Next CS seminar of Karel Durkota:
Title: Game Theory for Network Security:
Subtitle: Optimal honeypot deployment strategy and optimal strategies for detecting data exfiltration
Room: KN:E-205, Karlovo náměstí 13, 121 35 Praha 2
When: [Thu, Nov 16, 2 pm]
The increasing complexity of securing modern computer networks makes decision support systems an important tool for administrators. A challenge many existing tools fail to address is that attackers react strategically to new security measures, adapting their behavior in response. Game theory provides a methodology for making decisions that take into account these reactions, rather than assuming static attackers. I present an overview of how game theory can be used to inform two types of security decisions.
First, I focus on how to optimally place honeypots in a network assuming that the attacker attacks it optimally according to the Attack graph structure. Attack graphs capture all possible sequences of exploits that the attacker can perform for a specific network to achieve a specific goal(s).
Second, I used game theory to compute how the administrator should set the detector thresholds for the outgoing traffic for the user hosts in the network to minimize the amount of the data that the potential attacker can exfiltrate. Here, we assume that the attacker compromised a user host and decides how much data to exfiltrate in each time step not to surpass an unknown threshold to him.