A Game Theoretic Approach for Quantitative Evaluation of Security by Considering Hackers with Diverse Behaviors

The most serious problem in the area of quantitative security evaluation is modeling of hacker's behavior. Because of the intelligent and complicated mental aspects of hackers, there are many challenges to model their behavior. Recently, there have been some efforts to use game theory for predicting hacker's behavior. However, it is necessary to revise the proposed approaches if there is a society of hackers with significant diversity in their behaviors. In this paper, we have examined our newly introduced approach to extend the basic ideas of using game theory to predict transition rates in stochastic models. The proposed method categorizes the society of hackers based on two main criteria used widely in hacker classification: motivations and skills. Markov chains are used to model the system. Based on the preferences of each class of hackers and the distribution of skills in each class, the transition rates between the states are computed. The resulting Markov chains can be solved to obtain the corresponding security measures of the system. We have explored some of the applications of the method and have shown that the method facilitates the study of relationships between important factors of hackers/defenders societies and different security measures of the system.