On the Effectiveness of Intrusion Response Systems against Persistent Threats

“…Li et al 16 gave an approach to dynamic decision making for intrusion response that uses the Pareto‐optimal set to deal with it. In Reference 17, Sharif Ullah et al formulated the interactions between the attacker and the defender as an attack graph and an object instance graph, and they discouraged further intrusions by increasing the uncertainty of subsequent attacks and the cost of time and space by the attacker. However, when modeling the defense strategy, these studies only considered the maximum gain under the current state faced by the defender and ignored that the process of intrusion response is a process of constant interaction between the attacker and the defender, which causes the model to fall into the locally optimal solution.…”

A parallel game model‐based intrusion response system for cross‐layer security in industrial internet of things

“…Li et al 16 gave an approach to dynamic decision making for intrusion response that uses the Pareto‐optimal set to deal with it. In Reference 17, Sharif Ullah et al formulated the interactions between the attacker and the defender as an attack graph and an object instance graph, and they discouraged further intrusions by increasing the uncertainty of subsequent attacks and the cost of time and space by the attacker. However, when modeling the defense strategy, these studies only considered the maximum gain under the current state faced by the defender and ignored that the process of intrusion response is a process of constant interaction between the attacker and the defender, which causes the model to fall into the locally optimal solution.…”

A parallel game model‐based intrusion response system for cross‐layer security in industrial internet of things

“…This allows for automated network reconfiguration as a means of mitigation during an incident. With similar motivations, Ullah et al, [157] model an intrusion response system through the consideration of diverse attacker strategies. This model explores potential attack pathways, from which a response mechanism is designed to restrict attacker opportunities.…”

A Cyber Incident Response and Recovery Framework to Support Operators of Industrial Control Systems

Decision model of intrusion response based on markov game in fog computing environment