### 经济代写|博弈论代写Game Theory代考|ECON2112

statistics-lab™ 为您的留学生涯保驾护航 在代写博弈论Game Theory方面已经树立了自己的口碑, 保证靠谱, 高质且原创的统计Statistics代写服务。我们的专家在代写博弈论Game Theory代写方面经验极为丰富，各种代写博弈论Game Theory相关的作业也就用不着说。

• Statistical Inference 统计推断
• Statistical Computing 统计计算
• (Generalized) Linear Models 广义线性模型
• Statistical Machine Learning 统计机器学习
• Longitudinal Data Analysis 纵向数据分析
• Foundations of Data Science 数据科学基础

## 经济代写|博弈论代写Game Theory代考|Simulation Results

We want to show that using proactive deception a defender can reveal the attacker type earlier than otherwise. We define an early identification as to when the defender can use proactive deception to determine the attacker type in an earlier round compared to when the defender just observes. Vulnerabilities in the nodes are (indirectly) represented by exploits on the edge between two nodes. We randomly generated 20 networks, somewhat similar to Figure 3.2, with 18 nodes with values and costs chosen randomly from the range $[0,10]$ including one public node. We considered exploits $\phi_{0}, \phi_{1}, \phi_{2}, \phi_{3}, \phi_{4}, \phi_{5}$ with cost chosen randomly from the range $[0,10]$. Next, we assign exploits to the edges in such a way that it allows the attackers to have unique attack plans to their goals except for the starting node. Depending on the edge density (number of edges from a node) and shared vulnerability parameters we randomly connect edges with exploits between nodes where the two nodes are in different attack plans of different attackers. We used six HPs and the vulnerabilities are picked from randomly chosen nodes existing in the network so that the HPs can act as decoys. The games are limited to five rounds. In each round $r$, the defender $d$ deploys $0 \leq k \leq 2$ decoys. In the attack plan library, we considered three attacker types, $a, b, c$ with different goals.

In the first experiment, we show that depending on different density of edges and shared vulnerabilities between nodes, how early a defender can identify the attacker type he is facing varies. Each of the three attackers, $a, b, c$ has some unique and some shared exploits in their possession. Attacker $a$ has exploits $\phi_{0}, \phi_{1}, \phi_{2}$. Attacker $b$ has $\phi_{2}, \phi_{3}, \phi_{1}$. Attacker $c$ has exploits $\phi_{4}, \phi_{5}, \phi_{2}$. We picked the attacker $b$ as the acting attacker.

Figure $3.6$ shows the results. In the first row in Figure 3.6a-c, defender just observes the attacker actions. As the density and shared vulnerabilities increases, it takes more rounds for the defender to identify the attacker type $b$. In the second row in Figure $3.6 \mathrm{e}$ and $\mathrm{f}$, the defender deploys HPs. If we compare the figures of the same edge density and shared vulnerabilities from the two rows, it is easy to notice that the use of deception facilitates early identification except Figure 3.6d where it was the same. However, an increase in edge density and shared vulnerabilities between nodes harms performance.

The second experiment is the same as the first except that we kept the edge density and shared vulnerabilities between nodes fixed to $40 \%$ and we varied the shared exploits between the attackers. We chose the attacker $c$ as the acting attacker. We can observe in Figure 3.7a-c that as we increase the sharing of exploits between the attackers it takes longer for the defender to identify the attacker type $c$. When all the attackers have the same exploits the defender was unable to identify the attacker type even at round 4 without using any deception. However, in the second row in Figure $3.7 \mathrm{~d}-\mathrm{f}$ as the defender strategically uses deception, identification of attacker $c$ happens earlier. The performance of the early identification decreases as the shared exploits between the attacker’s increases. Another observation is noticeable in Figure $3.7 \mathrm{~d}$ : the defender was not able to identify the attacker type, however, the attacker did not find any policy to continue its attack. This shows that the use of strategical deception can also act as a deterrent for the attackers.

## 经济代写|博弈论代写Game Theory代考|Scalability

In our current game model, the defender makes a move after considering the attacker’s last known position, and every possible way $k$ HPs can be allocated between two real nodes in the network. Let’s define $\sigma(i, j)$ as a slot where a HP can be allocated between node $i$ and node $j$. The current algorithm makes sure that node $i$ is always one hop distance away from the attacker’s last known position and node $j$ does not include the goal nodes to exclude trivial cases.

