Game Theory Based Risk and Impact Analysis

Overview

Among the diverse attack types, the most destructive and difficult one is the multi-stage attack for the administrator to response to. Multi-stage attacks usually strike highly protected targets, coordinate the sub-goals of single stage attacks and conceal the true origin of the attack. After the intrusion detection system (IDS) detects an attack, the IDS will respond to minimize the loss of the system.

For single stage attacks, the process of finding the administrator's best responsive action to a detected attack and maximizing rewards is an optimization problem. However, since attackers usually launch multi-stage attacks in reality and the administrator does not know the attacker's full strategies when making decisions to minimize the loss, the problem becomes finding the best strategy using game theory. If we assume that the attacker considers the possible response of the administrator, tries to maximize its reward, and makes the sum of its rewards and the administrator's losses equal to zero, then alternative actions between the attacker and the IDS can be modeled as a two players non-cooperative zero-sum multi-stage game.

In our non-cooperative zero-sum attacker defender game, it is sufficient to find only the reward of the attacker. The reward of the attack is also called the payoff in the game tree. No matter how many feasible interactions the attacker and the administrator will consider in the future, the payoff at the end of any feasible game tree is the sum of all impacts to the attacker and the administrator within this period and the potential impact of the attack outside this period. In the attacker's payoff, the total impact to the attacker and the administrator includes the actual impacts of the attack and the costs of responses within interactions. In the administrator's payoff, it includes the actual impacts of the attack, the costs of responses, and the impact of the attack during interactions.

The interactions of the attacker and the administrator can be described from the following partial game tree. The red nodes and arcs represent the decision nodes and the actions of the attacker. The blue nodes and arcs represent the decision nodes and the responsive actions of the administrator. The green nodes and arcs represent the chance nodes and the probabilites. The payoffs are showed in the leaves of the game tree.

top 

People


top 

Publications

1. Y. Luo, F. Szidarovszky, Y. Al-Nashif, and S. Hariri. "A Game Theory Based Risk and Impact Analysis Method for Intrusion Defense Systems". aiccsa, pp.975-982. May 10-13, 2009, Rabat, Morocco.

2. Y. Luo, F. Szidarovszky, Y. Al-Nashif, and S. Hariri. "Game Tree Based Partially Observable Stochastic Multi-Stage Game Model". IIE Annual Conference and Expo (IERC 2009), May 30-June 3, 2009, Miami, FL, USA.

 

top 


Sponsors






 

 

 
Phone Number: (520) 621-6626 Room 306, SIE Dept. 1127 E. James E. Rogers Way, Tucson, AZ 85721-0020
ACL - © Copyright 2009, Yi Luo
All Rights Reserved