Strategies comparison for game theoretic cyber situational awareness and impact assessment

This paper compares different defense strategies against various attacks utilizing a dynamic game theoretic data fusion framework for Cyber network defense. In our game theoretic framework, alerts generated by intrusion detection sensors (IDSs) or intrusion prevention sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (LI) data fusion components. High-level situation/threat assessment (L2/L3) data fusion based on Markov game model and hierarchical entity aggregation (HEA) are proposed to refine the primitive prediction generated by adaptive feature/pattern recognition and capture new unknown features. A Markov (stochastic) game method is used to estimate the belief of each possible Cyber attack pattern. Game theory captures the nature of Cyber conflicts: determination of the attacking-force strategies is tightly coupled to determination of the defense-force strategies and vice versa. A software tool is developed to demonstrate and compare the performance of different defense strategies used in game theoretic high level information fusion for Cyber network defense situations and a simulation example shows the enhanced understating of Cyber-network defense.