Game theoretic attack response framework for enterprise networks

Abstract

Choosing the right security measures and responses is an important and challenging part of designing an Intrusion Response System. This article proposes a stochastic game based approach to security and intrusion response in enterprise networks. To analyze the intrusion response scenario, this paper formally represents the real-time interaction of an attacker and network administrator as a two-player non-zero-sum stochastic game. The network configuration information and vulnerability scan results of an enterprise network are used to construct a network security state space, where a network security state changes as a result of actions taken by the attacker/ administrator. Using the modeled stochastic game, a quantitative decision making framework has been proposed for enterprise network administrators to identify his optimal actions in case of network intrusion. Experimentations show that proposed model scales well with networks consisting of number of hosts in order of hundreds. © 2014 Springer International Publishing Switzerland.