Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory

Ravi Jhawar, Sjouke Mauw, Irfan Zakiuddin

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Citations (Scopus)
    1 Downloads (Pure)

    Abstract

    Cyber systems that serve government and military organizations must cope with unique threats and powerful adversaries. In this context, one must assume that attackers are continuously engaged in offence and an attack can potentially escalate in a compromised system. This paper proposes an approach to generate defensive responses against ongoing attacks. We use Attack-Defence Trees (ADTrees) to represent situational information including the state of the system, potential attacks and defences, and the interdependencies between them. Currently, ADTrees do not support automated response generation. To this end, we develop a game-theoretic approach to calculate defensive responses and implement our approach using the Game Theory Explorer (GTE). In our games, Attackers and Defenders are the players, the pay-offs model the benefit to each player for a given course of action, and the game’s equilibria is the optimal course of action for each player. Finally, given the dynamic nature of cyber systems, we keep our ADTrees and the corresponding game trees upto-date following the well-known OODA (observe, orient, decide, act) loop methodology.
    Original languageEnglish
    Title of host publicationEuropean Conference on Cyber Warfare and Security, ECCWS 2016
    Place of PublicationReading
    PublisherAcademic Conferences and Publishing International
    Pages163-172
    Number of pages10
    ISBN (Print)9781910810934
    Publication statusPublished - 2016

    Publication series

    Name
    PublisherAcademic Conferences and Publishing International

    Keywords

    • EWI-27276
    • EC Grant Agreement nr.: FP7/318003
    • Security
    • Game Theory
    • Attack Modelling
    • incident response
    • EC Grant Agreement nr.: FP7/2007-2013
    • METIS-318543
    • IR-101601
    • cyber defences

    Fingerprint Dive into the research topics of 'Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory'. Together they form a unique fingerprint.

  • Cite this

    Jhawar, R., Mauw, S., & Zakiuddin, I. (2016). Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory. In European Conference on Cyber Warfare and Security, ECCWS 2016 (pp. 163-172). Reading: Academic Conferences and Publishing International.