Introduction
Ever wonder how cyber attacks are planned and executed against the world’s largest companies? It’s not as simple as a genius 15-year old hacking into a company’s infrastructure within an hour. There are constant small targeted attacks against networks which may succeed or fail, depending on how well IT Engineers have secured their networks. It should be noted that this isn’t a one-sided attack either, network defenders are actually required to spend more time and resources to protect their infrastructure. Unlike real-life security attacks, let’s examine cyber attacks as a game between attackers and defenders!
Who’s playing?
To keep things simple, let’s introduce two players:
- The Hacker
- The Defender
Who has the upper hand?
Before even getting into the game and analyzing the various strategies that can be played, let’s evaluate who’s in the driving seat before any moves are made.
Clearly, attackers have an advantage to begin with. They can continuously attack without being at risk of destroying their own systems. Defenders? It’s a little different since if an attacker gets through, they will face losses in the millions – they don’t have a second chance. Attackers can keep digging and keep threatening until they ultimately succeed.
Defenders will also run through tons of resources to keep their systems protected. Attackers will use minimal resources on each attack until they hit the jackpot.
Strategies & Payoffs
The most basic strategies involve the hackers attacking some specific range of ports, while the defender also defends some specific range of ports. Let’s imagine there’s only 2 ranges of ports that are vulnerable – Range A and Range B.
In an example scenario, the hacker could be attacking Range A, while the defender is protecting Range B. In this case, the attacker ends up with the higher payoff, while the defender ends up with a negative payoff (losing). Another scenario is if the hacker attacks Range B and the defender is also defending Range B. In this case, the defender gets a higher payoff, while the attacker gains nothing.
To make strategies more interesting and flatten the playing field, let’s add the ability for the defender to let a range of ports only hold useless and insensitive data. If the hacker gets this data, it will be of no use to him!
Now, the defender can use this technique to potentially create a dominant strategy, where they can have a “fake” port range and also secure the other port range. Although, taking this safe route will lead to a smaller payoff due to the extra resources required.
Other Possible Twists
Note: Some of the following twists would require different background logic relating to the game described above (i.e. increasing number of ports, …).
- Giving the hacker the ability to pretend to attack a port range, while he’s really attacking a different range.
- The hacker creates a bot which automates attacking different ports at the same time.
- The defender can reflect malware back to the attacker’s machine.
- …..
All of the mentioned twists would lead to a plethora of new strategies, new payoffs, and equilibriums!
Conclusion
After running through a couple different strategies, there are so many more strategies that can be explored by giving hackers and defenders new abilities with new payoffs.
References
“Fighting Cyber Attacks with Game Theory.” Threatpost English Global Threatpostcom, https://threatpost.com/trapx-fighting-cyber-attacks-with-game-theory/156545/.