![Page 1: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/1.jpg)
A Game Theoretic Model of Strategic Conflict in Cyberspace
Operations Research DepartmentNaval Postgraduate School, Monterey, CA
80th MORS12 June, 2012
Harrison C. SchrammDavid L. Alderson
W. Matthew CarlyleNedialko B. Dimitrov
![Page 2: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/2.jpg)
2
Cyber Conflict - definitions
• Defining characteristic: how weapons in cyberspace (cyber weapons) are discovered, developed, and employed
• Our model is a high-level, strategic look at the problem of Cyber conflict
• Key question: How long should a belligerent in cyber conflict hold
an exploit in development before attacking?
![Page 3: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/3.jpg)
3
Cyber Conflict – Approach
• Cyber conflict may be viewed as a game• Players discover and develop attacks, which
they then exercise at a time of their choosing• Analysis is abstracted away from specific
technologies, systems, and exploits.– Similar to other models of combat.
![Page 4: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/4.jpg)
4
Related Work
• JASON (2010) The Science of Cybersecurity– DOD report, recommends game theory as an analytic
method• Shiva et al (2010) Game theoretic approaches to protect
cyberspace– Presents a taxonomy of game theoretic methods in
cyberspace• Lye & Wing (2002) Game strategies in network security• Shen et al (2007) A Markov game theoretic approach
for cyber situational awareness
![Page 5: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/5.jpg)
5
Cyber munition life-cycle
Discovery
Development
Obsolescence Employment
Adversary Patch
![Page 6: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/6.jpg)
6
Cyber Game Mechanics
• Discovery of Exploit– Game state indexed as , where T is the
age of the game, represents the length of time player i has known the exploit
• Development of Munition– After a player has discovered the exploit, they may
develop the exploit in accordance with some known function,
1 2, ,TS
i
( )i ia
![Page 7: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/7.jpg)
7
Game Mechanics II
• Employment– Once a player has the exploit, he may choose to
use it. His action set is defined as:
• Obsolesce– If either player discovers and patches the exploit
before an attack is executed, all munitions are worthless and the game ends.
ait; the default action if 0:Attack, and end the game.: iW W
A
![Page 8: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/8.jpg)
State Transitions
This state is recurrent until the first
discovery is made
![Page 9: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/9.jpg)
9
Our Analysis
• Zero Sum• Two Players• Identical Systems• One zero-day Exploit• Perfect Information
![Page 10: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/10.jpg)
10
Solving the game relies on building on cases based on knowledge
NoPlayers
One player
Both Players
Solution Hierarchy; solving the case where neither player has the exploit depends on the one-player case, which in turn depends on the case where both players have the exploit.
![Page 11: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/11.jpg)
11
The Base: Both Players know the Exploit
If both players know the exploit, “Attack, Attack” is the optimum solution by iterated elimination of dominated strategies
Player 2 plays: W Player 2 plays: A Player 1 plays: W 1 21, 1, 1V T 2 2a
Player 1 plays: A 1 1a 1 1 2 2a a
We may compute the value of the game for cases where 1 2, ,T 1 20)( ( 0)
![Page 12: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/12.jpg)
State Transitions
This state is recurrent until the first
discovery is made
Not Reachable for optimal players with
perfect knowledge
Absorbing
![Page 13: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/13.jpg)
13
Situation II – One player knows the exploit
• Under what circumstances should Player 1 wait (and possibly gain attack value?
• For monotone functions, this is straightforward, but the general case is solved as well.
Player 2 Plays: Wait Player 1 Plays: Wait Y Player 1 Plays: Attack 1a
We may compute the value of the game for cases where 1 2, ,T 1 20)( ( 0)
![Page 14: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/14.jpg)
State Transitions
Not Reachable
StartingHere
Will Player 2 Reach a better state on the
axis?
Before Player 1 Discovers the
Exploit?
