Modeling coordinated behaviors in dynamic network attack-defense interactions remains challenging, and quantitative evaluation of defense strategies lacks rigorous foundations. Method: This paper proposes a multi-agent simulation framework based on Markov Decision Processes (MDPs), wherein both attackers and defenders are formalized as state-driven collective decision-making agents. The framework abstracts node attributes and models action effects to enable goal-oriented environmental evolution, supporting faithful replay of realistic coordinated attack scenarios. Contribution/Results: It enables dynamic, multi-dimensional assessment of defense strategies—particularly in response timeliness and objective deviation. Experimental results demonstrate statistically significant performance differences across distinct defense organizational structures along key metrics, thereby validating the framework’s efficacy for comparative strategy analysis and optimization in cyber defense planning.

As cyber-attacks show to be more and more complex and coordinated, cyber-defenders strategy through multi-agent approaches could be key to tackle against cyberattacks as close as entry points in a networked system. This paper presents a Markovian modeling and implementation through a simulator of fighting cyber-attacker agents and cyberdefender agents deployed on host network nodes. It aims to provide an experimental framework to implement realistically based coordinated cyber-attack scenarios while assessing cyberdefenders dynamic organizations. We abstracted network nodes by sets of properties including agents' ones. Actions applied by agents model how the network reacts depending in a given state and what properties are to change. Collective choice of the actions brings the whole environment closer or farther from respective cyber-attackers and cyber-defenders goals. Using the simulator, we implemented a realistically inspired scenario with several behavior implementation approaches for cyber defenders and cyber-attackers.