RRE: A Game-Theoretic Intrusion Response and Recovery Engine

Free registration required

Executive Summary

Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. This paper proposes a new approach to automated response called the Response and Recovery Engine (RRE). Its engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. RRE applies attack-response trees to analyze undesired security events and their countermeasures using Boolean logic to combine lower-level attack consequences. In addition, RRE accounts for uncertainties in intrusion detection alert notifications.

  • Format: PDF
  • Size: 640.3 KB