(Poster) Zero-Day Risk Estimation Using Security Games

Stefan Rass; Beniamin Radomir Jablonski; Víctor Mayoral-Vilches

doi:10.1007/978-3-032-08067-7_18

(Poster) Zero-Day Risk Estimation Using Security Games

Stefan Rass^*
, Beniamin Radomir Jablonski
, Víctor Mayoral-Vilches

^*Corresponding author for this work

LIT Secure and Correct Systems Lab

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

Abstract

We propose a method using game-theoretic security models and attack graphs to estimate zero-day exploit risks. Our approach predicts risk increases over time or under a presumed “dark count” of unknown exploits without speculating on their specifics. The method models a game where the defender has a limited view of the attacker’s full action space, simulating zero-day scenarios. This avoids unreliable guessing of potential attacks and focuses on the attacker’s knowledge advantage relative to the defender. The approach is generic, requiring only mild computability conditions, and is demonstrated using a prior game-theoretic model applied to industrial robotics case studies, but not limited to such applications (in fact agnostic of the use-case).

Original language	English
Title of host publication	Game Theory and AI for Security - 16th International Conference, GameSec 2025, Proceedings
Subtitle of host publication	16th International Conference, GameSec 2025, Athens, Greece, October 13–15, 2025, Proceedings, Part II
Editors	John S. Baras, Symeon Papavassiliou, Eirini Eleni Tsiropoulou, Muhammed O. Sayin
Place of Publication	Cham
Publisher	Springer Nature Switzerland
Pages	321-325
Number of pages	5
Edition	1
ISBN (Electronic)	978-3-032-08067-7
ISBN (Print)	978-3-032-08066-0 978-3-032-08067-7
DOIs	https://doi.org/10.1007/978-3-032-08067-7_18
Publication status	Published - 2026

Publication series

Name	Lecture Notes in Computer Science
Volume	16224 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Fields of science

102 Computer Sciences
101017 Game theory
101028 Mathematical modelling

JKU Focus areas

Sustainable Development: Responsible Technologies and Management
Digital Transformation

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-032-08067-7_18

https://link.springer.com/10.1007/978-3-032-08067-7_18

Cite this

Rass, S., Jablonski, B. R., & Mayoral-Vilches, V. (2026). (Poster) Zero-Day Risk Estimation Using Security Games. In J. S. Baras, S. Papavassiliou, E. E. Tsiropoulou, & M. O. Sayin (Eds.), Game Theory and AI for Security - 16th International Conference, GameSec 2025, Proceedings: 16th International Conference, GameSec 2025, Athens, Greece, October 13–15, 2025, Proceedings, Part II (1 ed., pp. 321-325). (Lecture Notes in Computer Science; Vol. 16224 LNCS). Springer Nature Switzerland. https://doi.org/10.1007/978-3-032-08067-7_18

Rass, Stefan ; Jablonski, Beniamin Radomir ; Mayoral-Vilches, Víctor. / (Poster) Zero-Day Risk Estimation Using Security Games. Game Theory and AI for Security - 16th International Conference, GameSec 2025, Proceedings: 16th International Conference, GameSec 2025, Athens, Greece, October 13–15, 2025, Proceedings, Part II. editor / John S. Baras ; Symeon Papavassiliou ; Eirini Eleni Tsiropoulou ; Muhammed O. Sayin. 1. ed. Cham : Springer Nature Switzerland, 2026. pp. 321-325 (Lecture Notes in Computer Science).

@inproceedings{f9314ae81f3a4930bcc9a4510c0cfd09,

title = "(Poster) Zero-Day Risk Estimation Using Security Games",

abstract = "We propose a method using game-theoretic security models and attack graphs to estimate zero-day exploit risks. Our approach predicts risk increases over time or under a presumed “dark count” of unknown exploits without speculating on their specifics. The method models a game where the defender has a limited view of the attacker{\textquoteright}s full action space, simulating zero-day scenarios. This avoids unreliable guessing of potential attacks and focuses on the attacker{\textquoteright}s knowledge advantage relative to the defender. The approach is generic, requiring only mild computability conditions, and is demonstrated using a prior game-theoretic model applied to industrial robotics case studies, but not limited to such applications (in fact agnostic of the use-case).",

author = "Stefan Rass and Jablonski, \{Beniamin Radomir\} and V{\'i}ctor Mayoral-Vilches",

note = "Series Title: Lecture Notes in Computer Science",

year = "2026",

doi = "10.1007/978-3-032-08067-7\_18",

language = "English",

isbn = "978-3-032-08066-0 978-3-032-08067-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer Nature Switzerland",

