Multistage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis

<div>Portion of Bayesian attack graph for testbed network of Poolsappasit et al. [<a href="/journals/scn/2018/2864873/#B29">18</a>]. The node with exploits connected by an arc is <span class="nowrap"><svg height="7.30254pt" id="M59" style="vertical-align:-0.04981995pt" version="1.1" viewbox="-0.0498162 -7.25272 7.75925 7.30254" width="7.75925pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M574 0L325 548H263L14 0H76L293 479H295L512 0H574Z"></path></g></svg>-</span>type; the rest are <span class="nowrap"><svg height="7.30254pt" id="M60" style="vertical-align:-0.04981995pt" version="1.1" viewbox="-0.0498162 -7.25272 7.75925 7.30254" width="7.75925pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M574 548H512L295 69H293L76 548H14L263 0H325L574 548Z"></path></g></svg>-</span>type. Dotted edges indicate excluded portions of the graph. In this graph portion, there are four nodes representing system vulnerabilities and access privileges. The attacker can exploit the heap corruption in OpenSSH at the gateway server to obtain root access privileges. Then the attacker can exploit root access privileges at the gateway server and the network topology leakage at the mail server to cause the stack BOF in the MS SMV service of the admin machine.</div>

Security and Communication Networks

fig1

Figure 1

Figure 1: Multistage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis 