Grouping detection and forecasting security controls using unrestricted cooperative bargains

Abstract

Security controls are widely used to minimize the effects generated by unwanted events, such as malicious network traffic. However, incompatibilities between these controls make integration actions (grouping) difficult in order to improve results. This problem becomes more evident when the evaluated controls are of different types, for example, detection and forecasting. In these cases, the scientific literature is still rare. Our hypothesis to solve the problem is based on the analysis of events at two levels of abstraction: the technical level and the strategic level. Our proposal, called Strategic Grouping Architecture (SGA), uses negotiations based on Unrestricted Cooperative Bargains (UCB) to carry out a balancing that leads to the best choices of configuration and results considering the evaluated controls. As a proof of concept, we created a ranking-based experiment to group detection and prediction controls in a real scenario. The application of the SGA in the ranking resulted in anticipated predictions of attacks with a hit rate from 99.95%. As comparison with other methods, we change the ranking data into a noncooperative game and the results have reached the Nash Equilibrium (NE) and Pareto optimal state, showing the reliability of the architecture. •Effective grouping of detection security controls with predictive controls.•The use of Unrestricted Cooperative Bargain (UCB) processes to balance grouping results.•The implementation of a ranking to predict attacks in a detection environment with two filters.