A survey of agent-based modeling for cybersecurity

Abstract: Cybersecurity is gaining an increasing focus as a necessary foundation for the safe and secure digitalization of modern society – but the expanding interconnectedness of systems, organizations, and people in society is leading to an intricately entangled web of challenges that traditional cybersecurity models struggle to manage. Even when addressing security only from a technical level, the interactions resulting from the total number of installed software on the computers of a medium-sized organization, internally as well as connected through networks, and their related vulnerabilities present almost unsurmountable computational challenges. When adding organizational security management procedures, shifting cyber-attack strategies, and increasing dependence on third parties such as cloud providers and communication networks, it becomes evident that organizational cybersecurity is a complex problem. Researchers both outside and inside the cybersecurity domain have called for addressing this increasing complexity through the lens of “complex adaptive systems.” The term complex adaptive systems is used differently by different researchers and in various fields but is usually understood as systems consisting of dynamic interacting agents, acting in parallel, with the ability to react to the environment and other agents and to adapt and learn from their interaction, giving rise to emergent behavior. Agent-based modeling (ABMs) has become a powerful tool for studying such systems. ABMs are a type of computational modeling that simulates the actions and interactions of autonomous agents to assess their effect on the system as a whole by modeling from the bottom up, starting with the individual agents. ABMs in cybersecurity must be developed and used correctly and properly. Cybersecurity researchers and practitioners wishing to include ABM in their toolbox should follow established best practices regarding model conceptualization, building, and validation. To support this, we have surveyed existing ABM applications in cybersecurity to identify and discuss challenges and weaknesses and identify areas of improvement and new possibilities. Drawing on the existing literature, we identify what problems in cybersecurity ABMs may be utilized on and what challenges may arise, and discuss suggestions for best practices drawing on experiences from other fields where ABMs have been used successfully, including areas such as political science and policy management, ecological systems and market models. We describe the reasons researchers give for choosing to employ ABMs, identify the main types of applications, and identify the leading tools, software, and frameworks that have been used in developing ABMs in the cyber domain. Finally, we discuss weaknesses in existing approaches and suggest areas of improvement for building well-grounded, robust, and validated cybersecurity models and simulations. Finally, we also discuss new possibilities for ABM-based research incorporating sensor-based systems and big data processing and a better understanding of human agents in cyber-security.

Keywords: Cybersecurity, Complex adaptive systems, Agent-based modeling

DOI: 10.54941/ahfe1004768

Cite this paper:

​