Cyber Insider Threats Situation Awareness Using Game Theory and Information Fusion-based User Behavior Predicting Algorithm

摘要

Cyber insider threat is a difficult problem because it is always covered by a legal identity. Researchers have proposed many methods to deal with this kind of problem which are model-based, graph-based and access control-based algorithms. However, many of these methods are dependent upon traditional IDS which are impacted by false positive rate and not suitable for insider problem any more. Some other game-based methods are dependent on assumption that insiders" decisions are optimal and rational. Nevertheless, this kind of algorithm can not handle some irrational insider's behavior and determine when a round of interaction starts or ends for system defender. In this paper, we proposed our algorithm for insider threat situation awareness, which is based on game theory and information fusion. We use dynamic Bayesian network (DBN) structure and exact inference to acquire and fuse different type of insider information for behavior analysis and avoid traditional IDS shortcoming, finally we obtain situation awareness or prediction trend of insider's future actions by qumital response equilibrium (QRE) calculation. Simulation experiment results indicate that our algorithm has better convergence and precision than other same algorithm even though we should pay additional but accepted computation cost.