A Game-Theoretic Approach to Building Resilient Cyber and Cyber-Physical Systems
funded by: National Security Agency
researcher: William H. Sanders
The severity and number of attacks on cyber and cyber-physical systems are rapidly increasing. Generally, attack-handling techniques are categorized into three broad classes: intrusion prevention methods, intrusion detection systems, and intrusion response techniques. So far, most research has focused on improving techniques for intrusion prevention and detection, while intrusion response usually remains a manual process performed by network administrators who are notified by IDS alerts and respond to the intrusions. This manual response process inevitably introduces delay between notification and response that could be exploited by the attacker to achieve his or her goal and significantly increase the damage. Therefore, to minimize the severity of attack damage resulting from delayed response, an intrusion response is required that provides quick response to intrusion. While it may be too risky to take the human out of the loop completely, semi-automated techniques that present a human with recommendation on possible responses can aid significantly.
In this project, we are exploring intrusion response approaches that, if successful, could be used to significantly increase the resilience of cyber and cyber-physical systems.