Skip to Main Content
An enormous amount of functions in our everyday life became dependent on computer networks. Network attacks become more sophisticated and perplexing. Defending against multi-stage attacks is a challenging process in intrusion defense systems (IDS) due to their complexity. This paper presents a game theory method to analyze the risk and impact of multi-stage attacks in IDS. In this method, the interactions between the attacker and the administrator are modeled as a non-cooperative zero-sum multistage game and it is modeled as a minmax game tree where the attacker is the leader and the administrator is the follower. Alternating the actions between the administrator and the attacker forms the game tree, each of them will be allowed to play a single action at any given time. In this work, a new multi-stage attacker defender (MAD) algorithm is developed to help the administrator in defending against multi-stage attacks. The believes of the attacker and the administrator are updated based on the analysis of the life-cycle for the multi-stage attacks to reduce the horizon effect.