1 / 31

A Game Theoretic Model of Strategic Conflict in Cyberspace

Harrison C. Schramm David L. Alderson W. Matthew Carlyle Nedialko B. Dimitrov. A Game Theoretic Model of Strategic Conflict in Cyberspace. Operations Research Department Naval Postgraduate School, Monterey, CA 80 th MORS 12 June, 2012. Cyber Conflict - definitions.

zaina
Download Presentation

A Game Theoretic Model of Strategic Conflict in Cyberspace

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Harrison C. Schramm David L. Alderson W. Matthew Carlyle Nedialko B. Dimitrov A Game Theoretic Model of Strategic Conflict in Cyberspace Operations Research Department Naval Postgraduate School, Monterey, CA 80th MORS 12 June, 2012

  2. Cyber Conflict - definitions • Defining characteristic: how weapons in cyberspace (cyber weapons) are discovered, developed, and employed • Our model is a high-level, strategic look at the problem of Cyber conflict • Key question: How long should a belligerent in cyber conflict hold an exploit in development before attacking?

  3. Cyber Conflict – Approach • Cyber conflict may be viewed as a game • Players discover and develop attacks, which they then exercise at a time of their choosing • Analysis is abstracted away from specific technologies, systems, and exploits. • Similar to other models of combat.

  4. Related Work • JASON (2010) The Science of Cybersecurity • DOD report, recommends game theory as an analytic method • Shiva et al (2010) Game theoretic approaches to protect cyberspace • Presents a taxonomy of game theoretic methods in cyberspace • Lye & Wing (2002) Game strategies in network security • Shen et al (2007) A Markov game theoretic approach for cyber situational awareness

  5. Cyber munition life-cycle Discovery Development Adversary Patch Employment Obsolescence

  6. Cyber Game Mechanics • Discovery of Exploit • Game state indexed as , where T is the age of the game, represents the length of time player ihas known the exploit • Development of Munition • After a player has discovered the exploit, they may develop the exploit in accordance with some known function,

  7. Game Mechanics II • Employment • Once a player has the exploit, he may choose to use it. His action set is defined as: • Obsolesce • If either player discovers and patches the exploit before an attack is executed, all munitions are worthless and the game ends.

  8. State Transitions This state is recurrent until the first discovery is made

  9. Our Analysis • Zero Sum • Two Players • Identical Systems • One zero-day Exploit • Perfect Information

  10. Solving the game relies on building on cases based on knowledge Solution Hierarchy; solving the case where neither player has the exploit depends on the one-player case, which in turn depends on the case where both players have the exploit.

  11. The Base: Both Players know the Exploit If both players know the exploit, “Attack, Attack” is the optimum solution by iterated elimination of dominated strategies • We may compute the value of the game for cases • where

  12. State Transitions Not Reachable for optimal players with perfect knowledge Absorbing This state is recurrent until the first discovery is made

  13. Situation II – One player knows the exploit • Under what circumstances should Player 1 wait (and possibly gain attack value? • For monotone functions, this is straightforward, but the general case is solved as well. • We may compute the value of the game for cases • where

  14. State Transitions Will Player 2 Reach a better state on the axis? Before Player 1 Discovers the Exploit? Not Reachable Starting Here

  15. The general case – neither player knows the exploit… • we can compute the value of the game from any state, including

  16. State Transitions Not Reachable for optimal players with perfect knowledge Absorbing Starting Here Who wins?

  17. Numerical Analysis

  18. Basic Case If the players have constant probability of detection, and constant attack value functions, then Player 1 will expect to win if:

  19. Example II . • Suppose Players 1 and 2 have attack functions such that: • Here, we have to compute the optimum number of turns to wait before attacking, which turns out to be 5, matching our intuition

  20. Example II – the effect of varying

  21. Example II • Suppose Players 1 and 2 have attack functions such that: Note that since Player 1 has the exploit, Is irrelevant

  22. Example II Value function associated with example two. We see that the maximum value of occurs at Therefore, in this case, it is not ‘worth it’ to wait.

  23. Extensions

  24. Waiting Times • What happens if we introduce non-productive waiting times? • Such as administrative approval chains • Or other reasons • Conclusion: If you are slow to act, you can make it up (a little bit) by increasing capability in other areas, but only to a point.

  25. State Transitions Cannot progress until w time periods pass Discovers Here

  26. Waiting Times Payoff to Player 1 of an otherwise ‘even’ cyber game, where player 1 is forced to wait w time periods after discovery before any action may be taken.

  27. Waiting Times II Player 1’s Required probability of detection, to ‘break even’ as a function of wait time. Note in this scenario that after 9 time periods, perfect detection is required; further advancements are not possible

  28. Conclusion • We present a lexicon and framework for analyzing cyber conflict • Future work: • Multiple Attacks • Imperfect Information • Incorporating issues outside of cyber (i.e. kinetic)

  29. NPS OR Cyber interest points of contact: • CDR Harrison Schramm • hcschram@nps.edu • 831 656 2358 • Professor Matt Carlyle • mcarlyle@nps.edu • Professor Dave Alderson • dalders@nps.edu • 831 656 1814 • Professor Ned Dimitrov • ndimitrov@nps.edu • 831 656 3647

  30. Backup

  31. State Transitions

More Related