Automated techniques and tools for finding, exploiting and patching vulnerabilities are maturing. In order to achieve an end goal such as winning a cyber-battle, these techniques and tools must be wielded strategically. Currently, strategy development in cyber – even with automated tools – is done manually, and is a bottleneck in practice. In this paper, we apply game theory toward the augmentation of the human decision-making process.
Our work makes two novel contributions. First, previous work is limited by strong assumptions regarding the number of actors, actions, and choices in cyber-warfare. We develop a novel model of cyber-warfare that is more comprehensive than previous work, removing these limitations in the process. Second, we present an algorithm for calculating the optimal strategy of the players in our model. We show that our model is capable of finding better solutions than previous work within seconds, making computer- time strategic reasoning a reality. We also provide new insights, compared to previous models, on the impact of optimal strategies.
Tiffany Bao is a Ph.D. student in CyLab advised by Professor David Brumley. Her research interest is cyber autonomy, which includes both binary analysis technique and game-theoretic strategy for computer security. She completed her B.S. in Computer Science at Peking University, China.
This is a practice talk for CSF 2017.