A Game-Theoretic Decision-Making Framework for Engineering Self-Protecting Software Systems

Targeted and destructive nature of strategies used by attackers to break down the system require mitigation approaches with dynamic awareness. Making a right decision, when facing today's sophisticated and dynamic attacks, is one of the most challenging aspects of engineering self-protecting software systems. Inspired by game theory, in this research work, we model the interactions between the attacker and the software system as a two-player game. Using game-theoretic techniques, the self-protecting software systems is able to: (i) fuse the strategies of attackers into the decision-making model, and (ii) refine the strategies in dynamic attack scenarios by utilizing what has learned from the system's and adversary's interactions. This research introduces a novel decision-making framework with three phases: (i) modeling quality goals aiming at incorporating them into the decision model, (ii) designing game-theoretic techniques in order to build the decision model, and (iii) realizing the decision-making engine in the adaptation manager. Modeling quality goals provides the adaptation manager with the knowledge-base required in making a systematic adaptation decision. The framework aims at exhibiting a plug-and-play capability to adapt game-theoretic techniques that suite security goals and requirements of the software.