Choosing the right security measures and responses is an important and challenging part of designing an Intrusion Response System. This article proposes a stochastic game based approach to security and intrusion response in enterprise networks. To analyze the intrusion response scenario, this paper formally represents the real-time interaction of an attacker and network administrator as a two-player non-zero-sum stochastic game. The network configuration information and vulnerability scan results of an enterprise network are used to construct a network security state space, where a network security state changes as a result of actions taken by the attacker/ administrator. Using the modeled stochastic game, a quantitative decision making framework has been proposed for enterprise network administrators to identify his optimal actions in case of network intrusion. Experimentations show that proposed model scales well with networks consisting of number of hosts in order of hundreds. © 2014 Springer International Publishing Switzerland.
CITATION STYLE
Kundu, A., & Ghosh, S. K. (2014). Game theoretic attack response framework for enterprise networks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8337 LNCS, pp. 263–274). Springer Verlag. https://doi.org/10.1007/978-3-319-04483-5_27
Mendeley helps you to discover research relevant for your work.