{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T16:22:32Z","timestamp":1773332552680,"version":"3.50.1"},"reference-count":34,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2005,2,1]],"date-time":"2005-02-01T00:00:00Z","timestamp":1107216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2005,2]]},"abstract":"<jats:p>Although the ability to model and infer attacker intent, objectives, and strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this paper, we present a general incentive-based method to model AIOS and a game-theoretic approach to inferring AIOS. On one hand, we found that the concept of incentives can unify a large variety of attacker intents; the concept of utilities can integrate incentives and costs in such a way that attacker objectives can be practically modeled. On the other hand, we developed a game-theoretic AIOS formalization which can capture the inherent interdependency between AIOS and defender objectives and strategies in such a way that AIOS can be automatically inferred. Finally, we use a specific case study to show how attack strategies can be inferred in real-world attack--defense scenarios.<\/jats:p>","DOI":"10.1145\/1053283.1053288","type":"journal-article","created":{"date-parts":[[2005,8,3]],"date-time":"2005-08-03T08:30:55Z","timestamp":1123057855000},"page":"78-118","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":127,"title":["Incentive-based modeling and inference of attacker intent, objectives, and strategies"],"prefix":"10.1145","volume":"8","author":[{"given":"Peng","family":"Liu","sequence":"first","affiliation":[{"name":"Pennsylvania State University, University Park, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wanyu","family":"Zang","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, University Park, PA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Meng","family":"Yu","sequence":"additional","affiliation":[{"name":"Monmouth University, West Long Branch, NJ"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2005,2]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 2001 IEEE Symposium on Security and Privacy. 214--229","author":"Browne H.","unstructured":"Browne , H. , Arbaugh , W. A. , McHugh , J. , and Fithen , W. L . 2001. A trend analysis of exploitations . In Proceedings of the 2001 IEEE Symposium on Security and Privacy. 214--229 . Browne, H., Arbaugh, W. A., McHugh, J., and Fithen, W. L. 2001. A trend analysis of exploitations. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. 214--229."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2000.904987"},{"key":"e_1_2_1_3_1","unstructured":"Burke D. 1999. Towards a Game Theory Model of Information Warfare. Tech. rep. Air force Institute of Technology. Master's Thesis.  Burke D. 1999. Towards a Game Theory Model of Information Warfare. Tech. rep. Air force Institute of Technology. Master's Thesis."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF01726210"},{"key":"e_1_2_1_5_1","unstructured":"Conitzer V. and Sandholm T. 2002. Complexity Results About Nash Equilibria. Tech. rep. Carnegie Mellon University. CMU-CS-02-135.  Conitzer V. and Sandholm T. 2002. Complexity Results About Nash Equilibria. Tech. rep. Carnegie Mellon University. CMU-CS-02-135."},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 2002 IEEE Symposium on Security and Privacy.","author":"Cuppens F.","unstructured":"Cuppens , F. and Miege , A . 2002. Alert correlation in a cooperative intrusion detection framework . In Proceedings of the 2002 IEEE Symposium on Security and Privacy. Cuppens, F. and Miege, A. 2002. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy."},{"key":"e_1_2_1_7_1","volume-title":"Proceedings of the 2001 International Symposium on Recent Advances in Intrusion Detection. 85--103","author":"Debar H.","unstructured":"Debar , H. and Wespi , A . 2001. Aggregation and correlation of intrusion detection alerts . In Proceedings of the 2001 International Symposium on Recent Advances in Intrusion Detection. 85--103 . Debar, H. and Wespi, A. 2001. Aggregation and correlation of intrusion detection alerts. In Proceedings of the 2001 International Symposium on Recent Advances in Intrusion Detection. 85--103."},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the 2002 ACM Symposium on Principles of Distributed Computing. 10","author":"Feigenbaum J.","year":"1825","unstructured":"Feigenbaum , J. , Papadimitriou , C. , Sami , R. , and Shenker , S . 