### 经济代写|博弈论代写Game Theory代考|ECON 6025

statistics-lab™ 为您的留学生涯保驾护航 在代写博弈论Game Theory方面已经树立了自己的口碑, 保证靠谱, 高质且原创的统计Statistics代写服务。我们的专家在代写博弈论Game Theory代写方面经验极为丰富，各种代写博弈论Game Theory相关的作业也就用不着说。

• Statistical Inference 统计推断
• Statistical Computing 统计计算
• (Generalized) Linear Models 广义线性模型
• Statistical Machine Learning 统计机器学习
• Longitudinal Data Analysis 纵向数据分析
• Foundations of Data Science 数据科学基础

## 经济代写|博弈论代写Game Theory代考|Evaluation of Heuristics

Our goal is to evaluate the heuristics we used to reduce the number of possible ways HPs can be allocated in the network to make the algorithm more scalable compared to our previous experiments. In the first experiment, we evaluate the solution quality of the algorithm with and without heuristics by comparing how early the defender can identify an attacker. We used different sizes of networks with different limits on the number of rounds the players can play. Each of the three attackers we considered, $a, b, c$, has some unique and some shared exploits in their possession. Attacker $a$ has exploits $\phi_{0}, \phi_{1}, \phi_{2}$. Attacker $b$ has exploits $\phi_{2}, \phi_{3}, \phi_{1}$. Attacker $c$ has exploits $\phi_{4}, \phi_{5}, \phi_{2}$. We picked the attacker $b$ as the acting attacker. We kept the edge density and shared vulnerabilities between nodes to $40 \%$. Results are averaged over 20 game instances. In the Figure $3.9$, the first row, Figure $3.9 \mathrm{a}$ and $\mathrm{b}$ computes the solution without using the heuristics and the second row, Figure $3.9 \mathrm{c}$ and d computes the solution using the heuristics to reduce the action space. As we can see, the solution quality did not degrade for the experiments we conducted. However, currently, we have no proof to guarantee an optimal solution with the use of heuristics.

In the next experiment, we compare the run time between the algorithms using without and with heuristics for different sizes of networks and the same setup as the previous experiment. Run times are averaged over all the attackers for a particular size of games. As shown in Figure $3.10$, for smaller instances the algorithm with heuristics can compute the solution much quicker than if we do not use any heuristics. For larger instances of games if we do not heuristics, the algorithm runs out of memory very quickly (as shown by ” $x$ “), whereas using the heuristic we can compute the solutions.

## 经济代写|博弈论代写Game Theory代考|Conclusions and Future Direction

Identification of an attacker is an even harder problem in many ways than detection, especially when many attackers use similar TTP in the early stages of attacks. However, any information that can help to narrow down the intention and likely TTP of an attacker can also be of immense value to the defender if it is available early on.

We present several case studies and a formal game model showing how we can use deception techniques to identify different types of attackers represented by the different AGs they use in planning optimal attacks based on their individual goals and capabilities. We show that strategically using deception can facilitate significantly earlier identification by leading attackers to take different actions early in the attack that can be observed by the defender. Our simulation results show this in a more general setting. However, the optimal algorithm does not scale very well since it considers all the possible action space to allocate HPs. So, we presented a scalable version of the optimal algorithm that reduces the action space by a reasonable margin to handle larger instances of games. In future work, we plan to explore how this model can be extended to different types of deception strategies, integration with other IDS techniques, as well as larger and more diverse sets of possible attacker types to make it operational in the real world.

## 经济代写|博弈论代写Game Theory代考|Reward Function

As introduced earlier, there is a cost associated with each action. The network defender incurs a fixed cost for placing a new honeypot on an edge in the network. Let $P_{\mathrm{c}}$ denote the honeypot placement cost. On the attacker side, there is a cost per attack denoted as $A_{\mathrm{c}}$. The attack cost reflects the risk taken by the attacker as mentioned earlier.

If the defender placed honeypot on the same edge the attacker exploits, the defender gains a capturing reward. Otherwise, if the attacker exploited another safe edge, the attacker gains a successful attack reward. Let Cap and Esc denote the defender capture reward and the attacker successful reward, respectively.

To account for different nodes in the network, we adopt a reward function that takes into account the importance of the network nodes. Therefore, both capturing reward and the successful attack reward are weighted by the value of the secured or attacked node value, $w_{v}$. We start by expressing the reward matrix for the game illustrated in Figure $4.1$ and present the general reward matrix afterward.
$$R_{1}=\left[\begin{array}{ccc} -P_{\mathrm{c}}+A_{\mathrm{c}}+\operatorname{Cap} * w_{b} & -P_{\mathrm{c}}+A_{\mathrm{c}}-\operatorname{Esc} * w_{c} & -P_{\mathrm{c}} \ -P_{\mathrm{c}}+A_{\mathrm{c}}-\mathrm{Esc} * w_{\mathrm{b}} & -P_{\mathrm{c}}+A_{\mathrm{c}}+\operatorname{Cap} * w_{\mathrm{c}} & -P_{\mathrm{c}} \ A_{\mathrm{c}}-\operatorname{Esc} * w_{b} & A_{\mathrm{c}}-\mathrm{Esc} * w_{c} & 0 \end{array}\right] .$$
The attacker reward matrix is $R_{2}=-R_{1}$. The reward, $R_{1}(1,1)$ and $R_{1}(2,2)$, represents a captured attacker as the defender installed a honeypot at the attacked node. Therefore, the defender pays placement cost $P_{\mathrm{c}}$ and gains a capturing reward weighted by the value of the defended node. The attacker incurs an attack cost, $A_{\mathrm{c}}$, which represents a reward for the defender in a zero-sum game. On the other hand, $R_{1}(1,2)$ and $R_{1}(2,1)$ represent a successful attack, where the honeypot is allocated at a different node. Therefore, there is a Esc loss weighted by the compromised node value. In $R_{1}(3,1)$ and $R_{1}(3,2)$, the defender decides not to place any honeypot to save placement

