How to deal with an intelligent adversary

• Modeling a maximal damage attack on a network.
• Modeling intrusion into a network to perform a reconnaissance mission.
• Incorporating a human factor allowing the adversary to choose its attack type.
• Developing basic principles for strategies to be optimal.

Traditionally, the design of network protection strategies is based on the answers of a protector and an adversary to the question “How?”: how should the protector allocate its protection resources, and how should the adversary allocate its attacking resources? This paper considers a more sophisticated adversary, who, planning its malicious activities, considers two questions: “What for?” and “How?”. Namely, what is the motivation for the attack? and how to attack based on the chosen motivation? To study this problem, a simple game-theoretic network protection model is considered, in which the adversary decides whether to intrude on the network to inflict maximal damage or to perform a reconnaissance mission, and based on this decision an intrusion strategy is designed. The solution to this game shows that such an adversary may try a feint to draw the protector’s efforts away from the nodes that the adversary intends to attack. Taking into account this feature of the adversary’s behavior allows improvements in the reliability of a protection strategy.