Vulnerability in security of an information system is quantitatively predicted. The information system may receive malicious actions against its security and may receive corrective actions for restoring the security. A game oriented agent based model is constructed in a simulator application. The game ABM model represents security activity in the information system. The game ABM model has two opposing participants including an attacker and a defender, probabilistic game rules and allowable game states. A specified number of simulations are run and a probabilistic number of the plurality of allowable game states are reached in each simulation run. The probability of reaching a specified game state is unknown prior to running each simulation. Data generated during the game states is collected to determine a probability of one or more aspects of security in the information system.
STATEMENT REGARDING FEDERALLY FUNDED RESEARCH AND DEVELOPMENT
 This invention was made with government support under Contract No. DE-AC05-00OR22725 between UT-Battelle, LLC and the U.S. Department of Energy. The government has certain rights in the invention.