Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory
|Title||Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory|
|Publication Type||Conference Paper|
|Year of Publication||2016|
|Authors||Jhawar R., Mauw S., Zakiuddin I.|
|Conference Name||European Conference on Cyber Warfare and Security, ECCWS 2016, Munich, Germany|
|Publisher||Academic Conferences and Publishing International|
Cyber systems that serve government and military organizations must cope with unique threats and powerful adversaries. In this context, one must assume that attackers are continuously engaged in offence and an attack can potentially escalate in a compromised system. This paper proposes an approach to generate defensive responses against ongoing attacks. We use Attack-Defence Trees (ADTrees) to represent situational information including the state of the system, potential attacks and defences, and the interdependencies between them. Currently, ADTrees do not support automated response generation. To this end, we develop a game-theoretic approach to calculate defensive responses and implement our approach using the Game Theory Explorer (GTE). In our games, Attackers and Defenders are the players, the pay-offs model the benefit to each player for a given course of action, and the game's equilibria is the optimal course of action for each player. Finally, given the dynamic nature of cyber systems, we keep our ADTrees and the corresponding game trees upto-date following the well-known OODA (observe, orient, decide, act) loop methodology.