1 research outputs found
Partially-Observable Security Games for Automating Attack-Defense Analysis
Network systems often contain vulnerabilities that remain unfixed in a
network for various reasons, such as the lack of a patch or knowledge to fix
them. With the presence of such residual vulnerabilities, the network
administrator should properly react to the malicious activities or proactively
prevent them, by applying suitable countermeasures that minimize the likelihood
of an attack by the attacker. In this paper, we propose a stochastic
game-theoretic approach for analyzing network security and synthesizing defense
strategies to protect a network. To support analysis under partial observation,
where some of the attacker's activities are unobservable or undetectable by the
defender, we construct a one-sided partially observable security game and
transform it into a perfect game for further analysis. We prove that this
transformation is sound for a sub-class of security games and a subset of
properties specified in the logic rPATL. We implement a prototype that fully
automates our approach, and evaluate it by conducting experiments on a
real-life network