(Poster) Zero-Day Risk Estimation Using Security Games
摘要
We propose a method using game-theoretic security models and attack graphs to estimate zero-day exploit risks. Our approach predicts risk increases over time or under a presumed “dark count” of unknown exploits without speculating on their specifics. The method models a game where the defender has a limited view of the attacker’s full action space, simulating zero-day scenarios. This avoids unreliable guessing of potential attacks and focuses on the attacker’s knowledge advantage relative to the defender. The approach is generic, requiring only mild computability conditions, and is demonstrated using a prior game-theoretic model applied to industrial robotics case studies, but not limited to such applications (in fact agnostic of the use-case).