Characterizing anti-forensic attackers in cybersecurity domains with Stackelberg planning

Abstract

The rapid advancement of artificial intelligence has enabled large-scale, automated cyberattacks capable of targeting critical infrastructure with unprecedented speed. Since a perfect defense is often unattainable in complex networks, defenders must strategically force attackers into either objective failure or leaving a detectable footprint. This research addresses this defensive gap by applying Automated Planning to model a self-cleaning adversary within a state-based environment. Utilizing a Stackelberg planning framework, our methodology simulates a game-theoretic dynamic where a defender proactively modifies the environment and the attacker computes an optimal intrusion path in response. This adversarial interaction is evaluated across a simulated, segmented network, ultimately enabling the formal verification of security invariants and providing a framework to strengthen both network architecture and forensic audit trails.