Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory

TitleAutomating Cyber Defence Responses Using Attack-Defence Trees and Game Theory
Publication TypeConference Paper
Year of Publication2016
AuthorsJhawar R., Mauw S., Zakiuddin I.
Conference NameEuropean Conference on Cyber Warfare and Security, ECCWS 2016, Munich, Germany
PublisherAcademic Conferences and Publishing International
Conference LocationReading

Cyber systems that serve government and military organizations must cope with unique threats and powerful adversaries. In this context, one must assume that attackers are continuously engaged in offence and an attack can potentially escalate in a compromised system. This paper proposes an approach to generate defensive responses against ongoing attacks. We use Attack-Defence Trees (ADTrees) to represent situational information including the state of the system, potential attacks and defences, and the interdependencies between them. Currently, ADTrees do not support automated response generation. To this end, we develop a game-theoretic approach to calculate defensive responses and implement our approach using the Game Theory Explorer (GTE). In our games, Attackers and Defenders are the players, the pay-offs model the benefit to each player for a given course of action, and the game's equilibria is the optimal course of action for each player. Finally, given the dynamic nature of cyber systems, we keep our ADTrees and the corresponding game trees upto-date following the well-known OODA (observe, orient, decide, act) loop methodology.