摘要 |
A method for selecting a combination of responses (Ci) to an on-going attack (AK) on a virtual network (VN), said method comprising the following steps performed by a hypervisor (HY):
- determining (701) a first set (S1) of attacks graphs (AGi), each attacks graph (AGi) being modeled from said on-going attack (AK) and comprising a plurality (P) of potential attacks (Ai) and,
- determining (703) a second set (S2) of combinations of responses (Ci) corresponding to the plurality (P) of potential attacks (Ai) from at least one attacks graph (AGi) from the first set (S1),
- duplicating (705) the virtual network (VN) into a third set (S3) of duplicated virtual network (DVNi),
- executing (707) at least two combinations of responses (Ci) from the second set (S2) respectively in at least two duplicated virtual networks (DVNi) from the third set (S3), and measuring (709) a set of metrics (Mi) representative of the state of each of said at least two duplicated virtual network (DVNi),
- determining (711) a return of combined responses investment metric (RCRi) from each set of metrics (Mi),
- selecting (713), depending on the step of determining (711) the return of combined responses investment metric (RCRi), an adapted combination of responses (AC) amongst the second set (S2) of combination of responses (Ci). |