A Markov Game Approach To Cyber Security
Cyber attacks (CAs) have generally been one-dimensional, involving denial of service (DoS), computer viruses or worms, and unauthorized intrusion (hacking). Websites, mail servers, and client machines are the major targets. However, recent CAs have diversified to include multi-stage and multi-dimensional attacks with a variety of tools and technologies. Next-generation security will require network management and intrusion detection systems that combine short-term sensor information with long-term knowledge databases to provide decision support and cyberspace command and control.
Recent efforts to apply data fusion techniques to cyber situational awareness are promising1,2, but assessing the potential impact of an attack and predicting intent, or high-level data fusion, continue to present substantive challenges. We propose a new approach to evaluate network defenses in which each possible attack pattern is generated by a data-mining module and estimated by a game-theoretic data fusion module.
Our cyberspace security system has two fully interlocking parts, as indicated in Figure 1. The data fusion module permits refinement of primitive awareness and assessment to identification of new attacks while the dynamic/adaptive feature recognition module generates estimates and learns about them. The Markov game method, a stochastic approach, is used to evaluate the prospects of each potential attack. Game theory captures the nature of cyber conflict: determining the attacker's strategies is closely allied to decisions on defense and vice versa.