(1) Attackers only have incomplete information.
(2) The defender only has incomplete information regarding the network since there are unaware vulnerabilities.
(3) A service is provided by multiple core nodes.
(4) Each service has different weights.
(5) One virtual machine only provides one service.
(6) Only malicious nodal attacks are considered.
(7) The compromise probability of a target node is determined by the Contest Success Function (CSF).
Box 1: Problem assumptions.