Abstract
The interactions between attackers and network administrator are modeled as a non-cooperative non-zero-sum dynamic game with incomplete information, which considers the uncertainty and the special properties of multi-stage attacks. The model is a Fictitious Play approach along a special game tree when the attacker is the leader and the administrator is the follower. Multi-objective optimization methodology is used to predict the attacker’s best actions at each decision node. The administrator also keeps tracking the attacker’s actions and updates his knowledge on the attacker’s behavior and objectives after each detected attack, and uses it to update the prediction of the attacker’s future actions. Instead of searching the entire game tree, appropriate time horizons are dynamically determined to reduce the size of the game tree, leading to a new, fast, adaptive learning algorithm. Numerical experiments show that our algorithm has a significant reduction in the damage of the network and it is also more efficient than other existing algorithms.
Highlights
The increased dependence on networked applications and services makes network security an important research problem
The interactions between attackers and network administrator are modeled as a non-cooperative non-zero-sum dynamic game with incomplete information, which considers the uncertainty and the special properties of multi-stage attacks
It is well-known from the game theory literature that such games with full information always have at least one Nash equilibrium, which can be computed by using backward induction
Summary
The increased dependence on networked applications and services makes network security an important research problem. Shen et al [2] used a piecewise linearized Markov game model with estimated beliefs of the possible cyber attack patterns obtained by data fusion and adaptive control They recognized that larger time-step horizons result in increased computation complexity. Almost all models of multi-stage attacks are based on special game trees It is well-known from the game theory literature (see for example, Forgo et al, [8]) that such games with full information always have at least one Nash equilibrium, which can be computed by using backward induction. Using the consequence modeling tool, the overall consequence of the different types and scales of events on the system and its users can be assessed into one combined value This value has to be computed at all states of the multistage attack and will be used in the game tree analysis
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
