A generic approach for network defense strategies generation based on evolutionary game theory

The generation of optimal defense strategies in dynamic adversarial environments is crucial for cybersecurity. Recently, defense approaches based on evolutionary game theory have gained significant achievements. However, they would fail when facing complex networks and sophisticated attack strategies, due to the fatal drawbacks of defense strategy generation considering atomic attacks only. To relieve this issue, a generic approach for generating defense strategies using evolutionary game theory is proposed in this paper. Initially, a novel payoff quantification method for network attack -defense games based on attack graphs is designed. Innovatively, two factors concerning the decision-maker's degree of irrationality (DI) and the level of environmental security (LES) are introduced into the replicator dynamics equation to model the impacts on equilibrium solutions. Noting that Active Directory (AD) domain service is one of the most used and representative information security management system in Windows domains, from which attack graphs and paths can be plainly extracted and analyzed. Therefore, it is necessary and imperative to anchor AD to unfold the theoretical analyses and experiments validation based on a real environment. Case studies on a real -world AD network demonstrate that the proposed approach is effective and can generate stable and efficient defense strategies.