Using Counterfactual Regret Minimization and Monte Carlo Tree Search for Cybersecurity Threats
Nii Emil Alexander Reindorf, Paul Cotae

Mitigating cyber threats requires adequate understanding of the attacker characteristics in particular their patterns. Such knowledge is essential in addressing the defensive measures that mitigate the attack. If the attacker enters a network system, the game tree that modelsthose resources can generate a counter to such threats. This is done by altering the parity in the next game tree iteration which yield an adequate response to counter it. If an attacker enters a network system, and a game tree models the resources he must interface with, then that game tree can be altered, by changing the parity on the next to last iteration. This paper analyzes the sequence of patterns based on incoming attacks. The detection of attacker’s pattern and subsequent changes in iterations to counter threats can be viewed as adequate resource or know how in cyber threat mitigations. It was realized that changing the game tree of the hacker deprives the attacker of network resources and hence would represent a defensive measure against the attack; that is changing varying or understanding attacker paths, creates an effective defensive measure to protect the system against the incoming threats. In this paper we analyze a unique combination of CFR and MCTS that attempts to detect the behavior of a hacker. Counterfactual Regret (CFR) is a game theory concept that helps identify patterns of attacks. The pattern recognition concept of Monte Carlo Tree Search (MCTS) is used in harmony with CFR in order to enhance the detection of attacks.

Full Text: PDF     DOI: 10.15640/jcsit.v9n1a2