Find drawbacks of recent research on intrusion response

In modeling system response to security threats, researchers have made extensive use of state-space models. Like the one we mentioned before, RRE: A game theoretic intrusion response and recovery engine, this paper uses the partially observable stochastic game model and extended attack tree called attack-response tree. I think the main drawback for this kind of discrete-time state space model is that they may suffer from state-space explosion.

IDEA1: we may extend some other combinatorial methods for modeling and analyzing cyber attacks and countermeasures to solve this state explosion problem.

Second, by using game theory to find the best defense from a pool of defense mechanisms, it is not a so good way actually. Complicated and consume lots of time and resource.

IDEA2: We could extend some other suitable algorithms which is less expensive compared to this kind of state-space based approach.

Another team has done a great work on this area. Dr. Kishor Trivedi