An expert system of recommendations for combating cyber threats using CVSS metrics and game theory
DOI:
https://doi.org/10.15276/hait.07.2024.20Keywords:
Expert system, cybersecurity, game theory, Brown-Robinson method, CVSSAbstract
This study is focused on the creation of an expert system for generating recommendations on cyber security. The developed
expert system uses a game-theoretic model as a inference engine to transform expert knowledge into recommendations for end-users,
who may be chief IT security officers (CISOs), system administrators, or cyber security engineers. Expert knowledge is presented in
the form of an estimate of the base group of CVSS metrics - Common Vulnerability Score System, for each type of attack and
adjusted values of CVSS in the case that the counterattack strategy is applied. Given a set of attacks and a base of expert attack
knowledge, the system generates a game matrix of zero-sum game with a cybercriminal and a cyberdefense expert as players. The
inference engine of the expert system is a game-theoretic model responsible for solving the game using the Brown-Robinson iterative
method and generating cyber protection recommendations. An experiment was conducted on the convergence of the BrownRobinson algorithm on the 2022 vulnerability dataset from the Cybersecurity and Infrastructure Security Agency database, as a result
of which it was determined that the convergence of the algorithm for solving the matrix game is achieved at a number of iterations of
1000. As a result of the work, expert system was designed and implemented along with the Web interface, which provides input by
experts of CVSS level assessments of collected threats, threats countermeasures and output of recommendations for combating cyber
threats.
Downloads
