An enormous amount of functions in our everyday life became dependent on computer networks. Network attacks become more sophisticated and perplexing. Defending against multi-stage attacks is a challenging process in Intrusion Defense Systems (IDS) due to their complexity. This paper presents a game theory method to analyze the risk and impact of multi-stage attacks in IDS. In this method, the interactions between the attacker and the administrator are modeled as a non-cooperative zero-sum multi-stage game and it is modeled as a min-max game tree where the attacker is the leader and the administrator is the follower. Alternating the actions between the administrator and the attacker forms the game tree, each of them will be allowed to play a single action at any given time. In this work, a new multi-stage attacker defender (MAD) algorithm is developed to help the administrator in defending against multi-stage attacks. The believes of the attacker and the administrator are updated based on the analysis of the life-cycle for the multi-stage attacks to reduce the horizon effect.
[1]
T. Tidwell,et al.
Modeling Internet Attacks
,
2022
.
[2]
Ferenc Szidarovszky,et al.
Multi-Level Intrusion Detection System (ML-IDS)
,
2008,
2008 International Conference on Autonomic Computing.
[3]
John Hale,et al.
A systematic approach to multi-stage network attack analysis
,
2004,
Second IEEE International Information Assurance Workshop, 2004. Proceedings..
[4]
Jeannette M. Wing,et al.
Game strategies in network security
,
2005,
International Journal of Information Security.
[5]
J. Filar,et al.
Competitive Markov Decision Processes
,
1996
.
[6]
Christopher Krügel,et al.
Evaluating the impact of automated intrusion response mechanisms
,
2002,
18th Annual Computer Security Applications Conference, 2002. Proceedings..