Visible to the public A Game Theoretic Approach For Deploying Forensic Ready Systems

TitleA Game Theoretic Approach For Deploying Forensic Ready Systems
Publication TypeConference Paper
Year of Publication2020
AuthorsLakhdhar, Y., Rekhis, S., Sabir, E.
Conference Name2020 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)
Keywordsadaptive cyber defender, Attack Strategies, attack surface, attacking defending, cognitive security solution, cost-prohibitive approaches, cyber attacker, cyber incidents, forensic experts, forensic readiness, forensic ready systems, forensic-ready systems, gained security cost, game theoretic approach, game theoretic security, game theory, human factors, investigation readiness, investigation-ready infrastructure, low security configurations, moderate security configurations, nonprovable attack scenarios, nonprovable attacks, Predictive Metrics, pubcrawl, Resiliency, Scalability, security of data, security overhead, security solutions, two-player game
AbstractCyber incidents are occurring every day using various attack strategies. Deploying security solutions with strong configurations will reduce the attack surface and improve the forensic readiness, but will increase the security overhead and cost. In contrast, using moderate or low security configurations will reduce that overhead, but will inevitably decrease the investigation readiness. To avoid the use of cost-prohibitive approaches in developing forensic-ready systems, we present in this paper a game theoretic approach for deploying an investigation-ready infrastructure. The proposed game is a non-cooperative two-player game between an adaptive cyber defender that uses a cognitive security solution to increase the investigation readiness and reduce the attackers' untraceability, and a cyber attacker that wants to execute non-provable attacks with a low cost. The cognitive security solution takes its strategic decision, mainly based on its ability to make forensic experts able to differentiate between provable identifiable, provable non-identifiable, and non-provable attack scenarios, starting from the expected evidences to be generated. We study the behavior of the two strategic players, looking for a mixed Nash equilibrium during competition and computing the probabilities of attacking and defending. A simulation is conducted to prove the efficiency of the proposed model in terms of the mean percentage of gained security cost, the number of stepping stones that an attacker creates and the rate of defender false decisions compared to two different approaches.
Citation Keylakhdhar_game_2020