FFICIENCY EVALUATION MODEL OF PROACTIVE DEFENSE AGAINST HNDL ATTACKS
DOI:
https://doi.org/10.28925/2663-4023.2026.33.1227Keywords:
cybersecurity, quantum transition, HNDL attacks, stochastic differential games, Itô equations, stealth index, critical infrastructureAbstract
The object of the study is the process of proactive counteraction to cyber threats of the "Harvest Now, Decrypt Later" (HNDL) type in the context of the quantum transition. The aim of the paper is to develop and justify a stochastic game-theoretic model of the conflict between an Attacker and a Defender to optimize proactive threat hunting resources under conditions of high network volatility in critical information infrastructure (CII). The paper employs the framework of zero-sum stochastic differential games (SDG). In contrast to classical deterministic models, the proposed model is built upon a system of Itô stochastic differential equations describing the dynamics of two primary factors: the cumulative volume of exfiltrated data and the intruder's "Stealth Index." The Hamilton-Jacobi-Bellman-Isaacs (HJBI) equation is utilized to find optimal control strategies. The numerical solution of the equation is obtained using the Markov chain approximation method (MCAM). The findings allow for accounting for the non-linearity of CII protection costs and the probabilistic nature of detecting digital footprints within noisy CII traffic. A computational experiment (CE) was conducted, comparing two contrasting CII operation scenarios: a baseline scenario (stable traffic) and a high-volatility scenario with a high level of network noise. It is established that under significant volatility, the attacker gains a strategic advantage through the effect of masking destructive actions as "white noise." It is proven that ignoring the stochastic component when modeling HNDL attacks potentially leads to a statistically significant underestimation of potential CII damage by an average of 19%. Optimal proactive search intensity trajectories are synthesized. The research results enable the Defender to minimize losses regardless of the attacker's level of aggression. The scientific novelty lies in the integration of a variable stealth index into the stochastic differential game model, which allows for the quantitative assessment of delayed data decryption risks under conditions of incomplete CII network monitoring. The practical significance of the results consists in the possibility of implementing the model into the decision support systems of Ukrainian SOC centers for resource allocation in countering advanced persistent threats (APT).
Downloads
References
Baseri, Y., & Waller, E. (2026). Quantum attacks targeting nuclear power plants: Threat analysis, defense and mitigation strategies. arXiv. https://doi.org/10.48550/arXiv.2602.21524
Bertsekas, D. P. (2022). Abstract dynamic programming. Athena Scientific.
Blanchet, J., & Zhang, F. (2020). Exact simulation for multivariate Itô diffusions. Advances in Applied Probability, 52(4), 1003-1034. https://doi.org/10.1017/apr.2020.39
Bogoi, A., Dan, C. I., Strătilă, S., Cican, G., & Crunteanu, D. E. (2023). Assessment of stochastic numerical schemes for stochastic differential equations with white noise using Itô’s integral. Symmetry, 15(11), 2038. https://doi.org/10.3390/sym15112038
Buckdahn, R., Cardaliaguet, P., & Rainer, C. (2004). Nash equilibrium payoffs for nonzero-sum stochastic differential games. SIAM Journal on Control and Optimization, 43(2), 624-642. https://doi.org/10.1137/S0363012902411556
Di Girolami, C., & Russo, F. (2014). Generalized covariation for Banach space valued processes, Itô formula and applications. Probability Theory and Related Fields.
