Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory

Ravi Jhawar, Sjouke Mauw, Irfan Zakiuddin

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Citations (Scopus)
    1 Downloads (Pure)

    Abstract

    Cyber systems that serve government and military organizations must cope with unique threats and powerful adversaries. In this context, one must assume that attackers are continuously engaged in offence and an attack can potentially escalate in a compromised system. This paper proposes an approach to generate defensive responses against ongoing attacks. We use Attack-Defence Trees (ADTrees) to represent situational information including the state of the system, potential attacks and defences, and the interdependencies between them. Currently, ADTrees do not support automated response generation. To this end, we develop a game-theoretic approach to calculate defensive responses and implement our approach using the Game Theory Explorer (GTE). In our games, Attackers and Defenders are the players, the pay-offs model the benefit to each player for a given course of action, and the game’s equilibria is the optimal course of action for each player. Finally, given the dynamic nature of cyber systems, we keep our ADTrees and the corresponding game trees upto-date following the well-known OODA (observe, orient, decide, act) loop methodology.
    Original languageEnglish
    Title of host publicationEuropean Conference on Cyber Warfare and Security, ECCWS 2016
    Place of PublicationReading
    PublisherAcademic Conferences and Publishing International
    Pages163-172
    Number of pages10
    ISBN (Print)9781910810934
    Publication statusPublished - 2016
    EventEuropean Conference on Cyber Warfare and Security, ECCWS 2016, Munich, Germany: European Conference on Cyber Warfare and Security, ECCWS 2016 - Reading
    Duration: 1 Jan 2016 → …

    Publication series

    Name
    PublisherAcademic Conferences and Publishing International

    Conference

    ConferenceEuropean Conference on Cyber Warfare and Security, ECCWS 2016, Munich, Germany
    CityReading
    Period1/01/16 → …

    Keywords

    • EWI-27276
    • EC Grant Agreement nr.: FP7/318003
    • Security
    • Game Theory
    • Attack Modelling
    • incident response
    • EC Grant Agreement nr.: FP7/2007-2013
    • METIS-318543
    • IR-101601
    • cyber defences

    Fingerprint Dive into the research topics of 'Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory'. Together they form a unique fingerprint.

    Cite this