DGM approach to network attacker and defender strategies

Abstract

The computer game framework is an extension of attack graphs based on game theory. It is used to anticipate and analyze intruder and administrator concurrent interactions within the network. Like attack-graph-based model checking, the goal of an anticipation game is to prove that a safety property holds. However, using this kind of game is tedious and error prone on large networks because it assumes that the analyst has prior and complete knowledge of critical network services. This work presents a non-zero, Deterministic Game-Theoretic Modeling (DGM) method for analyzing the security of computer networks. The interaction between an attacker and a defender is viewed as two-player non-zero deterministic game whose model is constructed using a saddle point solution (non-linear program) to compute the value of the game. The probability of possible attack on a network given available attacker strategy or best-response strategies for the attacker and the defender was demonstrated. The simulation of the model was achieved using Java, which is a high level language with object oriented programming capabilities and features. The backend is implemented using MySQL, which is a widely used relational database management system (RDBMS). Selected results of the games played were presented with analysis showingsome likelyattacker activities and the counter measures from the defender.