Table 13 Simulation parameter settings.

From: Mathematical modeling of adaptive information security strategies using composite behavior models

Parameter

Description

Value/range

Source/notes

Number of attacker sub-models (m)

Number of distinct attacker behavior patterns

4

Kill chain stages28

Number of defender sub-models (n)

Number of adaptive defender policies

3

Anomaly detection, firewall, resource allocation

Simulation duration

Total simulation timesteps per run

10,000

Reflecting several hours of operation

Transition probabilities (attack)

State transition matrix values for attacker phases

Empirical ranges 0.2 to 0.8

Derived from KDD’99 data analysis29

Adaptation learning rates

Defender adaptation step size for learning algorithms

0.01 to 0.1

Tuned per pilot experiments

Observation noise level

Standard deviation of Gaussian noise in system observations

0.05 to 0.15

Models sensor inaccuracies

Attack intensity

Probability/strength of attacker actions per timestep

0.3–0.7

Calibrated from UNSW-NB1530

Defender resource limits

Maximum computational or network defense resources

100 units

System constraint modeling

Back to article page