Optimal Strategy for Cyberspace Mimic Defense Based on Game Theory

Traditional defensive techniques are usually static and passive, and appear weak to confront highly adaptive and stealthy attacks. As a novel security theory, Cyberspace Mimic Defense (CMD) creates asymmetric uncertainty that favors the defender. CMD constructs multiple executors which are diverse functional equivalent variants for the protected target and arbitral mechanism. In this way, CMD senses the results of current running executors and changes the attack surface. Although CMD enhances the security of systems, there are still some critical gaps with respect to design a defensive strategy under costs and security. In this paper, we propose a dual model to dynamically select the number of executors being reconfigured according to the states of the executors. First, we establish a Markov anti-attack model to compare the effects of CMD under different types of attack. Then, we use a dynamic game of incomplete information to determine the optimal strategy, which achieves the balance of the number of reconfiguration and security. Finally, experimental results show that our dual model reduces defensive costs while guarantees security.