Dynamic Trilateral Game Model for Attack Graph Security Game

Internal threats have a huge impact on the attack graph security game. The failure of the MTD model defence measures would be caused by the existence of internal users with certain authority. Dynamic trilateral game model was proposed to extend the original two-part game model. By materializing internal threats, the uncertainty of two-part game model was eliminated, which was expressed as the probability equation used by the players in the observation state process. And the relationship between the offensive and defensive sides became indirect. The user strategy, based on mixed strategy game model, was proposed to increase the coupling between stealth attack and internal threats. The income matrix was dynamically constructed to measure the behavioural outcomes of users and attackers. User behavioural references were obtained through dynamic programming. For the defender, the heuristic strategy in the model reduces the complexity of parties’s behaviour through random sampling. Experiments were carried out on the attack graph model under various game settings. Compared with the two-part game model, our model’s experimental results showed that the cyber security risks were reduced by 17.9% and 18.8% respectively on the strong and weak structural attack graph.