Modelling cybersecurity strategies with game theory and cyber kill chain

Digitalisation within industries has many positive opportunities but poses many cybersecurity-related threats. Cybersecurity is a critical concern for many industries, such as railway, aviation, mining, construction, healthcare, and finance, where vital information and operational security are at risk of being compromised. Today, researchers are looking into various solutions to tackle cybersecurity risks while still retaining the desired functionality of the system. However, it is believed that these challenges can be approached by integrating game theory and the cyber kill chain (CKC), which describes the different stages of a cyberattack, to understand the complexities of cybersecurity. Thus, the primary objective of this paper is to demonstrate the application of a strategic game model within the context of cybersecurity, specifically using the cyber kill chain (CKC) model. The focus is on validating the proposed strategic game model through a case study. The case study involves a scenario where defenders select strategies such as "monitor system," "detecting system," and "respond to attack," while attackers choose various attack strategies like "monitoring attack," "scan the organization's website," and "develop malicious payloads" within the stages of the CKC. This approach aims to enhance understanding of the complex challenges and facilitate the development of effective cybersecurity solutions. This approach will help in evaluating the effectiveness of different security strategies. The proposed strategic approach uses a non-cooperative game based on mixed strategies. The authors have defined a scenario for simultaneous-move games by estimating values for various elements of the game. By analysing the behaviour of both attacker and defender, the proposed game-based model can help industries develop more effective and efficient security strategies. Further, the proposed model will provide a better understanding of the complex challenges of cybersecurity in industrial contexts. It can also be used to develop appropriate strategies to mitigate cybersecurity risks.