Data Driven Game Theoretic Cyber Threat Mitigation


Traditional indicators and warnings of cyber-incidents are created based on the results of an intrusion detection system, firewall, anti-virus software, or other related technologies. However, these systems are designed to detect cyber-incidents when an adversary is either conducting reconnaissance of a computer network or when the adversary has commenced the attack. “Zero-day exploits”, which target previously unknown vulnerabilities, negate much of the advantages of traditional cyber security systems and leave little lead time to prepare against an attack. Unfortunately, an increasing prevalence of markets specializing in zero-day exploits on the darknet make these exploits widely available to potential attackers. Therefore, a new approach is needed to understand which zero-day exploits an attacker will most likely purchase and how to defend against them.

Researchers at Arizona State University have created a data-driven game-based framework that models cyber attacker behavior. The key innovation of this invention is the combination of darkweb scraping of hacker exploit markets with game theory. This novel approach provides security analysts with a better understanding of the threat posed by zero-day exploits on the darkweb, and recommends decisions and policies based on the findings. Furthermore, the framework and algorithms used in this method performed well when tested on real-world exploit market data actively mined from the darknet.

Potential Applications

  • Cyber security
  • Prediction and prevention of cyber attacks
  • Cyber policy recommendations

Benefits and Advantages

  • Innovative –
    • Examines markets through the lens of game theory.
    • The very recent emergence of darknet markets specializing in zero-day exploits allows for the integration of information that was previously unavailable.
    • Analysis of darkweb markets could be used to predict and reveal new cyber operations and methods.
  • Less Expensive – This method offers an alternative to purchasing zero-day exploits on the darkweb for penetration testing.
  • Proven Results – When tested on real-world data, the framework and algorithms performed well.

For more information about the inventor(s) and their research, please see

Dr. Paulo Shakarian's directory webpage

Case ID:
Last Updated:

Patent Information

For More Information, Contact