GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments

Abstract

Investments on cybersecurity are essential for organizations to protect operational activities, develop trust relationships with clients, and maintain financial stability. A cybersecurity breach can lead to financial losses as well as to damage the reputation of an organization. Protecting an organization from cyber attacks demands considerable investments; however, it is known that organisations unequally divide their budget between cybersecurity and other technological needs. Organizations must consider cybersecurity measures, including but not limited to security controls, in their cybersecurity investment plans. Nevertheless, designing an effective cybersecurity investment plan to optimally distribute the cybersecurity budget is a primary concern. This paper presents GTM, a methodology depicted as a tool dedicated to providing optimal cybersecurity defense strategies and investment plans. GTM utilizes attack graphs to predict all possible cyber attacks, game theory to simulate the cyber attacks and 0-1 Knapsack to optimally allocate the budget. The output of GTM is an optimal cybersecurity strategy that includes security controls to protect the organisation against potential cyber attacks and enhance its cyber defenses. Furthermore, GTM’s effectiveness is evaluated against three use cases and compared against different attacker types under various scenarios.