![Page 15: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/15.jpg)
15
The general case – neither player knows the exploit…
1
1 2 1 2
2
1 2 1 2
1
21,
2
1 2 1
02 1
10,1
2 1
1,11 22
)next state is) )
)next state is) )
next state is) )
(1Pr ,1,0(1 (1
(1Pr ,0,1(1 (1
Pr ,1,1 ,(1 (1
p pTp p p p p p
p pTp p p p p p
p pTp p p p p p
1,0 0,1 1,1
1 * *1,0 0 1 0,1 0 2 1
2,1 1 2
,0,0 ,1,0 ,0,1 ,1,1
( ( 1) 1 ,)
V T V T V T V T
v k v k a a
we can compute the value of the game from any state, including ,0,0T
![Page 16: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/16.jpg)
State Transitions
Not Reachable for optimal players with
perfect knowledge
Absorbing
StartingHere
Who wins?
![Page 17: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/17.jpg)
17
Numerical Analysis
![Page 18: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/18.jpg)
Basic CaseIf the players have constant probability of detection, and constant attack value functions, then Player 1 will expect to win if:
ip
)(i ia c
1 1 2 2(1) (1)p a p a
![Page 19: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/19.jpg)
Example IISuppose Players 1 and 2 have attack functions such that:
1
1
2 2 2 2
(0) 0( ) 1 5( ) 5 5
( ) 1
iaaa
a c
.
1 2 3 4 5 6 70.5
1
1.5
2
2.5
3
turns to wait, h
v(h)
, val
ue o
f wai
ting
h tu
rns
Here, we have to compute the optimum number of turns to wait before attacking, which turns out to be 5, matching our intuition
![Page 20: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/20.jpg)
20
Example II – the effect of varying 1p
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1-1
-0.5
0
0.5
1
1.5
2
2.5
p1: Player 1's probability of detection
Val
ue (P
laye
r 1's
poi
nt o
f vie
w)
![Page 21: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/21.jpg)
Example II
1 2 3 4 5 6 71
1.5
2
2.5
3
3.5
4
4.5
5
5.5
6
Holding time,
a1( )
Suppose Players 1 and 2 have attack functions such that:
2 2
1
(1) 1 .3( ) [1,2,3,4,5,3,6]
a pa
Note that since Player 1 has the exploit, Is irrelevant
1p
![Page 22: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/22.jpg)
Example II
1 2 3 4 5 6 7
0.8
1
1.2
1.4
1.6
1.8
2
waiting time, h
Val
ue
Value function associated with example two. We see that the maximum value of occurs at Therefore, in this case, it is not ‘worth it’ to wait.
V 5h
![Page 23: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/23.jpg)
23
Extensions
![Page 24: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/24.jpg)
Waiting Times
• What happens if we introduce non-productive waiting times?– Such as administrative approval chains– Or other reasons
• Conclusion: If you are slow to act, you can make it up (a little bit) by increasing capability in other areas, but only to a point.
![Page 25: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/25.jpg)
State Transitions
Discovers Here
Cannot progress until w time periods pass
![Page 26: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/26.jpg)
Waiting Times
0 1 2 3 4 5 6 7 8 9 10-5
-4.5
-4
-3.5
-3
-2.5
-2
-1.5
-1
-0.5
0
Waiting time, w
Pla
yer 1
's e
xpec
ted
payo
ff
Payoff to Player 1 of an otherwise ‘even’ cyber game, where player 1 is forced to wait w time periods after discovery before any action may be taken.
![Page 27: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/27.jpg)
Waiting Times II
0 1 2 3 4 5 6 7 8 90.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Waiting time, w
Req
uire
d p 1
Player 1’s Required probability of detection, to ‘break even’ as a function of wait time. Note in this scenario that after 9 time periods, perfect detection is required; further advancements are not possible
1p
![Page 28: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/28.jpg)
28
Conclusion
• We present a lexicon and framework for analyzing cyber conflict
• Future work:– Multiple Attacks– Imperfect Information– Incorporating issues outside of cyber (i.e. kinetic)
![Page 29: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/29.jpg)
NPS OR Cyber interest points of contact:
• CDR Harrison Schramm – [email protected]– 831 656 2358
• Professor Matt Carlyle– [email protected]
• Professor Dave Alderson– [email protected]– 831 656 1814
• Professor Ned Dimitrov– [email protected]– 831 656 3647
![Page 30: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/30.jpg)
30
Backup
![Page 31: A Game Theoretic Model of Strategic Conflict in Cyberspace](https://reader036.vdocument.in/reader036/viewer/2022062323/56816689550346895dda455a/html5/thumbnails/31.jpg)
State Transitions