2002. A BGP-based mechanism for lowest-cost routing . In Proceedings of the 2002 ACM Symposium on Principles of Distributed Computing. 10 .1145\/57 1825 .571856 Feigenbaum, J., Papadimitriou, C., Sami, R., and Shenker, S. 2002. A BGP-based mechanism for lowest-cost routing. In Proceedings of the 2002 ACM Symposium on Principles of Distributed Computing. 10.1145\/571825.571856"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/383694.383709"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.2307\/1914085"},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of the 2001 American Control Conference.","author":"Hespanha J. P.","unstructured":"Hespanha , J. P. and Bohacek , S . 2001. Preliminary results in routing games . In Proceedings of the 2001 American Control Conference. Hespanha, J. P. and Bohacek, S. 2001. Preliminary results in routing games. In Proceedings of the 2001 American Control Conference."},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the 2002 Annual Network and Distributed System Security Symposium.","author":"Ioannidis J.","unstructured":"Ioannidis , J. and Bellovin , S. M . 2002. Implementing pushback: Router-based defense against ddos attacks . In Proceedings of the 2002 Annual Network and Distributed System Security Symposium. Ioannidis, J. and Bellovin, S. M. 2002. Implementing pushback: Router-based defense against ddos attacks. In Proceedings of the 2002 Annual Network and Distributed System Security Symposium."},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 2001 International Joint Conference on Artificial Intelligence.","author":"Koller D.","unstructured":"Koller , D. and Milch , B . 2001. Multi-agent influence diagrams for representing and solving games . In Proceedings of the 2001 International Joint Conference on Artificial Intelligence. Koller, D. and Milch, B. 2001. Multi-agent influence diagrams for representing and solving games. In Proceedings of the 2001 International Joint Conference on Artificial Intelligence."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/185403.185412"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/371090.371091"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(93)90029-5"},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the 2002 IEEE Computer Security Foundations Workshop.","author":"Lye K.","unstructured":"Lye , K. and Wing , J. M . 2002. Game strategies in network security . In Proceedings of the 2002 IEEE Computer Security Foundations Workshop. Lye, K. and Wing, J. M. 2002. Game strategies in network security. In Proceedings of the 2002 IEEE Computer Security Foundations Workshop."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.888632"},{"key":"e_1_2_1_19_1","unstructured":"Mas-Colell A. Whinston M. D. and Green J. R. 1995. Microeconomic Theory. Oxford University Press Oxford UK.  Mas-Colell A. Whinston M. D. and Green J. R. 1995. Microeconomic Theory. Oxford University Press Oxford UK."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s102070100001"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the International Workshop on Modeling, Analysis and Simulation of Computer and Telecommunications Systems.","author":"Medina A.","unstructured":"Medina , A. , Lakhina , A. , Matta , I. , and Byers , J . 2001. An approach to universal topology generation . In Proceedings of the International Workshop on Modeling, Analysis and Simulation of Computer and Telecommunications Systems. Medina, A., Lakhina, A., Matta, I., and Byers, J. 2001. An approach to universal topology generation. In Proceedings of the International Workshop on Modeling, Analysis and Simulation of Computer and Telecommunications Systems."},{"key":"e_1_2_1_22_1","volume-title":"An Introduction to Game-Theoretic Modeling","author":"Mesterton-Gibbons M.","unstructured":"Mesterton-Gibbons , M. 1992. An Introduction to Game-Theoretic Modeling . Addison-Wesley Publishing , Reading, MA . Mesterton-Gibbons, M. 1992. An Introduction to Game-Theoretic Modeling. Addison-Wesley Publishing, Reading, MA."},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Mukherjee B. Heberlein L. T. and Levitt K. N. 1994. Network intrusion detection. IEEE Network 26--41.  Mukherjee B. Heberlein L. T. and Levitt K. N. 1994. Network intrusion detection. IEEE Network 26--41.","DOI":"10.1109\/65.283931"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the National Academy of Sciences. 