A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system stat...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:National Cybersecurity Institute journal 2015-12, Vol.2 (3)
Hauptverfasser: Chatterjee, Samrat, Tipireddy, Ramakrishna, Oster, Matthew R., Halappanavar, Mahantesh
Format: Artikel
Sprache:eng
Schlagworte:
cyber attacker payoffs
uncertainties
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue 3
container_start_page
container_title National Cybersecurity Institute journal
container_volume 2
creator Chatterjee, Samrat
Tipireddy, Ramakrishna
Oster, Matthew R.
Halappanavar, Mahantesh
description Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may help address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.
format Article
fullrecord <record><control><sourceid>osti</sourceid><recordid>TN_cdi_osti_scitechconnect_1236918</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1236918</sourcerecordid><originalsourceid>FETCH-osti_scitechconnect_12369183</originalsourceid><addsrcrecordid>eNqNjUELgjAYhkcUJOV_-OguqDO1o0jSJTAoOspcW31pG2yL8t_noUPHTs_DwwvvhHgxpTTIojyZ_vic-NbewzCMkjRdh5lHzgXURresxR6tQw6VYQ_x0qYDqQ0cnkw5lAOqK-zxLS5wUlwYx3DMwgIqKIdWGCicY7wbpWaDltIuyUyy3gr_ywVZVdtjuQv0-NJYjk7wG9dKCe6aKKbpJsrpX6MPb8dDfg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Chatterjee, Samrat ; Tipireddy, Ramakrishna ; Oster, Matthew R. ; Halappanavar, Mahantesh</creator><creatorcontrib>Chatterjee, Samrat ; Tipireddy, Ramakrishna ; Oster, Matthew R. ; Halappanavar, Mahantesh ; Pacific Northwest National Lab. (PNNL), Richland, WA (United States)</creatorcontrib><description>Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may help address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.</description><identifier>ISSN: 2333-7184</identifier><identifier>EISSN: 2333-7184</identifier><language>eng</language><publisher>United States</publisher><subject>cyber attacker payoffs ; uncertainties</subject><ispartof>National Cybersecurity Institute journal, 2015-12, Vol.2 (3)</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,314,778,782,883</link.rule.ids><backlink>$$Uhttps://www.osti.gov/biblio/1236918$$D View this record in Osti.gov$$Hfree_for_read</backlink></links><search><creatorcontrib>Chatterjee, Samrat</creatorcontrib><creatorcontrib>Tipireddy, Ramakrishna</creatorcontrib><creatorcontrib>Oster, Matthew R.</creatorcontrib><creatorcontrib>Halappanavar, Mahantesh</creatorcontrib><creatorcontrib>Pacific Northwest National Lab. (PNNL), Richland, WA (United States)</creatorcontrib><title>A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs</title><title>National Cybersecurity Institute journal</title><description>Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may help address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.</description><subject>cyber attacker payoffs</subject><subject>uncertainties</subject><issn>2333-7184</issn><issn>2333-7184</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><recordid>eNqNjUELgjAYhkcUJOV_-OguqDO1o0jSJTAoOspcW31pG2yL8t_noUPHTs_DwwvvhHgxpTTIojyZ_vic-NbewzCMkjRdh5lHzgXURresxR6tQw6VYQ_x0qYDqQ0cnkw5lAOqK-zxLS5wUlwYx3DMwgIqKIdWGCicY7wbpWaDltIuyUyy3gr_ywVZVdtjuQv0-NJYjk7wG9dKCe6aKKbpJsrpX6MPb8dDfg</recordid><startdate>20151228</startdate><enddate>20151228</enddate><creator>Chatterjee, Samrat</creator><creator>Tipireddy, Ramakrishna</creator><creator>Oster, Matthew R.</creator><creator>Halappanavar, Mahantesh</creator><scope>OTOTI</scope></search><sort><creationdate>20151228</creationdate><title>A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs</title><author>Chatterjee, Samrat ; Tipireddy, Ramakrishna ; Oster, Matthew R. ; Halappanavar, Mahantesh</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-osti_scitechconnect_12369183</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>cyber attacker payoffs</topic><topic>uncertainties</topic><toplevel>online_resources</toplevel><creatorcontrib>Chatterjee, Samrat</creatorcontrib><creatorcontrib>Tipireddy, Ramakrishna</creatorcontrib><creatorcontrib>Oster, Matthew R.</creatorcontrib><creatorcontrib>Halappanavar, Mahantesh</creatorcontrib><creatorcontrib>Pacific Northwest National Lab. (PNNL), Richland, WA (United States)</creatorcontrib><collection>OSTI.GOV</collection><jtitle>National Cybersecurity Institute journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Chatterjee, Samrat</au><au>Tipireddy, Ramakrishna</au><au>Oster, Matthew R.</au><au>Halappanavar, Mahantesh</au><aucorp>Pacific Northwest National Lab. (PNNL), Richland, WA (United States)</aucorp><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs</atitle><jtitle>National Cybersecurity Institute journal</jtitle><date>2015-12-28</date><risdate>2015</risdate><volume>2</volume><issue>3</issue><issn>2333-7184</issn><eissn>2333-7184</eissn><abstract>Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may help address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.</abstract><cop>United States</cop></addata></record>
fulltext fulltext
identifier ISSN: 2333-7184
ispartof National Cybersecurity Institute journal, 2015-12, Vol.2 (3)
issn 2333-7184
2333-7184
language eng
recordid cdi_osti_scitechconnect_1236918
source Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects cyber attacker payoffs
uncertainties
title A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T20%3A07%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-osti&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Probabilistic%20Framework%20for%20Quantifying%20Mixed%20Uncertainties%20in%20Cyber%20Attacker%20Payoffs&rft.jtitle=National%20Cybersecurity%20Institute%20journal&rft.au=Chatterjee,%20Samrat&rft.aucorp=Pacific%20Northwest%20National%20Lab.%20(PNNL),%20Richland,%20WA%20(United%20States)&rft.date=2015-12-28&rft.volume=2&rft.issue=3&rft.issn=2333-7184&rft.eissn=2333-7184&rft_id=info:doi/&rft_dat=%3Costi%3E1236918%3C/osti%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true