Modeling Cyber Adversaries: A Critical Survey of Methods and Assumptions

Apr 29, 2026

Episode #917

Download: MP4 Video Size: 303.6MB  
Watch on YouTube

Abstract

Cybersecurity practitioners face a persistent methodological problem: how should we reason about intelligent adversaries who observe our defenses, adapt their tactics, and choose targets based on our vulnerabilities? The field has responded with a fragmented toolkit. Quantitative risk assessment borrowed from safety engineering treats threat, vulnerability, and consequence as independent terms. Threat modeling frameworks such as STRIDE and attack trees emphasize structure but rarely quantify uncertainty. Game-theoretic models assume rationality and common knowledge that real attackers do not exhibit. Qualitative heat maps compress uncertainty into colored cells that cannot support budget optimization.

This talk surveys these approaches critically, examining what each method commits you to and what it quietly sets aside. A common thread emerges: the alternatives can be understood as approximations to a Bayesian decision-theoretic ideal, each relaxing one or more assumptions for tractability. Modeling an adversary requires addressing four dimensions of uncertainty (what they want, what they know, what they can do, and how they decide) and the standard critiques of probabilistic cyber risk analysis (information asymmetry, correlated inputs, adaptation, the absence of objective base rates) turn out to be errors of naive practice rather than indictments of the methodology itself. Threat intelligence feeds, indicator matches, and shifts in attacker tradecraft fit naturally as Bayesian updates rather than as awkward inputs to frequentist frameworks.

The survey closes not with a prescription but with a diagnostic question for practitioners and researchers alike: are the assumptions embedded in your chosen method appropriate for the decision you are trying to support?