TY - GEN
T1 - A game theory based risk and impact analysis method for intrusion defense systems
AU - Luo, Yi
AU - Szidarovszky, Ferenc
AU - Al-Nashif, Youssif
AU - Hariri, Salim
PY - 2009
Y1 - 2009
N2 - An enormous amount of functions in our everyday life became dependent on computer networks. Network attacks become more sophisticated and perplexing. Defending against multi-stage attacks is a challenging process in Intrusion Defense Systems (IDS) due to their complexity. This paper presents a game theory method to analyze the risk and impact of multi-stage attacks in IDS. In this method, the interactions between the attacker and the administrator are modeled as a non-cooperative zero-sum multi-stage game and it is modeled as a min-max game tree where the attacker is the leader and the administrator is the follower. Alternating the actions between the administrator and the attacker forms the game tree, each of them will be allowed to play a single action at any given time. In this work, a new multi-stage attacker defender (MAD) algorithm is developed to help the administrator in defending against multi-stage attacks. The believes of the attacker and the administrator are updated based on the analysis of the life-cycle for the multi-stage attacks to reduce the horizon effect.
AB - An enormous amount of functions in our everyday life became dependent on computer networks. Network attacks become more sophisticated and perplexing. Defending against multi-stage attacks is a challenging process in Intrusion Defense Systems (IDS) due to their complexity. This paper presents a game theory method to analyze the risk and impact of multi-stage attacks in IDS. In this method, the interactions between the attacker and the administrator are modeled as a non-cooperative zero-sum multi-stage game and it is modeled as a min-max game tree where the attacker is the leader and the administrator is the follower. Alternating the actions between the administrator and the attacker forms the game tree, each of them will be allowed to play a single action at any given time. In this work, a new multi-stage attacker defender (MAD) algorithm is developed to help the administrator in defending against multi-stage attacks. The believes of the attacker and the administrator are updated based on the analysis of the life-cycle for the multi-stage attacks to reduce the horizon effect.
UR - http://www.scopus.com/inward/record.url?scp=70349912153&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70349912153&partnerID=8YFLogxK
U2 - 10.1109/AICCSA.2009.5069450
DO - 10.1109/AICCSA.2009.5069450
M3 - Conference contribution
AN - SCOPUS:70349912153
SN - 9781424438068
T3 - 2009 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2009
SP - 975
EP - 982
BT - 2009 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2009
T2 - 7th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA-2009
Y2 - 10 May 2009 through 13 May 2009
ER -