We propose a method using game-theoretic security models and attack graphs to estimate zero-day exploit risks. Our approach predicts risk increases over time or under a presumed “dark count” of unknown exploits without speculating on their specifics. The method models a game where the defender has a limited view of the attacker’s full action space, simulating zero-day scenarios. This avoids unreliable guessing of potential attacks and focuses on the attacker’s knowledge advantage relative to the defender. The approach is generic, requiring only mild computability conditions, and is demonstrated using a prior game-theoretic model applied to industrial robotics case studies, but not limited to such applications (in fact agnostic of the use-case).

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

(Poster) Zero-Day Risk Estimation Using Security Games

  • Stefan Rass,
  • Beniamin Radomir Jablonski,
  • Víctor Mayoral-Vilches

摘要

We propose a method using game-theoretic security models and attack graphs to estimate zero-day exploit risks. Our approach predicts risk increases over time or under a presumed “dark count” of unknown exploits without speculating on their specifics. The method models a game where the defender has a limited view of the attacker’s full action space, simulating zero-day scenarios. This avoids unreliable guessing of potential attacks and focuses on the attacker’s knowledge advantage relative to the defender. The approach is generic, requiring only mild computability conditions, and is demonstrated using a prior game-theoretic model applied to industrial robotics case studies, but not limited to such applications (in fact agnostic of the use-case).