An expert system of recommendations for combating cyber threats using CVSS metrics and game theory

Abstract

This study is focused on the creation of an expert system for generating recommendations on cyber security. The developed expert system uses a game-theoretic model as a inference engine to transform expert knowledge into recommendations for end-users, who may be chief IT security officers (CISOs), system administrators, or cyber security engineers. Expert knowledge is presented in the form of an estimate of the base group of CVSS metrics - Common Vulnerability Score System, for each type of attack and adjusted values ​​of CVSS in the case that the counterattack strategy is applied. Given a set of attacks and a base of expert attack knowledge, the system generates a game matrix of zero-sum game with a cybercriminal and a cyberdefense expert as players. The inference engine of the expert system is a game-theoretic model responsible for solving the game using the Brown-Robinson iterative method and generating cyber protection recommendations. An experiment was conducted on the convergence of the Brown-Robinson algorithm on the 2022 vulnerability dataset from the Cybersecurity and Infrastructure Security Agency database, as a result of which it was determined that the convergence of the algorithm for solving the matrix game is achieved at a number of iterations of 1000. As a result of the work, expert system was designed and implemented along with the Web interface, which provides input by experts of CVSS level assessments of collected threats, threats countermeasures and output of recommendations for combating cyber threats.