### 经济代写|博弈论代写Game Theory代考|ECON3301

statistics-lab™ 为您的留学生涯保驾护航 在代写博弈论Game Theory方面已经树立了自己的口碑, 保证靠谱, 高质且原创的统计Statistics代写服务。我们的专家在代写博弈论Game Theory代写方面经验极为丰富，各种代写博弈论Game Theory相关的作业也就用不着说。

• Statistical Inference 统计推断
• Statistical Computing 统计计算
• (Generalized) Linear Models 广义线性模型
• Statistical Machine Learning 统计机器学习
• Longitudinal Data Analysis 纵向数据分析
• Foundations of Data Science 数据科学基础

## 经济代写|博弈论代写Game Theory代考|Background

AGs represent sequential attacks by an attacker to compromise a network or a particular computer (Durkota et al. 2015). AGs can be automatically generated using a known vulnerabilities database (Ingols et al. 2006; Ou et al. 2006). Due to resource limitations, the automatically generated AGs are often used to identify high priority vulnerabilities to fix (Sheyner et al. 2002; Noel and Jajodia 2008). We use AGs as a library of attack plans that can represent different attackers. The optimal plan for any attacker will depend on his particular options and goals, reflected in the AG. The AG for each attacker will also change depending on the network, including changes made by the defender (e.g., introducing HPs). We model a multistage Stackelberg Security game (SSG) with a leader and a follower. The defender commits to a strategy considering the attacker’s strategy. The attacker observes the strategy of the leader and chooses an optimal attack strategy using the AG. The AG of the attackers we considered is defined by initial access and lateral movement actions (Enterprise Tactics 2020) to reach their corresponding goal node $g_{i}$ as shown in Figure 3.1.

Initial access represents the vectors an attacker uses to gain an initial foothold in the network. We consider the technique called Exploit Public-Facing Application mit (Initial Access 2018) for initial access, where an attacker uses tools to exploit the weakness of the public-facing systems. Lateral movement is a tactic to achieve greater control over network assets. We consider the example of Exploitation of Remote Services technique for lateral movement mit (Lateral Movement 2018) where an attacker exploits the vulnerabilities of a program. While there may be similarities in the AG for different attackers, having different goals and options available mean that the plans may eventually diverge. The overlap between multiple attack plans is the number of actions that are identical at the start of the plan.

## 经济代写|博弈论代写Game Theory代考|Case Studies

We present three case studies that consider different types of attackers. We look at different pairs of attackers based on what exploits are shared between them and whether their final objective is the same or not. We use the network shown in Figure 3.2, where a router is $R_{i}$, a host is $H_{i}$, a firewall is $F_{i}$, a switch is $S$. An exploit $\phi_{i}(c)$ with cost $c$ on an edge allows an attacker to move laterally if an attacker $a_{i}$ has exploit $\phi_{i}(c)$. The cost of using an exploit represents both the time and effort as well as the risk of detection that attackers want to minimize. An attacker tries to reach a goal by making lateral movements using an attack plan with the minimum cost. If there is more than one minimum cost plan, attackers choose the ones that maximize the overlap with other attackers. We assume that when an attacker reaches his goal the game ends. He also has complete knowledge (e.g. vulnerabilities) about the network but does not know which nodes are HPs. For each case study, we first analyze the attack plans based on the AGs. Then we analyze what proactive deceptive action a defender can take to detect the attacker type earlier. We assume that the attacks are fully observable. Since we are interested in scenarios where attackers have common attack plans in their AG, we assume that host $H_{1}$ is where all attackers initially enter the network.