pages = "321--325",

editor = "Baras, \{John S.\} and Symeon Papavassiliou and Tsiropoulou, \{Eirini Eleni\} and Sayin, \{Muhammed O.\}",

booktitle = "Game Theory and AI for Security - 16th International Conference, GameSec 2025, Proceedings",

edition = "1",

}

Rass, S, Jablonski, BR & Mayoral-Vilches, V 2026, (Poster) Zero-Day Risk Estimation Using Security Games. in JS Baras, S Papavassiliou, EE Tsiropoulou & MO Sayin (eds), Game Theory and AI for Security - 16th International Conference, GameSec 2025, Proceedings: 16th International Conference, GameSec 2025, Athens, Greece, October 13–15, 2025, Proceedings, Part II. 1 edn, Lecture Notes in Computer Science, vol. 16224 LNCS, Springer Nature Switzerland, Cham, pp. 321-325. https://doi.org/10.1007/978-3-032-08067-7_18

(Poster) Zero-Day Risk Estimation Using Security Games. / Rass, Stefan; Jablonski, Beniamin Radomir; Mayoral-Vilches, Víctor.
Game Theory and AI for Security - 16th International Conference, GameSec 2025, Proceedings: 16th International Conference, GameSec 2025, Athens, Greece, October 13–15, 2025, Proceedings, Part II. ed. / John S. Baras; Symeon Papavassiliou; Eirini Eleni Tsiropoulou; Muhammed O. Sayin. 1. ed. Cham: Springer Nature Switzerland, 2026. p. 321-325 (Lecture Notes in Computer Science; Vol. 16224 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

TY - GEN

T1 - (Poster) Zero-Day Risk Estimation Using Security Games

AU - Rass, Stefan

AU - Jablonski, Beniamin Radomir

AU - Mayoral-Vilches, Víctor

N1 - Series Title: Lecture Notes in Computer Science

PY - 2026

Y1 - 2026

N2 - We propose a method using game-theoretic security models and attack graphs to estimate zero-day exploit risks. Our approach predicts risk increases over time or under a presumed “dark count” of unknown exploits without speculating on their specifics. The method models a game where the defender has a limited view of the attacker’s full action space, simulating zero-day scenarios. This avoids unreliable guessing of potential attacks and focuses on the attacker’s knowledge advantage relative to the defender. The approach is generic, requiring only mild computability conditions, and is demonstrated using a prior game-theoretic model applied to industrial robotics case studies, but not limited to such applications (in fact agnostic of the use-case).

AB - We propose a method using game-theoretic security models and attack graphs to estimate zero-day exploit risks. Our approach predicts risk increases over time or under a presumed “dark count” of unknown exploits without speculating on their specifics. The method models a game where the defender has a limited view of the attacker’s full action space, simulating zero-day scenarios. This avoids unreliable guessing of potential attacks and focuses on the attacker’s knowledge advantage relative to the defender. The approach is generic, requiring only mild computability conditions, and is demonstrated using a prior game-theoretic model applied to industrial robotics case studies, but not limited to such applications (in fact agnostic of the use-case).

UR - https://www.scopus.com/pages/publications/105020241214

U2 - 10.1007/978-3-032-08067-7_18

DO - 10.1007/978-3-032-08067-7_18

M3 - Conference proceedings

SN - 978-3-032-08066-0 978-3-032-08067-7

T3 - Lecture Notes in Computer Science

SP - 321

EP - 325

BT - Game Theory and AI for Security - 16th International Conference, GameSec 2025, Proceedings

A2 - Baras, John S.

A2 - Papavassiliou, Symeon

A2 - Tsiropoulou, Eirini Eleni

A2 - Sayin, Muhammed O.

PB - Springer Nature Switzerland

CY - Cham

ER -

Rass S, Jablonski BR, Mayoral-Vilches V. (Poster) Zero-Day Risk Estimation Using Security Games. In Baras JS, Papavassiliou S, Tsiropoulou EE, Sayin MO, editors, Game Theory and AI for Security - 16th International Conference, GameSec 2025, Proceedings: 16th International Conference, GameSec 2025, Athens, Greece, October 13–15, 2025, Proceedings, Part II. 1 ed. Cham: Springer Nature Switzerland. 2026. p. 321-325. (Lecture Notes in Computer Science). Epub 2025 Oct 13. doi: 10.1007/978-3-032-08067-7_18

(Poster) Zero-Day Risk Estimation Using Security Games

Abstract

Publication series

Fields of science

JKU Focus areas

UN SDGs

Access to Document

Other files and links

Cite this