Related papers: CyGym: A Simulation-Based Game-Theoretic Analysis Framework for Cybersecurity

CyGym: A Simulation-Based Game-Theoretic Analysis Framework for Cybersecurity

URL: http://arxiv.org/abs/2506.21688v2
Date: Tue, 05 Aug 2025 16:32:57 GMT
Title: CyGym: A Simulation-Based Game-Theoretic Analysis Framework for Cybersecurity
Authors: Michael Lanier, Yevgeniy Vorobeychik,
Abstract summary: We introduce a novel cybersecurity encounter simulator between a network defender and an attacker.<n>Our simulator, built within the OpenAI Gym framework, incorporates realistic network topologies, vulnerabilities, exploits (including-zero-days) and defensive mechanisms.<n>We use our simulator and associated game-theoretic framework to analyze the Volt Typhoon advanced persistent threat (APT)
Score: 23.264130153035794
License: http://creativecommons.org/licenses/by/4.0/
Abstract: We introduce a novel cybersecurity encounter simulator between a network defender and an attacker designed to facilitate game-theoretic modeling and analysis while maintaining many significant features of real cyber defense. Our simulator, built within the OpenAI Gym framework, incorporates realistic network topologies, vulnerabilities, exploits (including-zero-days), and defensive mechanisms. Additionally, we provide a formal simulation-based game-theoretic model of cyberdefense using this simulator, which features a novel approach to modeling zero-days exploits, and a PSRO-style approach for approximately computing equilibria in this game. We use our simulator and associated game-theoretic framework to analyze the Volt Typhoon advanced persistent threat (APT). Volt Typhoon represents a sophisticated cyber attack strategy employed by state-sponsored actors, characterized by stealthy, prolonged infiltration and exploitation of network vulnerabilities. Our experimental results demonstrate the efficacy of game-theoretic strategies in understanding network resilience against APTs and zero-days, such as Volt Typhoon, providing valuable insight into optimal defensive posture and proactive threat mitigation.

Related papers

Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform empowered by Security Chaos Engineering (SCE) [1.055551340663609]
Security Chaos Engineering (SCE) allows teams to test defenses and identify vulnerabilities effectively.<n>This paper proposes to integrate SCE into Breach Attack Simulation platforms, leveraging adversary profiles and abilities from existing threat intelligence databases.
arXiv Detail & Related papers (2025-08-05T19:52:57Z)
CyGATE: Game-Theoretic Cyber Attack-Defense Engine for Patch Strategy Optimization [73.13843039509386]
This paper presents CyGATE, a game-theoretic framework modeling attacker-defender interactions.<n>CyGATE frames cyber conflicts as a partially observable game (POSG) across Cyber Kill Chain stages.<n>The framework's flexible architecture enables extension to multi-agent scenarios.
arXiv Detail & Related papers (2025-08-01T09:53:06Z)
A Survey on Model Extraction Attacks and Defenses for Large Language Models [55.60375624503877]
Model extraction attacks pose significant security threats to deployed language models.<n>This survey provides a comprehensive taxonomy of extraction attacks and defenses, categorizing attacks into functionality extraction, training data extraction, and prompt-targeted attacks.<n>We examine defense mechanisms organized into model protection, data privacy protection, and prompt-targeted strategies, evaluating their effectiveness across different deployment scenarios.
arXiv Detail & Related papers (2025-06-26T22:02:01Z)
MISLEADER: Defending against Model Extraction with Ensembles of Distilled Models [56.09354775405601]
Model extraction attacks aim to replicate the functionality of a black-box model through query access.<n>Most existing defenses presume that attacker queries have out-of-distribution (OOD) samples, enabling them to detect and disrupt suspicious inputs.<n>We propose MISLEADER, a novel defense strategy that does not rely on OOD assumptions.
arXiv Detail & Related papers (2025-06-03T01:37:09Z)
Co-evolutionary Dynamics of Attack and Defence in Cybersecurity [7.949437760740007]
This study uses an Evolutionary Game Theory framework to investigate the evolutionary dynamics of attacks and defences in cyberspace.<n>We find that systems with high defence intensities show stability with minimal attack frequencies, whereas low-defence environments show instability, and are vulnerable to attacks.<n>Our analysis suggests that adaptive cybersecurity strategies based on EGT can improve resource allocation, enhance system resilience, and reduce the overall risk of cyberattacks.
arXiv Detail & Related papers (2025-05-25T22:11:24Z)
Quantitative Resilience Modeling for Autonomous Cyber Defense [7.6078202493877205]
Cyber resilience is the ability of a system to recover from an attack with minimal impact on system operations.<n>There are no formal definitions of resilience applicable to diverse network topologies and attack patterns.<n>We propose a quantifiable formulation of resilience that considers multiple defender operational goals.
arXiv Detail & Related papers (2025-03-04T16:52:25Z)
A Survey of Model Extraction Attacks and Defenses in Distributed Computing Environments [55.60375624503877]
Model Extraction Attacks (MEAs) threaten modern machine learning systems by enabling adversaries to steal models, exposing intellectual property and training data.<n>This survey is motivated by the urgent need to understand how the unique characteristics of cloud, edge, and federated deployments shape attack vectors and defense requirements.<n>We systematically examine the evolution of attack methodologies and defense mechanisms across these environments, demonstrating how environmental factors influence security strategies in critical sectors such as autonomous vehicles, healthcare, and financial services.
arXiv Detail & Related papers (2025-02-22T03:46:50Z)
Siren -- Advancing Cybersecurity through Deception and Adaptive Analysis [0.0]
This project employs sophisticated methods to lure potential threats into controlled environments.<n>The architectural framework includes a link monitoring proxy, a purpose-built machine learning model for dynamic link analysis.<n>The incorporation of simulated user activity extends the system's capacity to capture and learn from potential attackers.
arXiv Detail & Related papers (2024-06-10T12:47:49Z)
Designing an attack-defense game: how to increase robustness of financial transaction models via a competition [69.08339915577206]
Given the escalating risks of malicious attacks in the finance sector, understanding adversarial strategies and robust defense mechanisms for machine learning models is critical. We aim to investigate the current state and dynamics of adversarial attacks and defenses for neural network models that use sequential financial data as the input. We have designed a competition that allows realistic and detailed investigation of problems in modern financial transaction data. The participants compete directly against each other, so possible attacks and defenses are examined in close-to-real-life conditions.
arXiv Detail & Related papers (2023-08-22T12:53:09Z)
The Critical Node Game [7.392707962173127]
We introduce a game-theoretic model that assesses the cyber-security risk of cloud networks. Our approach aims to minimize the unexpected network disruptions caused by malicious cyber-attacks under uncertainty.
arXiv Detail & Related papers (2023-03-10T14:48:32Z)
Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS [70.60975663021952]
We study blackbox adversarial attacks on network classifiers. We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions. We show that a continual learning approach is required to study attacker-defender dynamics.
arXiv Detail & Related papers (2021-11-23T23:42:16Z)
Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial Robustness [53.094682754683255]
We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically. Our method learns the in adversarial attacks parameterized by a recurrent neural network. We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
arXiv Detail & Related papers (2021-10-13T13:54:24Z)

This list is automatically generated from the titles and abstracts of the papers in this site.