The paper entitled GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments presented in the 5th IWSECC workshop of the 17th ARES conference. The paper has been written by Ioannis Kalderemidis, Aristeidis Farao (former secondee of the SECONDO project), Panagiotis Bountakas (former secondee of the SECONDO project) and Christos Xenakis from the University of Piraeus, as well as, from Sakshyam Panda (former secondee of the SECONDO project) from the University of Greenwich. The paper presented by the co-author and corresponding author of the paper Aristeidis Farao.
This paper presents GTM, a methodology depicted as a tool dedicated to providing optimal cybersecurity defense strategies and investment plans. GTM utilizes attack graphs to predict all possible cyber attacks, game theory to simulate the cyber attacks and 0-1 Knapsack to optimally allocate the budget. The output of GTM is an optimal cybersecurity strategy that includes security controls to protect the organisation against potential cyber attacks and enhance its cyber defenses. Furthermore, GTM’s effectiveness is evaluated against three use cases and compared against different attacker types under various scenarios.
Finally, this paper presents the results of SECONDO deliverable D4.3 being entitled Cyber Security Investments.