Dr. Robert Mitchell is currently a member of technical staff at MITRE. He received the Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 13 years of industry experience, having worked previously at Sandia National Laboratories, Boeing, BAE Systems, Raytheon and Nokia. His research interests include game theory, linkography, moving target defense, computer network operations, network security, intrusion detection and cyber physical systems. Robert has published 25 peer reviewed articles.
A Game Theoretic Model of Computer Network Exploitation Campaigns
Increasingly, cyberspace is the battlefield of choice for twenty first century criminal activity and foreign conflict. This suggests that traditional modeling and simulation approaches have stalled in the information security domain. We propose a game theoretic model based on a multistage model of computer network exploitation (CNE) campaigns comprising reconnaissance, tooling, implant, lateral movement, exfiltration
and cleanup stages. In each round of the game, the attacker chooses whether to proceed with the next stage of the campaign, nature decides whether the defender is cognizant of the campaign’s progression, and the defender chooses to respond in an active or passive fashion. We propose a dynamic, asymmetric, complete-information, general-sum game to model CNE campaigns and techniques to estimate this game’s parameters. Researchers can extend this work to other threat models, and practitioners can use this work for decision support.
Come see Robert at RVAsec. Register Now.