Using this approach the number of slots of $\sigma(i, j)$ where $k$ HPs can be allocated increases very quickly with both network size (branching factors) and $k$ that makes the algorithm not very scalable. For our initial experiments, we used a network of size 18. Now we will present a simple heuristics that makes sure that the algorithm can handle larger instances of networks compared to our initial approach.

## 经济代写|博弈论代写Game Theory代考|Heuristics

In the real world, sensors, intrusion detection systems, and forensic analysis are used to collect data and to analyze the alerts and to understand the Techniques, Tactics and Procedures (TTP) used by an attacker. Utilizing the same tools and analytics it is also possible to form a belief on the approximate time interval of the attacks of an attacker and his preferences towards different features of the network, for example, OS, application, ports, hardware, etc. Rather than just focusing on TTP used by an attacker the defender can try to understand the attacker’s behavior that drives the attacks and the attacker’s propagation throughout the network. If the defender knows the last position of the attacker in the network, the time interval and preferences and attacker behavior can be used to get an estimate on his future attacks in the network to form a radius from the last known position of the attacker to consider the slots for HP allocation. Using these estimations on the attacker’s future positions in the network, many of the unnecessary slots also can be filtered out.

In our game model, we do not capture this complex behavior of attacker preferences, behaviors, and intervals of attacks. We simplify it by assuming that the defender knows the attacker’s last position in each round and the defender also knows that the attacker only moves one hop per round. Using these assumptions the defender can consider slots $\sigma(i, j)$ where the distance between node $i$ and node $j$ is always two hops and node $i$ is always one hop away from the last known position of the attacker. It is also unnecessary to consider $\operatorname{slots} \sigma(i, j)$ where node $i$ and node $j$ are only one hop away since it will only introduce costs to the paths and we assume that the attacker chooses a path that minimizes his costs. More unnecessary slots can be eliminated from considerations utilizing domain knowledge; for example, the defender knows that the attacker only moves forward (which is not realistic) however, this is one of our assumptions of the game model. As a result, it is not necessary to consider slots that are behind the attacker’s last known position.

## 有限元方法代写

tatistics-lab作为专业的留学生服务机构，多年来已为美国、英国、加拿大、澳洲等留学热门地的学生提供专业的学术服务，包括但不限于Essay代写，Assignment代写，Dissertation代写，Report代写，小组作业代写，Proposal代写，Paper代写，Presentation代写，计算机作业代写，论文修改和润色，网课代做，exam代考等等。写作范围涵盖高中，本科，研究生等海外留学全阶段，辐射金融，经济学，会计学，审计学，管理学等全球99%专业科目。写作团队既有专业英语母语作者，也有海外名校硕博留学生，每位写作老师都拥有过硬的语言能力，专业的学科背景和学术写作经验。我们承诺100%原创，100%专业，100%准时，100%满意。

## MATLAB代写

MATLAB 是一种用于技术计算的高性能语言。它将计算、可视化和编程集成在一个易于使用的环境中，其中问题和解决方案以熟悉的数学符号表示。典型用途包括：数学和计算算法开发建模、仿真和原型制作数据分析、探索和可视化科学和工程图形应用程序开发，包括图形用户界面构建MATLAB 是一个交互式系统，其基本数据元素是一个不需要维度的数组。这使您可以解决许多技术计算问题，尤其是那些具有矩阵和向量公式的问题，而只需用 C 或 Fortran 等标量非交互式语言编写程序所需的时间的一小部分。MATLAB 名称代表矩阵实验室。MATLAB 最初的编写目的是提供对由 LINPACK 和 EISPACK 项目开发的矩阵软件的轻松访问，这两个项目共同代表了矩阵计算软件的最新技术。MATLAB 经过多年的发展，得到了许多用户的投入。在大学环境中，它是数学、工程和科学入门和高级课程的标准教学工具。在工业领域，MATLAB 是高效研究、开发和分析的首选工具。MATLAB 具有一系列称为工具箱的特定于应用程序的解决方案。对于大多数 MATLAB 用户来说非常重要，工具箱允许您学习应用专业技术。工具箱是 MATLAB 函数（M 文件）的综合集合，可扩展 MATLAB 环境以解决特定类别的问题。可用工具箱的领域包括信号处理、控制系统、神经网络、模糊逻辑、小波、仿真等。