Network connectivity exposes the network infrastructure and assets to vulnerabilities that attackers can exploit. Protecting network assets against attacks requires the application of security countermeasures. Nevertheless, employing countermeasures incurs costs, such as monetary costs, along with time and energy to prepare and deploy the countermeasures. Thus, an Intrusion Response System (IRS) shall consider security and QoS costs when dynamically selecting the countermeasures to address the detected attacks. This has motivated us to formulate a joint Security-vs-QoS optimization problem to select the best countermeasures in an IRS. The problem is then transformed into a matching game-theoretical model. Considering the monetary costs and attack coverage constraints, we first derive the theoretical upper bound for the problem and later propose stable matching-based solutions to address the trade-off. The performance of the proposed solution, considering different settings, is validated over a series of simulations.

翻译：网络连接性使得网络基础设施和资产暴露于攻击者可利用的漏洞中。保护网络资产免受攻击需要应用安全对策。然而，采用对策会带来成本，例如货币成本，以及准备和部署对策所需的时间和能源。因此，入侵响应系统（IRS）在动态选择应对已检测攻击的对策时，应考虑安全和服务质量（QoS）成本。这促使我们提出一个联合安全与QoS优化问题，以在IRS中选择最佳对策。随后，该问题被转化为一个匹配博弈理论模型。考虑到货币成本和攻击覆盖约束，我们首先推导出问题的理论上界，随后提出基于稳定匹配的解决方案以权衡二者。通过一系列仿真实验，验证了所提方案在不同设置下的性能。