Formalizing Agents’ Beliefs for Cyber-Security Defense Strategy Planning

  • Karsten Martiny
  • Alexander Motzek
  • Ralf Möller
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 369)


Critical information infrastructures have been exposed to an increasing number of cyber attacks in recent years. Current protection approaches consider the reaction to a threat from an operational perspective, but leave out human aspects of an attacker. The problem is, no matter how good a defense planning from an operational perspective is, it must be considered that any action taken might influence an attacker’s belief in reaching a goal. For solving this problem this paper introduces a formal model of belief states for defender and intruder agents in a cyber-security setting. We do not only consider an attacker as a deterministic threat, but consider her as a human being and provide a formal method for reasoning about her beliefs given our reactions to her actions, providing more powerful means to assess the merits of countermeasures when planning cyber-security defense strategies.


Adaptive defense of network infrastructure Semantic information representation Situational awareness Epistemic logic 


  1. 1.
    Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., Bart, E., Ducheneaut, N.: Proactive insider threat detection through graph learning and psychological context. In: Security and Privacy Workshops (SPW), pp. 142–149. IEEE (2012)Google Scholar
  2. 2.
    Chiesa, R.: Peering in the soul of hackers: HPP (the hacker’s profiling project) v2.0 reloaded. In: 8.8 Security Conference, Santiago, Chile. 8dot8 (2012)Google Scholar
  3. 3.
    Chiesa, R., Ducci, S., Ciappi, S.: Profiling Hackers: the science of criminal profiling as applied to the world of hacking. CRC Press (2008)Google Scholar
  4. 4.
    Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Computer Security Applications Conference, pp. 121–130. IEEE (2006)Google Scholar
  5. 5.
    Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Computer Security Foundations Workshop, pp. 49–63. IEEE (2002)Google Scholar
  6. 6.
    Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Military Communications Conference (MILCOM), pp. 1–10. IEEE (2006)Google Scholar
  7. 7.
    Martiny, K., Möller, R.: A probabilistic doxastic temporal logic for reasoning about beliefs in multi-agent systems. In: 7th International Conference on Agents and Artificial Intelligence (ICAART) (2015)Google Scholar
  8. 8.
    Noel, S., Jajodia, S.: Optimal IDS sensor placement and alert prioritization using attack graphs. J. Netw. Syst. Manag. 16(3), 259–275 (2008)CrossRefGoogle Scholar
  9. 9.
    Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: A logic-based network security analyzer. In: USENIX Security (2005)Google Scholar
  10. 10.
    Ou, X., Singhal, A.: Attack graph techniques. In: Quantitative Security Risk Assessment of Enterprise Networks, pp. 5–8. Springer (2011)Google Scholar
  11. 11.
    Phillips, C., Swiler, L.: A graph-based system for network-vulnerability analysis. In: Workshop on New Security Paradigms, pp. 71–79. ACM (1998)Google Scholar
  12. 12.
    Rogers, M.K.: A social learning theory and moral disengagement analysis of criminal computer behavior: An exploratory study. Ph.D. thesis, University of Manitoba (2001)Google Scholar
  13. 13.
    Roy, A., Kim, D.S., Trivedi, K.: Cyber security analysis using attack countermeasure trees. In: 6th Annual Workshop on Cyber Security and Information Intelligence Research, p. 28. ACM (2010)Google Scholar
  14. 14.
    Roy, A., Kim, D.S., Trivedi, K.: Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees. In: Dependable Systems and Networks, pp. 1–12. IEEE (2012)Google Scholar
  15. 15.
    Sommestad, T., Ekstedt, M., Johnson, P.: Cyber security risks assessment with bayesian defense graphs and architectural models. In: 42nd Hawaii International Conference on System Sciences, pp. 1–10. IEEE (2009)Google Scholar
  16. 16.
    Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 24(6), 472–484 (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Karsten Martiny
    • 1
  • Alexander Motzek
    • 2
  • Ralf Möller
    • 2
  1. 1.Hamburg University of TechnologyHamburgGermany
  2. 2.University of LübeckLübeckGermany

Personalised recommendations