Abstract

This study is focused on the creation of an expert system for generating recommendations on cyber security. The developed expert system uses a game-theoretic model as a inference engine to transform expert knowledge into recommendations for end-users, who may be chief IT security officers (CISOs), system administrators, or cyber security engineers. Expert knowledge is presented in the form of an estimate of the base group of CVSS metrics - Common Vulnerability Score System, for each type of attack and adjusted values of CVSS in the case that the counterattack strategy is applied. Given a set of attacks and a base of expert attack knowledge, the system generates a game matrix of zero-sum game with a cybercriminal and a cyberdefense expert as players. The inference engine of the expert system is a game-theoretic model responsible for solving the game using the Brown-Robinson iterative method and generating cyber protection recommendations. An experiment was conducted on the convergence of the BrownRobinson algorithm on the 2022 vulnerability dataset from the Cybersecurity and Infrastructure Security Agency database, as a result of which it was determined that the convergence of the algorithm for solving the matrix game is achieved at a number of iterations of 1000. As a result of the work, expert system was designed and implemented along with the Web interface, which provides input by experts of CVSS level assessments of collected threats, threats countermeasures and output of recommendations for combating cyber threats

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.