You are here
A Game Theoretic Approach for Cyber Situation Awareness and Impact Assessment
Title: Program Manager
Phone: (301) 294-5218
Email: gchen@i-a-i.com
Title: Director of Contracts and Proposals
Phone: (301) 294-5221
Email: mjames@i-a-i.com
In this proposal, we propose a highly innovative information fusion approach for detection and prediction of multistage stealthy cyber attacks. Our approach unifies INFERD/TANDI (successfully used in cyber network situation awareness) developed by University at Buffalo team and Markov Game theoretical threat intent inference developed by IAI team to provide a better solution. There are two main parts: data fusion module and dynamic/adaptive feature recognition module. Various log file entities Alters generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention Sensors (IPSs) are fed into the L1 data fusion components. The fused objects and related pedigree information are used by a feature/pattern recognition module to generate primitive prediction of intents of cyber attackers. High-level (L2 and L3) data fusion based on Markov game model, Hierarchical Entity Aggregation (HEA) are proposed to refine the primitive prediction generated in stage 1 and capture new unknown features. Markov (Stochastic) game method is used to estimate the belief of each possible cyber attack graph. The captured unknown or new cyber attack patterns will be associated to related L1 results in dynamic learning block, which takes deception reasoning, trend/variation identification, and distribution model and calculation into account.
* Information listed above is at the time of submission. *