Co-evolutionary Dynamics of Attack and Defence in Cybersecurity

TL;DR

The paper investigates co-evolutionary dynamics of cyber attacks and defenses using an asymmetric two-population Evolutionary Game Theory model. It derives replicator dynamics and a Jacobian-based stability analysis, identifying four corner equilibria and a potential internal equilibrium, and validates findings with large-scale random payoff sampling and real-world data. Key results show that high defence intensity $v$ generally stabilizes systems, penalties on attackers can shift outcomes toward Defender-Only states, and defence/attack costs shape the prevalence of equilibria and social welfare. The work provides actionable insights for adaptive defence planning and resource allocation, with implications for policy, SMEs, and cross-industry collaboration to strengthen cyber resilience in dynamic threat environments.

Abstract

In the evolving digital landscape, it is crucial to study the dynamics of cyberattacks and defences. This study uses an Evolutionary Game Theory (EGT) framework to investigate the evolutionary dynamics of attacks and defences in cyberspace. We develop a two-population asymmetric game between attacker and defender to capture the essential factors of costs, potential benefits, and the probability of successful defences. Through mathematical analysis and numerical simulations, we find that systems with high defence intensities show stability with minimal attack frequencies, whereas low-defence environments show instability, and are vulnerable to attacks. Furthermore, we find five equilibria, where the strategy pair always defend and attack emerged as the most likely stable state as cyber domain is characterised by a continuous battle between defenders and attackers. Our theoretical findings align with real-world data from past cyber incidents, demonstrating the interdisciplinary impact, such as fraud detection, risk management and cybersecurity decision-making. Overall, our analysis suggests that adaptive cybersecurity strategies based on EGT can improve resource allocation, enhance system resilience, and reduce the overall risk of cyberattacks. By incorporating real-world data, this study demonstrates the applicability of EGT in addressing the evolving nature of cyber threats and the need for secure digital ecosystems through strategic planning and proactive defence measures.

Figures (18)

• Figure 1: Estimated cost of cybercrime worldwide 2018-2029 (source: Statista Market Insights), published by Ani Petrosyan, July, 2024
• Figure 2: Our model assists in strategic decisions on the first two phases of NIST framework to mitigate the attacks by strengthening the defence.
• Figure 3: Cyber-attack and defence model. Red and blue circles represent players in the attack and defend populations. No Attack and No Defence strategies are denoted by 0, and Attack and Defence strategies by 1.
• Figure 4: Phase plot for stability of $E_4=(1,1)$ and $E_4=(1,0)$ in subplots (a) and (b) respectively. Solid circles denote the stable point and blank circles are denoting unstable points in the system.
• Figure 5: Phase plot for stability of internal equilibrium and $E_2=(0,1)$ in subplots (a) and (b) respectively. Solid circles denote the stable point and blank circles are denoting unstable points in the system.