Foundations of Cyber Resilience: The Confluence of Game, Control, and Learning Theories

TL;DR

The chapter argues that cybersecurity alone cannot guarantee safety in the face of adaptive threats and proposes cyber resilience as a quantitative, systems-scientific framework grounded in control theory, game theory, and learning. It formalizes cyber risk via vulnerabilities $V_t$, threats $T_t$, and attack surface dynamics, introducing a multi-phase resilience pipeline (proactive, responsive, retrospective) and a risk metric $r^t = \sum_{E \in AS} p^t_E J^t_E$ to guide policy design. The work develops control-theoretic (moving horizon, OODA loop), game-theoretic (dynamic, Bayesian, signaling, Stackelberg) foundations, and learning (reinforcement, meta-learning, COL) frameworks, culminating in an integrated AI stack (including neurosymbolic and foundation-model components) for adaptive defense. It illustrates the approach with cyber deception and outlines future directions, such as nonequilibrium learning and physics-informed co-design, to tackle interdependent, cyber-physical risk in real-world networks.

Abstract

Cyber resilience is a complementary concept to cybersecurity, focusing on the preparation, response, and recovery from cyber threats that are challenging to prevent. Organizations increasingly face such threats in an evolving cyber threat landscape. Understanding and establishing foundations for cyber resilience provide a quantitative and systematic approach to cyber risk assessment, mitigation policy evaluation, and risk-informed defense design. A systems-scientific view toward cyber risks provides holistic and system-level solutions. This chapter starts with a systemic view toward cyber risks and presents the confluence of game theory, control theory, and learning theories, which are three major pillars for the design of cyber resilience mechanisms to counteract increasingly sophisticated and evolving threats in our networks and organizations. Game and control theoretic methods provide a set of modeling frameworks to capture the strategic and dynamic interactions between defenders and attackers. Control and learning frameworks together provide a feedback-driven mechanism that enables autonomous and adaptive responses to threats. Game and learning frameworks offer a data-driven approach to proactively reason about adversarial behaviors and resilient strategies. The confluence of the three lays the theoretical foundations for the analysis and design of cyber resilience. This chapter presents various theoretical paradigms, including dynamic asymmetric games, moving horizon control, conjectural learning, and meta-learning, as recent advances at the intersection. This chapter concludes with future directions and discussions of the role of neurosymbolic learning and the synergy between foundation models and game models in cyber resilience.

Figures (12)

• Figure 1: Cybersecurity and cyber resilience focus on different sets of issues. Cybersecurity primarily concentrates on safeguarding assets from unauthorized access, attacks, and damages. On the other hand, cyber resilience aims to both deter attackers and recover the network from the initial success of attacks. Both strive to enhance the confidentiality, integrity, and availability (CIA) of information and resources. Cyber resilience specifically aims to mitigate the impact on the CIA triad despite the initial compromise. Despite their differences, there are overlaps between the two in terms of the techniques used to provide security and resilience. For instance, detection plays a critical role in both security and resilience efforts.
• Figure 2: The vulnerabilities and their associated threats on the attack surface are represented in two dimensions: their exploitability and their impact. They span across cyber, physical, and human layers of networks or organizations. These vulnerabilities are categorized into two types of risks. One type is avertable risks, which are managed by defensive security mechanisms, while the other type is elastic risks, which are addressed through resilience mechanisms.
• Figure 3: Cyber risk at time $t$ arises from vulnerabilities within the system itself, denoted by the set $V_t$, and potential threats posed by adversaries $T_t$. The intersection of these threats and vulnerabilities forms the attack surface of the network. An adversary can launch an event, $E_t$, to exploit a vulnerability on the attack surface, resulting in changes to the system states. The consequences are expressed as outcomes of these changes in system state. The goal of resilience mechanisms is to mitigate the impact of such attacks. There are three types of resilience mechanisms: proactive, responsive, and retrospective. Proactive mechanisms aim to reduce the attack surface and create a more resilient network that is harder for attackers to exploit. Responsive mechanisms involve equipping the network with adaptive and automated responses to attack behaviors in real-time. Retrospective mechanisms focus on reducing the impact after the consequences of the attack, $Y_t$ , are realized and observed. They can involve restoring the system to its previous state or recovering financially from losses incurred.
• Figure 4: In a networked environment, the system states are influenced not only by its own risk factors but also by the system states of other nodes connected to it. $\Sigma_t$ denotes the aggregate state of other nodes, while $X_t$ represents the state of the system itself. The risk of a network system arises from not only local internal risks but also interdependent risks due to these connections. Studies on interdependent risks have been explored in the literature. One way to understand such risks is through game-theoretic methods, which have been studied for systemic risks acharya2017measuring and holonic risks liu2022herdvan1998reference.
• Figure 5: The vulnerability set $V_1$ can be significantly larger, unbeknownst to the network defender, due to incomplete knowledge of vulnerabilities. This implies that the attack surface can be much broader than what is currently known. Attackers may exploit vulnerabilities on the attack surface that are unknown to defenders. These types of vulnerabilities must be addressed through cyber resilience strategies.