Erol, V. (2025). The strategic imperative of quantum readiness: A comprehensive review of post-quantum cryptography. Preprints.org. https://doi.org/10.20944/preprints202509.1720.v1
Haddon, D. A. (2020). Attack vectors and the challenge of preventing data theft. In Cyber security practitioner’s guide (pp. 1-50). https://doi.org/10.1142/9789811204463_0001
Jena, J. (2025). The quantum security deadline: Building crypto-agility against “Harvest Now, Decrypt Later” threats. European Journal of Computer Science and Information Technology, 13(52), 35-52. https://doi.org/10.37745/ejcsit.2013/vol13n523552
Kagai, F., Branch, P., But, J., & Allen, R. (2025). Harvest-now, decrypt-later: A temporal cybersecurity risk in the quantum transition. Telecom, 6(4), 100. https://doi.org/10.3390/telecom6040100
Kulkarni, M. S., Ashit, D. H., & Chetan, C. N. (2023). A proactive approach to advanced cyber threat hunting. In 2023 7th International Conference on Computation System and Information Technology for Sustainable Solutions (CSITSS) (pp. 1-6). IEEE. https://doi.org/10.1109/CSITSS60515.2023.10334219
Kulkarni, S. S., & Thakar, H. (2025). Quantum cryptanalysis: Analyzing Shor’s algorithm and its impact on RSA. In Proceedings of the 5th International Conference on Recent Trends in Machine Learning, IoT, Smart Cities and Applications(Vol. 1181, p.347).Springer. https://doi.org/10.1007/978-981-97-8861-3_30
Kurganov, A., & Tadmor, E. (2000). New high-resolution semi-discrete central schemes for Hamilton–Jacobi equations. Journal of Computational Physics, 160 (2), 720-742. https://doi.org/10.1006/jcph.2000.6485
Kushner, H. J. (1990). Numerical methods for stochastic control problems in continuous time. SIAM Journal on Control and Optimization, 28(5), 999-1048. https://doi.org/10.1137/032805
Lakhno, V., Malyukov, V., Makulov, K., Bebeshko, B., Chubaievskyi, V., Zvieriev, V., & Malyukova, I. (2024). Differential quality game for assessing the financial resources of parties during an APT attack. In Computer Science On-line Conference (pp. 404-415). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-70285-3_30
Li, J., & Li, W. (2019). Nash equilibrium payoffs for non-zero-sum stochastic differential games without Isaacs condition. Stochastics, 91(1), 1-36. https://doi.org/10.1080/17442508.2018.1499104
Li, J., Zhang, R., Liu, J., & Liu, G. (2022). LogKernel: A threat hunting approach based on behaviour provenance graph and graph kernel clustering. Security and Communication Networks, 2022, 4577141. https://doi.org/10.1155/2022/4577141
Lions, P.-L. (1985). Neumann type boundary conditions for Hamilton–Jacobi equations. Duke Mathematical Journal, 52(4), 793-820. https://doi.org/10.1215/S0012-7094-85-05242-1
Makoshi, S. M. (2025). The evolving cyber battlefield: A comprehensive analysis of state-sponsored APTs, TTPs, and strategic cyber defense mechanisms. Authorea Preprints. https://doi.org/10.22541/au.175070902.28093557/v1
Małecka, A. (2024). Non-state actors in nation-state cyber operations. Rocznik Bezpieczeństwa Międzynarodowego, 18(1), 45-64. https://doi.org/10.34862/rbm.2024.1.4
Mascelli, J., & Rodden, M. (2025). “Harvest now decrypt later”: Examining post-quantum cryptography and the data privacy risks for distributed ledger networks. Journal of Data Privacy. http://dx.doi.org/10.17016/FEDS.2025.093
National Institute of Standards and Technology. (2024). FIPS 203, 204, and 205: Post-quantum cryptography standards. U.S. Department of Commerce.
Park, S., Park, B., Lee, M., & Lee, C. (2023). Neural stochastic differential games for time-series analysis. AI Research.
Sasirekha, K. (2013). Users cell phone and short message service to prevent password stealing and password reuse attacks. In International Conference on Engineering and Technology (p. 102).
Ye, P., Tur, A., & Wu, Y. (2025). Non-renewable resource extraction model with uncertainties. Games, 16(5), 52. https://doi.org/10.3390/g16050052
Zhang, L. (2024). Differential privacy and game theory in cybersecurity [Doctoral dissertation, University of Technology Sydney].
Zhang, L., Zhu, T., Xiong, P., Zhou, W., & Yu, P. S. (2021). More than privacy: Adopting differential privacy in game-theoretic mechanism design. ACM Computing Surveys, 54(7), 1-37. https://doi.org/10.1145/3460771
Zheng, T., Zhu, L., So, A. M. C., Blanchet, J., & Li, J. (2023). Universal gradient descent ascent method for nonconvex-nonconcave minimax optimization. Advances in Neural Information Processing Systems, 36, 54075-54110.
Zimba, A. (2017). Malware-free intrusion: A novel approach to ransomware infection vectors. International Journal of Computer Science and Information Security, 15(2), 317.
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Валерій Лахно
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