48--49","author":"Nash J.","year":"1950","unstructured":"Nash , J. 1950 . Equilibrium points in n-person games . In Proceedings of the National Academy of Sciences. 48--49 . Nash, J. 1950. Equilibrium points in n-person games. In Proceedings of the National Academy of Sciences. 48--49."},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the 2002 ACM Conference on Computer and Communications Security. 10","author":"Ning P.","unstructured":"Ning , P. , Cui , Y. , and Reeves , D. S . 2002. Constructing attack scenarios through correlation of intrusion alerts . In Proceedings of the 2002 ACM Conference on Computer and Communications Security. 10 .1145\/586110.586144 Ning, P., Cui, Y., and Reeves, D. S. 2002. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 2002 ACM Conference on Computer and Communications Security. 10.1145\/586110.586144"},{"key":"e_1_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Nisan N. and Ronan A. 2001. Algorithmic mechanism design. Games and Economic Behavior 35.  Nisan N. and Ronan A. 2001. Algorithmic mechanism design. Games and Economic Behavior 35.","DOI":"10.1006\/game.1999.0790"},{"key":"e_1_2_1_27_1","unstructured":"ns2. The network simulator. http:\/\/www.isi.edu\/nsnam\/ns\/.  ns2. The network simulator. http:\/\/www.isi.edu\/nsnam\/ns\/."},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the 1997 IEEE Computer Security Foundations Workshop.","author":"Syverson P. F.","year":"1997","unstructured":"Syverson , P. F. 1997 . A different look at secure distributed computation . In Proceedings of the 1997 IEEE Computer Security Foundations Workshop. Syverson, P. F. 1997. A different look at secure distributed computation. In Proceedings of the 1997 IEEE Computer Security Foundations Workshop."},{"key":"e_1_2_1_29_1","volume-title":"Optimality and Equilibria in Stochastic Games. Centrum voor Wiskunde en Informatica","author":"Thusijsman F.","unstructured":"Thusijsman , F. 1992. Optimality and Equilibria in Stochastic Games. Centrum voor Wiskunde en Informatica , Amsterdam . Thusijsman, F. 1992. Optimality and Equilibria in Stochastic Games. Centrum voor Wiskunde en Informatica, Amsterdam."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1540-6261.1961.tb02789.x"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the 2003 IEEE Symposium on Security and Privacy.","author":"Wang X.","unstructured":"Wang , X. and Reiter , M . 2003. Defending against denial-of-service attacks with puzzle auctions . In Proceedings of the 2003 IEEE Symposium on Security and Privacy. Wang, X. and Reiter, M. 2003. Defending against denial-of-service attacks with puzzle auctions. In Proceedings of the 2003 IEEE Symposium on Security and Privacy."},{"key":"e_1_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Wellman M. P. and Walsh W. E. 2001. Auction protocols for decentralized scheduling. Games and Economic Behavior 35.  Wellman M. P. and Walsh W. E. 2001. Auction protocols for decentralized scheduling. Games and Economic Behavior 35.","DOI":"10.1006\/game.2000.0822"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2003.1176986"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the 2002 ACM Conference on Computer and Communications Security. 10","author":"Zou C.","unstructured":"Zou , C. , Gong , W. , and Towsley , D . 2002. Code red worm propagation modeling and analysis . In Proceedings of the 2002 ACM Conference on Computer and Communications Security. 10 .1145\/586110.586130 Zou, C., Gong, W., and Towsley, D. 2002. Code red worm propagation modeling and analysis. In Proceedings of the 2002 ACM Conference on Computer and Communications Security. 10.1145\/586110.586130"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1053283.1053288","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1053283.1053288","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:43:28Z","timestamp":1750286608000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1053283.1053288"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,2]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2005,2]]}},"alternative-id":["10.1145\/1053283.1053288"],"URL":"https:\/\/doi.org\/10.1145\/1053283.1053288","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2005,2]]},"assertion":[{"value":"2005-02-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}