Weekly Summary 08/01~08/11

During these two weeks, I have been looking into four papers related to game-theoretical model to balance the security enforcement and the performance of an information system. He also has a paper talking about tradeoff between security enforcement and control system accessibility. The authors usually solves the problem of limited resource allocation. It focuses on the configuration problem of the network level, where multiple IDS are deployed in an enterprise network.

The problems they are trying to solve are:

--limited resource against intrusion

We face malicious attackers from outside. We need to make some intrusion response against them, however, the resources allocated towards responding to attacks, such as IT security personnel, firewalls, and patch management systems, are growing slowly. There is a widening gap between them. In [4], the author only cares about the system administrator's time which in other words is the only resource considered. There is a big assumption that whenever the system's administrator is available, he can fix the intrusion by some actions or strategies.

--untrust IDS and no incentives

In collaborative intrusion detection networks, many proposed IDS system always assume that all IDS cooperate honestly. They are lack of trust management. Even in proposed trust-based IDN, they didn't have incentives in it. That means they haven't consider the situation when some ID only ask for assistance but never contribute. In [2], the author propose an incentive compatible resource allocation scheme to solve this problem.

--trade-off between efficiency and fairness

In intrusion detection and response field, people haven't found a way to better balance the system efficiency and fairness. Since the solution (Nash equilibrium) for noncooperative games may not result in an efficient solution. And, a common linear programming framework may result in an unfair solution in that some users may be assigned with full capacity but the others with none. In [3], the author has an analytical trade-off study between them, especially how he define the metrics to measure efficiency and fairness.

--trade-off between the security and accessibility for cps

There will be influence of cyber security policies on various control system performances. To solve such problem, the author[5] develops an optimal policy for a networked control system.

Four papers are:

[1].RRE A game theoretic intrusion response and recovery engine

[2].A game-theoretical approach to incentive design in collaborative intrusion detection networks

[3].A trade-off study between efficiency and fairness in communication networks

[4].Intrusion response as a resource allocation problem

[5].Towards a unifying security framework for Cyber-Physical Systems

My goal next week is to find a better game-theoretical