1. Technical Field
The present invention relates to computer security and, more particularly, to modeling instances and targets for in-progress attacks using probabilistic game theory.
2. Description of the Related Art
A large increase in the frequency of cybersecurity attacks has prompted industry and academia to find new ways to respond to the threat. Defensive mechanisms have been proposed in an attempt to detect and prevent attackers from reaching their targets, e.g., servers that store high-value data. In practice, large networks can have hundreds of high-value servers, each one a possible target of attack, thus making it difficult to determine the goal of a targeted attacker and to respond appropriately.
In an enterprise network, which may include hundreds of thousands of network entities such as laptops, desktop computers, and servers, the network entities can be categorized into different classes. For example, an entity may be a web server, an SQL server, a user terminal, etc. In a strongly connected network, the removal of a small number of connections will not partition the network into isolated parts. At present, however, detection and response systems do not provide adequate insight to system operators as to how best to respond to a strategic attacker. In real-life networks, targets are numerous and easily reachable, making existing approaches that assume a small target set impractical to use.