cost $P_{\mathrm{c}^{+}}$Similarly, in $R_{1}(1,3), R_{1}(2,3)$, and $R_{1}(3,3)$, the attacker backs off to either avoid capture cost or attack cost $A_{\mathrm{c}}$.

The reward function can easily be generalized to an arbitrary number of possible edges as follows.
$$R_{1}\left(a_{1}, a_{2}\right)=\left{\begin{array}{clr} -P_{\mathrm{c}}+A_{\mathrm{c}}+\operatorname{Cap} * w_{v} ; & a_{1}=e_{a, w}, a_{2}=v & \forall v \in \mathcal{V} \ -P_{\mathrm{c}}+A_{\mathrm{c}}-\mathrm{Esc} * w_{u} ; & a_{1}=e_{a, v}, a_{2}=u & \forall u \neq v \in \mathcal{V} \ -P_{\mathrm{c}} ; & a_{1}=e_{a, v}, a_{2}=0 & \forall v \in \mathcal{V} \ 0 ; & a_{1}=0, a_{2}=0 & \end{array}\right.$$
where $a_{1}=0$ denotes the defender is not allocating any new honeypot. Similarly, $a_{2}=0$ denotes the attacker decided to back off.

## 经济代写|博弈论代写Game Theory代考|Reward Function

R1=[−磷C+一个C+帽∗在b−磷C+一个C−Esc键∗在C−磷C −磷C+一个C−和sC∗在b−磷C+一个C+帽∗在C−磷C 一个C−Esc键∗在b一个C−和sC∗在C0].

$$R_{1}\left(a_{1}, a_{2}\right)=\left{ −磷C+一个C+帽∗在在;一个1=和一个,在,一个2=在∀在∈在 −磷C+一个C−和sC∗在在;一个1=和一个,在,一个2=在∀在≠在∈在 −磷C;一个1=和一个,在,一个2=0∀在∈在 0;一个1=0,一个2=0\正确的。$$

## 有限元方法代写

tatistics-lab作为专业的留学生服务机构，多年来已为美国、英国、加拿大、澳洲等留学热门地的学生提供专业的学术服务，包括但不限于Essay代写，Assignment代写，Dissertation代写，Report代写，小组作业代写，Proposal代写，Paper代写，Presentation代写，计算机作业代写，论文修改和润色，网课代做，exam代考等等。写作范围涵盖高中，本科，研究生等海外留学全阶段，辐射金融，经济学，会计学，审计学，管理学等全球99%专业科目。写作团队既有专业英语母语作者，也有海外名校硕博留学生，每位写作老师都拥有过硬的语言能力，专业的学科背景和学术写作经验。我们承诺100%原创，100%专业，100%准时，100%满意。

## MATLAB代写

MATLAB 是一种用于技术计算的高性能语言。它将计算、可视化和编程集成在一个易于使用的环境中，其中问题和解决方案以熟悉的数学符号表示。典型用途包括：数学和计算算法开发建模、仿真和原型制作数据分析、探索和可视化科学和工程图形应用程序开发，包括图形用户界面构建MATLAB 是一个交互式系统，其基本数据元素是一个不需要维度的数组。这使您可以解决许多技术计算问题，尤其是那些具有矩阵和向量公式的问题，而只需用 C 或 Fortran 等标量非交互式语言编写程序所需的时间的一小部分。MATLAB 名称代表矩阵实验室。MATLAB 最初的编写目的是提供对由 LINPACK 和 EISPACK 项目开发的矩阵软件的轻松访问，这两个项目共同代表了矩阵计算软件的最新技术。MATLAB 经过多年的发展，得到了许多用户的投入。在大学环境中，它是数学、工程和科学入门和高级课程的标准教学工具。在工业领域，MATLAB 是高效研究、开发和分析的首选工具。MATLAB 具有一系列称为工具箱的特定于应用程序的解决方案。对于大多数 MATLAB 用户来说非常重要，工具箱允许您学习应用专业技术。工具箱是 MATLAB 函数（M 文件）的综合集合，可扩展 MATLAB 环境以解决特定类别的问题。可用工具箱的领域包括信号处理、控制系统、神经网络、模糊逻辑、小波、仿真等。