Loading…
RVAsec 2018 has ended
View analytic
Friday, June 8 • 1:00pm - 1:50pm
A Game Theoretic Model of Computer Network Exploitation Campaigns

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Increasingly, cyberspace is the battlefield of choice for twenty first century criminal activity and foreign conflict. This suggests that traditional modeling and simulation approaches have stalled in the information security domain. We propose a game theoretic model based on a multistage model of computer network exploitation (CNE) campaigns comprising reconnaissance, tooling, implant, lateral movement, exfiltration and cleanup stages. In each round of the game, the attacker chooses whether to proceed with the next stage of the campaign, nature decides whether the defender is cognizant of the campaign’s progression, and the defender chooses to respond in an active or passive fashion. We propose a dynamic, asymmetric, complete-information, general-sum game to model CNE campaigns and techniques to estimate this game’s parameters. Researchers can extend this work to other threat models, and practitioners can use this work for decision support.

Speakers
avatar for Robert Mitchell

Robert Mitchell

Member of Technical Staff, MITRE
Dr. Robert Mitchell is currently a member of technical staff at Sandia National Laboratories. He received the Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 12 years of industry experience, having worked previously at Boeing... Read More →


Friday June 8, 2018 1:00pm - 1:50pm
Ballroom