Published August 23, 2022 | Version v1
Conference paper Open

GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments

  • 1. University of Piraeus, Greece
  • 2. University of Greenwich, Finland


Investments on cybersecurity are essential for organizations to protect operational activities, develop trust relationships with clients, and maintain financial stability. A cybersecurity breach can lead to financial losses as well as to damage the reputation of an organization. Protecting an organization from cyber attacks demands considerable investments; however, it is known that organisations unequally divide their budget between cybersecurity and other technological needs. Organizations must consider cybersecurity measures, including but not limited to security controls, in their cybersecurity investment plans. Nevertheless, designing an effective cybersecurity investment plan to optimally distribute the cybersecurity budget is a primary concern.

This paper presents GTM, a methodology depicted as a tool dedicated to providing optimal cybersecurity defense strategies and investment plans. GTM utilizes attack graphs to predict all possible cyber attacks, game theory to simulate the cyber attacks and 0-1 Knapsack to optimally allocate the budget. The output of GTM is an optimal cybersecurity strategy that includes security controls to protect the organisation against potential cyber attacks and enhance its cyber defenses. Furthermore, GTM’s effectiveness is evaluated against three use cases and compared against different attacker types under various scenarios.



Files (785.1 kB)

Name Size Download all
785.1 kB Preview Download

Additional details


SECONDO – a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era 823997
European Commission
CyberSec4Europe – Cyber Security Network of Competence Centres for Europe 830929
European Commission