sequential pursuit-evasion game

A sequential pursuit-evasion game is a dynamic game theory model where a 'pursuer' (e.g., an attacker) and an 'evader' (e.g., a defender) make decisions sequentially to achieve conflicting goals. In automotive cybersecurity, this model formalizes the interaction between a hacker and an Intrusion Detection and Prevention System (IDPS). Its application directly supports the implementation of Threat Analysis and Risk Assessment (TARA) methodologies required by **ISO/SAE 21434**. Unlike static risk assessment, this approach captures the turn-based nature of cyberattacks and dynamic resource allocation. It allows for a more rigorous, quantitative analysis of attack path feasibility and helps in designing adaptive defense strategies, consistent with the principles of cyber resiliency discussed in **NIST SP 800-160 Vol. 2**.

Enterprises can apply sequential pursuit-evasion games through a structured process: 1. **System Modeling**: Define the vehicle's E/E architecture as the 'game board' per the item definition in **ISO/SAE 21434**. Identify players, their possible actions, and payoffs, which can be quantified using frameworks like the Common Vulnerability Scoring System (CVSS). 2. **Optimal Strategy Derivation**: Employ algorithms to compute the Nash Equilibrium, which represents the optimal strategy for the defender. This dictates how to dynamically allocate limited defensive resources across potential attack surfaces to maximize detection probability. 3. **Deployment and Validation**: Implement the derived optimal strategy as a policy within the vehicle's IDPS. For instance, a Tier-1 supplier used this model to develop a dynamic monitoring policy, resulting in a simulated 25% improvement in detecting multi-stage attacks compared to a static approach, enhancing compliance with post-production security monitoring.

Taiwanese enterprises face several key challenges: 1. **Talent Gap**: The model requires a rare combination of expertise in game theory, machine learning, and automotive engineering. 2. **Data Scarcity**: Accurate model calibration depends on extensive real-world attack data, which is sensitive and difficult to obtain. 3. **Process Inertia**: Integrating this dynamic model into the traditional, rigid V-model development lifecycle and existing TARA processes presents significant organizational hurdles. **Solutions**: * **Bridge the Talent Gap**: Form cross-functional teams and partner with specialized consultants like Winners Consulting for targeted training. * **Address Data Scarcity**: Leverage threat intelligence from sources like the Auto-ISAC and generate synthetic data through red teaming. * **Phased Integration**: Initially, use the game model as a supplementary tool to validate existing TARA results, planning for full integration over 12-18 months.

Winners Consulting specializes in sequential pursuit-evasion game for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact