9 April 2007 A Markov game theoretic data fusion approach for cyber situational awareness
Author Affiliations +
This paper proposes an innovative data-fusion/ data-mining game theoretic situation awareness and impact assessment approach for cyber network defense. Alerts generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention Sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (L1) data fusion components. High-level situation/threat assessment (L2/L3) data fusion based on Markov game model and Hierarchical Entity Aggregation (HEA) are proposed to refine the primitive prediction generated by adaptive feature/pattern recognition and capture new unknown features. A Markov (Stochastic) game method is used to estimate the belief of each possible cyber attack pattern. Game theory captures the nature of cyber conflicts: determination of the attacking-force strategies is tightly coupled to determination of the defense-force strategies and vice versa. Also, Markov game theory deals with uncertainty and incompleteness of available information. A software tool is developed to demonstrate the performance of the high level information fusion for cyber network defense situation and a simulation example shows the enhanced understating of cyber-network defense.
© (2007) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Dan Shen, Genshe Chen, Jose B. Cruz, Leonard Haynes, Martin Kruger, Erik Blasch, "A Markov game theoretic data fusion approach for cyber situational awareness", Proc. SPIE 6571, Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2007, 65710F (9 April 2007); doi: 10.1117/12.720090; https://doi.org/10.1117/12.720090

Back to Top