Abstract
Choosing the right security measures and responses is an important and challenging part of designing an Intrusion Response System. This article proposes a stochastic game based approach to security and intrusion response in enterprise networks. To analyze the intrusion response scenario, this paper formally represents the real-time interaction of an attacker and network administrator as a two-player non-zero-sum stochastic game. The network configuration information and vulnerability scan results of an enterprise network are used to construct a network security state space, where a network security state changes as a result of actions taken by the attacker/administrator. Using the modeled stochastic game, a quantitative decision making framework has been proposed for enterprise network administrators to identify his optimal actions in case of network intrusion. Experimentations show that proposed model scales well with networks consisting of number of hosts in order of hundreds.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Shapley, L.: Stochastic games. Proceedings of the National Academy of Sciences of the United States of America 39(10) (1953)
You, X., Shiyong, Z.: A kind of network security behavior model based on game theory. In: Proceedings of PDCAT, pp. 950–954. IEEE (2003)
Lye, K., Wing, J.: Game strategies in network security. International Journal of Information Security 4(1), 71–86 (2005)
Nguyen, K., Alpcan, T., Basar, T.: Security games with incomplete information. In: Proc. of ICC 2009, pp. 1–6. IEEE (2009)
Bloem, M., Alpcan, T., Basar, T.: Intrusion Response as a Resource Allocation Problem. In: Proc. of the 45th CDC, pp. 6283–6288. IEEE (2006)
Kantzavelou, I., Katsikas, S.: A game-based intrusion detection mechanism to confront internal attackers. Computers & Security 29(8), 859–874 (2010)
Zonouz, S.: Game-theoretic intrusion response and recovery, PhD. Dissertation (2011)
Liu, P., Zang, W., Yu, M.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM TISSEC 8(1), 78–118 (2005)
Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vulnerability. Managing Cyber Threats 5, 247–266 (2005)
Hoffman, A.J., Karp, R.M.: On nonterminating stochastic games. Management Science 12(5), 359–370 (1966)
Metasploit: Metasploit penetration testing software, http://www.metasploit.com/ (accessed on July 2013)
Boston university Representative Internet Topology gEnerator(BRITE), http://www.cs.bu.edu/brite/ (accessed on July 2013)
McKelvey, R., McLennan, A., Turocy, T.: Gambit: Software tools for game theory, version 13.1.0. Technical report, Gambit Project (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kundu, A., Ghosh, S.K. (2014). Game Theoretic Attack Response Framework for Enterprise Networks. In: Natarajan, R. (eds) Distributed Computing and Internet Technology. ICDCIT 2014. Lecture Notes in Computer Science, vol 8337. Springer, Cham. https://doi.org/10.1007/978-3-319-04483-5_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-04483-5_27
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04482-8
Online ISBN: 978-3-319-04483-5
eBook Packages: Computer ScienceComputer Science (R0)