Next Article in Journal
Object Manipulation with an Anthropomorphic Robotic Hand via Deep Reinforcement Learning with a Synergy Space of Natural Hand Poses
Next Article in Special Issue
Cyber Risks Prediction and Analysis in Medical Emergency Equipment for Situational Awareness
Previous Article in Journal
Gait Analysis Accuracy Difference with Different Dimensions of Flexible Capacitance Sensors
Previous Article in Special Issue
Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Game-Theoretic Decision Support for Cyber Forensic Investigations

Department of Computing and Mathematical Sciences, University of Greenwich, London SE10 9BD, UK
Institut of Artificial Intelligence and Cybersecurity, Universitaet Klagenfurt, Universitatsstrasse 65-67, 9020 Klagenfurt, Austria
Author to whom correspondence should be addressed.
Academic Editor: Ahmed Bouridane
Sensors 2021, 21(16), 5300;
Received: 30 June 2021 / Revised: 30 July 2021 / Accepted: 1 August 2021 / Published: 5 August 2021
(This article belongs to the Collection Cyber Situational Awareness in Computer Networks)
The use of anti-forensic techniques is a very common practice that stealthy adversaries may deploy to minimise their traces and make the investigation of an incident harder by evading detection and attribution. In this paper, we study the interaction between a cyber forensic Investigator and a strategic Attacker using a game-theoretic framework. This is based on a Bayesian game of incomplete information played on a multi-host cyber forensics investigation graph of actions traversed by both players. The edges of the graph represent players’ actions across different hosts in a network. In alignment with the concept of Bayesian games, we define two Attacker types to represent their ability of deploying anti-forensic techniques to conceal their activities. In this way, our model allows the Investigator to identify the optimal investigating policy taking into consideration the cost and impact of the available actions, while coping with the uncertainty of the Attacker’s type and strategic decisions. To evaluate our model, we construct a realistic case study based on threat reports and data extracted from the MITRE ATT&CK STIX repository, Common Vulnerability Scoring System (CVSS), and interviews with cyber-security practitioners. We use the case study to compare the performance of the proposed method against two other investigative methods and three different types of Attackers. View Full-Text
Keywords: cyber forensics; digital forensics; game theory; bayesian game; multi-stage attacks; decision support; optimisation cyber forensics; digital forensics; game theory; bayesian game; multi-stage attacks; decision support; optimisation
Show Figures

Figure 1

MDPI and ACS Style

Nisioti, A.; Loukas, G.; Rass, S.; Panaousis, E. Game-Theoretic Decision Support for Cyber Forensic Investigations. Sensors 2021, 21, 5300.

AMA Style

Nisioti A, Loukas G, Rass S, Panaousis E. Game-Theoretic Decision Support for Cyber Forensic Investigations. Sensors. 2021; 21(16):5300.

Chicago/Turabian Style

Nisioti, Antonia, George Loukas, Stefan Rass, and Emmanouil Panaousis. 2021. "Game-Theoretic Decision Support for Cyber Forensic Investigations" Sensors 21, no. 16: 5300.

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Back to TopTop