# Propagating Mixed Uncertainties in Cyber Attacker Payoffs: Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis

## Abstract

Securing cyber-systems on a continual basis against a multitude of adverse events is a challenging undertaking. Game-theoretic approaches, that model actions of strategic decision-makers, are increasingly being applied to address cybersecurity resource allocation challenges. Such game-based models account for multiple player actions and represent cyber attacker payoffs mostly as point utility estimates. Since a cyber-attacker’s payoff generation mechanism is largely unknown, appropriate representation and propagation of uncertainty is a critical task. In this paper we expand on prior work and focus on operationalizing the probabilistic uncertainty quantification framework, for a notional cyber system, through: 1) representation of uncertain attacker and system-related modeling variables as probability distributions and mathematical intervals, and 2) exploration of uncertainty propagation techniques including two-phase Monte Carlo sampling and probability bounds analysis.

- Authors:

- Publication Date:

- Research Org.:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

- Sponsoring Org.:
- USDOE

- OSTI Identifier:
- 1334867

- Report Number(s):
- PNNL-SA-120091

- DOE Contract Number:
- AC05-76RL01830

- Resource Type:
- Conference

- Resource Relation:
- Conference: IEEE Symposium on Technologies for Homeland Security (HST 2016), May 10-11, 2016, Waltham, MA

- Country of Publication:
- United States

- Language:
- English

- Subject:
- game theory; cyber security

### Citation Formats

```
Chatterjee, Samrat, Tipireddy, Ramakrishna, Oster, Matthew R., and Halappanavar, Mahantesh.
```*Propagating Mixed Uncertainties in Cyber Attacker Payoffs: Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis*. United States: N. p., 2016.
Web. doi:10.1109/THS.2016.7568967.

```
Chatterjee, Samrat, Tipireddy, Ramakrishna, Oster, Matthew R., & Halappanavar, Mahantesh.
```*Propagating Mixed Uncertainties in Cyber Attacker Payoffs: Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis*. United States. doi:10.1109/THS.2016.7568967.

```
Chatterjee, Samrat, Tipireddy, Ramakrishna, Oster, Matthew R., and Halappanavar, Mahantesh. Fri .
"Propagating Mixed Uncertainties in Cyber Attacker Payoffs: Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis". United States.
doi:10.1109/THS.2016.7568967.
```

```
@article{osti_1334867,
```

title = {Propagating Mixed Uncertainties in Cyber Attacker Payoffs: Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis},

author = {Chatterjee, Samrat and Tipireddy, Ramakrishna and Oster, Matthew R. and Halappanavar, Mahantesh},

abstractNote = {Securing cyber-systems on a continual basis against a multitude of adverse events is a challenging undertaking. Game-theoretic approaches, that model actions of strategic decision-makers, are increasingly being applied to address cybersecurity resource allocation challenges. Such game-based models account for multiple player actions and represent cyber attacker payoffs mostly as point utility estimates. Since a cyber-attacker’s payoff generation mechanism is largely unknown, appropriate representation and propagation of uncertainty is a critical task. In this paper we expand on prior work and focus on operationalizing the probabilistic uncertainty quantification framework, for a notional cyber system, through: 1) representation of uncertain attacker and system-related modeling variables as probability distributions and mathematical intervals, and 2) exploration of uncertainty propagation techniques including two-phase Monte Carlo sampling and probability bounds analysis.},

doi = {10.1109/THS.2016.7568967},

journal = {},

number = ,

volume = ,

place = {United States},

year = {Fri Sep 16 00:00:00 EDT 2016},

month = {Fri Sep 16 00:00:00 EDT 2016}

}