## 经济代写|博弈论代写Game Theory代考|Defender Decision Making

In each round of the game the defender updates his beliefs about the attacker types and the attackers’ goals. According to Bayes’ theorem, given the sequence of lateral movement seq $(t)$ up to node $t$ from the starting node $t_{p}$, the probability that the defender is facing attacker $a_{i}$ is:
$$p\left(a_{i} \mid \operatorname{seq}(t)\right)=\frac{p\left(s \operatorname{seq}(t) \mid a_{i}\right) p\left(a_{i}\right)}{\sum_{j=0}^{N} p\left(\operatorname{seq}(t) \mid \alpha_{j}\right) p\left(a_{i}\right)}$$
where $p\left(a_{i}\right)$ is the prior probability of facing the attacker $a_{i}$ and $p\left(\operatorname{seq}(t) \mid a_{i}\right)$ is the likelihood of the observation seq $(t)$ given that we are facing the attacker $a_{i}$. Similarly, belief about goal can be computed. The probability of the plan of the attacker is $\mathcal{P}{g}$ from the start node $t{p}$ is:
$$p\left(P_{g} \mid \operatorname{seq}(t), a_{i}\right)=\frac{p\left(\operatorname{seq}(t) \mid P_{z}, a_{i}\right) p\left(P_{r}, a_{j}\right)}{\sum_{v_{e} \in G} p\left(\operatorname{seq}(t) \mid P_{g}, a_{i}\right) p\left(P_{k}, a_{i}\right)}$$
Next, the defender considers all the possible deception deployments $c \in C$ where there are edges $t_{m} \rightarrow t_{n}$ from the attacker’s last observed position $t_{\mathrm{lp}}$ where $t_{m}$ can be reached from node $t_{\mathrm{lp}}$. Without affecting the existing connections of the network deceptions are deployed between two nodes. The defender has a library of AGs for each of the attackers that he can use to optimize the decision making. We consider three possible objectives the defender uses to make this decision. In Minimizing Maximum Overlapping Length, the defender chooses his deception deployment by minimizing the sum of the attackers’ overlapping actions. Another variation would be to minimize the attacker’s maximum overlapping length with other attackers by considering each of the attackers. Minimizing the maximum overlapping length of attack plans may not always focus on all the attackers’ attack plans, e.g. if all the attackers have high overlapping (of attack plans) with each other except the acting attacker. To overcome the issue the defender can compute the expected overlapping length of the attack plans: Minimizing Expected Overlapping Length. According to information theory, one way to reduce the anonymity between the attacker types is to deploy deception in such a way that will minimize entropy. If $X_{1}=p\left(a_{0}\right), X_{2}=p\left(a_{1}\right)$ and $X_{3}=p\left(a_{2}\right)$ are three random variables for the attacker types where $X_{1}+X_{2}+X_{3}=1$, then entropy can be written as follows: $H(X)=-\sum_{i=0}^{i=1} p\left(a_{i}\right) \log {b} p\left(a{i}\right)$ where $p\left(a_{i}\right)$ is the posterior probability for the attacker $a_{i^{*}}$. In Minimizing Entropy, the defender chooses the deception deployment that results in the minimum entropy for all the attackers $A$.

## 经济代写|博弈论代写Game Theory代考|Background

AG 代表攻击者对网络或特定计算机的连续攻击（Durkota et al. 2015）。AG 可以使用已知的漏洞数据库自动生成（Ingols et al. 2006; Ou et al. 2006）。由于资源限制，自动生成的 AG 通常用于识别要修复的高优先级漏洞（Sheyner 等人 2002；Noel 和 Jajodia 2008）。我们使用 AG 作为可以代表不同攻击者的攻击计划库。任何攻击者的最佳计划将取决于他的特定选项和目标，反映在 AG 中。每个攻击者的 AG 也会根据网络而改变，包括防御者所做的更改（例如，引入 HP）。我们对具有领导者和追随者的多阶段 Stackelberg 安全博弈 (SSG) 进行建模。防御者承诺考虑攻击者策略的策略。攻击者观察领导者的策略，并使用 AG 选择最优的攻击策略。我们考虑的攻击者的 AG 由初始访问和横向移动动作（Enterprise Tactics 2020）定义，以达到其相应的目标节点G一世如图 3.1 所示。

## 经济代写|博弈论代写Game Theory代考|Defender Decision Making

p(一个一世∣序列⁡(吨))=p(s序列⁡(吨)∣一个一世)p(一个一世)∑j=0ñp(序列⁡(吨)∣一个j)p(一个一世)

## 有限元方法代写

tatistics-lab作为专业的留学生服务机构，多年来已为美国、英国、加拿大、澳洲等留学热门地的学生提供专业的学术服务，包括但不限于Essay代写，Assignment代写，Dissertation代写，Report代写，小组作业代写，Proposal代写，Paper代写，Presentation代写，计算机作业代写，论文修改和润色，网课代做，exam代考等等。写作范围涵盖高中，本科，研究生等海外留学全阶段，辐射金融，经济学，会计学，审计学，管理学等全球99%专业科目。写作团队既有专业英语母语作者，也有海外名校硕博留学生，每位写作老师都拥有过硬的语言能力，专业的学科背景和学术写作经验。我们承诺100%原创，100%专业，100%准时，100%满意。

## MATLAB代写

MATLAB 是一种用于技术计算的高性能语言。它将计算、可视化和编程集成在一个易于使用的环境中，其中问题和解决方案以熟悉的数学符号表示。典型用途包括：数学和计算算法开发建模、仿真和原型制作数据分析、探索和可视化科学和工程图形应用程序开发，包括图形用户界面构建MATLAB 是一个交互式系统，其基本数据元素是一个不需要维度的数组。这使您可以解决许多技术计算问题，尤其是那些具有矩阵和向量公式的问题，而只需用 C 或 Fortran 等标量非交互式语言编写程序所需的时间的一小部分。MATLAB 名称代表矩阵实验室。MATLAB 最初的编写目的是提供对由 LINPACK 和 EISPACK 项目开发的矩阵软件的轻松访问，这两个项目共同代表了矩阵计算软件的最新技术。MATLAB 经过多年的发展，得到了许多用户的投入。在大学环境中，它是数学、工程和科学入门和高级课程的标准教学工具。在工业领域，MATLAB 是高效研究、开发和分析的首选工具。MATLAB 具有一系列称为工具箱的特定于应用程序的解决方案。对于大多数 MATLAB 用户来说非常重要，工具箱允许您学习应用专业技术。工具箱是 MATLAB 函数（M 文件）的综合集合，可扩展 MATLAB 环境以解决特定类别的问题。可用工具箱的领域包括信号处理、控制系统、神经网络、模糊逻辑、小波、仿真等。