkinEmmanouil PountourakisJohn CarterSpiros Mancoridis
- Resource Type
- Preprint
- Language
- English
- Academic Unit
- Computer Science
- Other Identifier
- 991020598760804721