RRE: A game-theoretic intrusion response and recovery engine. Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the Response and Recovery Engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. RRE applies attack-response trees to analyze undesired security events and their countermeasures using Boolean logic to combine lower-level attack consequences. In addition, RRE accounts for uncertainties in intrusion detection alert notifications. RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. Experimental results show that RRE, using Snort’s alerts, can protect large networks for which attack-response trees have more than 900 nodes.
Keywords for this software
References in zbMATH (referenced in 9 articles )
Showing results 1 to 9 of 9.
- He, Fei; Zhuang, Jun; Rao, Nageswara S. V.: Discrete game-theoretic analysis of defense in correlated cyber-physical systems (2020)
- Etesami, S. Rasoul; Başar, Tamer: Dynamic games in cyber-physical security: an overview (2019)
- Khouzani, MHR (Arman); Liu, Zhengliang; Malacaria, Pasquale: Scalable min-max multi-objective cyber-security optimisation over probabilistic attack graphs (2019)
- Wu, Hao; Wang, Wei; Wen, Changyun; Li, Zhengguo: Game theoretical security detection strategy for networked systems (2018)
- Helil, Nurmamat; Halik, Azhar; Rahman, Kaysar: Non-zero-sum cooperative access control game model with user trust and permission risk (2017)
- Nandi, Apurba K.; Medal, Hugh R.; Vadlamani, Satish: Interdicting attack graphs to protect organizations from cyber attacks: a bi-level defender-attacker model (2016)
- Kordy, Barbara; Mauw, Sjouke; Radomirović, Saša; Schweitzer, Patrick: Attack-defense trees (2014)
- Kordy, Barbara; Piètre-Cambacédès, Ludovic; Schweitzer, Patrick: DAG-based attack and defense modeling: don’t miss the forest for the attack trees (2014)
- Corona, Igino; Giacinto, Giorgio; Roli, Fabio: Adversarial attacks against intrusion detection systems: taxonomy, solutions and open issues (2013) ioport