Towards Modelling Adaptive Attacker's Behaviour

Leanid Krautsevich (University of Pisa, Italy); Fabio Martinelli and Artsiom Yautsiukhin (Consiglio Nazionale delle Ricerche, Italy)

Most of the current models of an attacker for a computer system assume that the adversary has a complete knowledge of a system. Although, such vision is helpful for searching for weak places in the defence of the security of the system, such model does not describe the reality well enough. In practice, attackers have very limited amount of knowledge about a system and often do mistakes while attacking it. Therefore, such models cannot be used for assessment of the real security risks and should be updated. We aim at the model for the behaviour of an attacker. The model takes into account the uncertain knowledge of the attacker about the system. In addition, the attacker in our model tries different attack paths in case of a failure. Our mathematical model is based on Markov Decision Processes theory which allows to predict attacker's decisions.

FPS 2012 Program