Skip to content

Cyber deception simulator using Game Theory and MITRE Engage to model interactions, increase uncertainty, and exhaust the adversary's resources.

License

Notifications You must be signed in to change notification settings

CyberDataLab/GT-Engage

Repository files navigation

GT-Engage: Cyber Deception Simulator based on Game Theory and the MITRE Engage Framework

GT-Engage is a cybersecurity simulation framework designed to model and analyze the strategic interaction between a defender and an attacker in a dynamic network environment. The project integrates the mathematical rigor of Incomplete Information Game Theory (Hypergames) with the tactical applicability of the MITRE Engage framework.

The simulator transforms a static network into a hostile environment for an intruder by strategically deploying deception signals, thereby increasing adversary uncertainty and exhausting their cognitive and temporal resources.

🧠 Scientific Foundations

The model is based on the principles detailed in the original research:

  • Hypergame Modeling: Captures scenarios where the attacker and the defender operate with different subjective perceptions of the available strategies and outcomes.
  • Bayesian Inference: The attacker uses an inference engine to update their belief ($b_t$) regarding whether an asset is real or a decoy, based on noisy technical signals.
  • Technical Signaling: Implements deep technical mimicry by manipulating physical variables such as latency, jitter, and service banner consistency to degrade adversary confidence.

📂 Project Structure

The implementation is written in Python 3.9+ following an Object-Oriented Programming (OOP) paradigm.

Source Code Files (.py)

  • main.py: The orchestration engine. It handles data loading from CSVs, manages the simulation loop (Monte Carlo sampling), and exports the detailed results.
  • game.py: The core game engine (CPD-GAME v3). It governs turn-based logic, agent interactions, and the calculation of expected and realized utilities (payoffs).
  • attacker.py: Defines the Attacker agent. It includes profiles (from Script Kiddies to APTs), epsilon-greedy decision-making logic, and risk aversion parameters.
  • defender.py: Defines the Defender agent. It implements action selection based on MITRE Engage tactics, managing action fatigue and lightweight learning about attacker behavior.
  • environment.py: Models the physical state of the network and assets. It calculates asset values and the probability of an attacker falling into a trap.
  • signals.py: Responsible for generating noisy signals (latency, jitter, VM fingerprints) and implementing the Bayesian belief update logic for the attacker.
  • mitre_effects.py: Contains the full MITRE Engage action catalog and defines how each action numerically perturbs signals and the environment state.
  • utils.py: Provides auxiliary mathematical functions such as value clipping, entropy calculation, and safe means for data analysis.

Data Configuration Files (.csv)

  • attacker_types.csv: Input file defining attacker profiles, including motivation, skill level, technical knowledge, and risk aversion.
  • defender_types.csv: Input file for defender configurations, specifying strategic weights for engagement, information gathering, and protection.
  • environment_initial_states.csv: Defines initial asset conditions and the baseline noise level of the network infrastructure.
  • test_results.csv: Output file where simulation steps, actions taken, belief evolution, and obtained utilities are recorded for analysis.

🛠️ Requirements and Installation

Technical Requirements

  • Python: 3.9 or higher.
  • Libraries: numpy (for stochastic operations) and pandas (recommended for data analysis).

Installation

  1. Clone the repository:
    git clone [https://github.com/your-user/GT-Engage.git](https://github.com/your-user/GT-Engage.git)
    cd GT-Engage
  2. Install dependencies:
    pip install numpy pandas

▶️ Execution and Configuration

Run the simulator using the main script:

python main.py

About

Cyber deception simulator using Game Theory and MITRE Engage to model interactions, increase uncertainty, and exhaust the adversary's resources.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages