Abstract
Improving network security is a difficult problem that requires balancing several goals, such as defense cost and need for network efficiency, to achieve proper results. Modeling the network as a game and using optimization problems to select the best move in such a game can assist network administrators in determining an ideal defense strategy. However, most approaches for determining optimal game solutions tend to focus on either single objective games or merely scalarize the multiple objectives to a single of objective. In this paper, we devise a method for modeling network attacks in a zero-sum multi-objective game without scalarizing the objectives. We use Pareto Fronts to determine the most harmful attacks and Pareto Optimization to find the best defense against those attacks. By determining the optimal solutions through those means, we allow network administrators to make the final defense decision from a much smaller set of defense options. The included experiment uses minimum distance as selection method and compares the results with a minimax algorithm for the determination of the Nash Equilibrium. The proposed algorithm should help network administrators in search of a hands-on method of improving network security.
Highlights
We use the difference in average distance to the minimum for a defense strategy
The results show that the defense chosen by the Pareto Optimal solution tend to be slightly inferior to the Nash Equilibrium
The approach described provides a fresh perspective on other network policy optimization problems, most of which tend to view a defense strategy that leads to a Nash Equilibrium state as optimal
Summary
It is common to compare the costs and benefits of different attack and defense strategies. The system would compare the cost of defense to the cost suffered by intrusion and if the response cost exceeded the intrusion cost, the system would take no action. This concept of intrusion cost has spread through the field of computer risk assessment and quantitative cost assessment has become a foundation for work in the field. There are some shortcomings: (1) not all problems can be properly quantified, i.e., in some cases, cost classification is possible, but not quantification; and (2) quantitative cost estimation is well suited for intrusion detection systems (IDS), but underperforms when choosing a defense strategy
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
