Dynamic Game Based Intrusion Response Decision-Making Model

With the Internet's development, human social behavior relies increasingly on computers and computer networks, but people have to face more serious network security problems. The increasing intrusion incidents, the progressing intrusion means and the improving automation of intrusion make people more and more difficult to protect against network intrusion.In order to strengthen the security of computer networks to prevent network intrusions, many security mechanisms and techniques have been proposed, and intrusion detection and response is one of the important parts of them. Early, the researchers are more concerned about intrusion detection, intrusion response are all human response or semi-artificial response. Because this kind of response lacks timeliness, a large number of intruders can attack computer system before the response. To solve this problem, researchers developed automatic intrusion response system, which can make automatic responses without human intervention. Intrusion response decision-making is the core technology, including the decision-making of response actions and response time. In this paper, in the study of response decision-making model of the current automatic intrusion response system, using game theory to analyze the interactive actions of attacker and defender, I established a Dynamic Game Based Intrusion Response Decision-Making Model, and demonstrated this model-based automatic intrusion response system. In this paper, results are as follows:In the establishment of Intrusion Response Decision-Making Model, taking into account that the network attack and defense process is a dynamic, mutual influenced and mutual restricted interactive process, I use dynamic game theory to analyze this process. In this paper, attackers and defenders are the game participants, attack and response actions are the actions of participants, the effects of attacks are the cost benefits, the process of network attack and defense is the game.The paper at the fist time raises and solves the conflict between irrational behavior of attackers and defenders and rational assumption of game theory. Game theory has an important prerequisite for the assumption that participants in the game must be rational and intelligent, but some of the attackers and defenders are irrational. I solve this problem by limiting the action space of irrational attackers and defenders. On one hand, this model can make the decision-making of response actions, and can select the most costless and reasonable response action. On the other hand, because the model uses a dynamic multi-stage game, it can make the decision-making of response time. For these two reasons, this model can develop strategies composed with response actions and response time and guide the automatic intrusion response system to implement different response actions at different stages.For this game Based Intrusion Response Decision-Making Model, the accurate assessment of the cost of attackers and defenders is very important. This paper presents a weight of system resources based assessment method of cost. This method accurately assesses the cost of attackers and defenders at various situations.Generally, systems with different response purposes have different system policy goals, and this model can adapt a variety of response purpose by adjusting system policy goals.This paper considers a variety of response decision-making factors on the impact of response decision-making, including the type of attack, the type of attacker, the type of response, attack cost, response cost and assurance of alerts (IDS false positive rate and false negative rate). They not only affect the decision-making of response actions, but also the decision-making of response time.