A Game-Theoretic Decision-Making Framework for Engineering Self-Protecting Software Systems.

Targeted and destructive nature of strategies used by attackers to break down the system require mitigation approaches with dynamic awareness. Making a right decision, when facing today's sophisticated and dynamic attacks, is one of the most challenging aspects of engineering self-protecting software systems. Inspired by game theory, in this research work, we model the interactions between the attacker and the software system as a two-player game. Using game-theoretic techniques, the selfprotecting software systems is able to: (i) fuse the strategies of attackers into the decision-making model, and (ii) refine the strategies in dynamic attack scenarios by utilizing what has learned from the system's and adversary's interactions. This research introduces a novel decision-making framework with three phases: (i) modeling quality goals aiming at incorporating them into the decision model, (ii) designing game-theoretic techniques in order to build the decision model, and (iii) realizing the decisionmaking engine in the adaptation manager. Modeling quality goals provides the adaptation manager with the knowledgebase required in making a systematic adaptation decision. The framework aims at exhibiting a plug-and-play capability to adapt game-theoretic techniques that suite security goals and requirements of the software. [ABSTRACT FROM AUTHOR]