A Game Theoretical Attack-Defense Model Oriented to Network Security Risk Assessment

How to quantify the threat probability in network security risk assessment is an important problem to be solved. Most of the existing methods tend to consider the attacker and defender separately. However, the decision to perform the attack is a trade-off between the gain from a successful attack and the possible consequences of detection; meanwhile, the defenderpsilas security strategy depends mostly on the knowledge of the intentions of the attacker. Therefore, ignoring the connections between the attacker and defenderpsilas decisions does not correspond to reality. Game theory is the study of the ways in which strategic interactions among rational players produce outcomes with respect to the utilities of those players. In this paper, a novel game theoretical attack-defense model (GTADM) which quantifies the probability of threats is proposed in order to construct a risk assessment framework. According to the cost-benefit analysis, we define the method of formulating the payoff matrix; the equilibrium of the model is also analyzed. In the end, a simple scenario is presented to illustrate the usage of GTADM in the risk assessment framework to show its efficiency.

[1]  Samuel N. Hamilton,et al.  The Role of Game Theory in Information Warfare , 2002 .

[2]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[3]  Jing Zhu,et al.  The analysis of uncertainty of network security risk assessment using Dempster-Shafer theory , 2008, 2008 12th International Conference on Computer Supported Cooperative Work in Design.

[4]  Sajal K. Das,et al.  Intrusion detection in sensor networks: a non-cooperative game approach , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[5]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[6]  Wei Jiang,et al.  A Game Theoretic Method for Decision and Analysis of the Optimal Active Defense Strategy , 2007 .

[7]  Kjetil Haslum,et al.  Multisensor Real-time Risk Assessment using Continuous-time Hidden Markov Models , 2006, 2006 International Conference on Computational Intelligence and Security.

[8]  A. Patcha,et al.  A game theoretic approach to modeling intrusion detection in mobile ad hoc networks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[9]  Jing Zhao,et al.  A Model of Hierarchical Key Assignment Scheme with CRT , 2007 .

[10]  Samantha Thomas Cruz,et al.  Information Security Risk Assessment , 2007, Information Security Management Handbook, 6th ed..

[11]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[12]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[13]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.

[14]  Steven Noel,et al.  Representing TCP/IP connectivity for topological analysis of network security , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[15]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[16]  Paul F. Syverson,et al.  A different look at secure distributed computation , 1997, Proceedings 10th Computer Security Foundations Workshop.

[17]  Shi Jin,et al.  Dynamic Intrusion Response Based on Game Theory , 2008 .

[18]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[19]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[20]  Karin Sallhammar,et al.  Stochastic Models for Combined Security and Dependability Evaluation , 2007 .