Yuanjie LI,Jie SUN,Qiying CAO

2014-01-01

Abstract:The attack actions analysis for Ad Hoc networks can provide a reference for the design security mechanisms. This paper presents an analysis method of security of Ad Hoc networks based on Stochastic Game Nets (SGN). This method can establish a SGN model of Ad Hoc networks and calculate to get the Nash equilibrium strategy. After transforming the SGN model into a continuous-time Markov Chain (CTMC), the security of Ad Hoc networks can be evaluated and analyzed quantitatively by calculating the stationary probability of CTMC. Finally, the Matlab simulation results show that the probability of successful attack is related to the attack intensity and expected payoffs, but not attack rate.

Yuanzhuo Wang,Jingyuan Li,Kun Meng,Chuang Lin,Xueqi Cheng

DOI: https://doi.org/10.1002/sec.535

IF: 1.968

2012-04-17

Security and Communication Networks

Abstract:In this paper, we propose a novel modeling method attack–defense stochastic game Petri nets (or ADSGN) to model and analyze the security issues in enterprise network. We firstly give the definition and modeling method algorithm of ADSGN and then propose the algorithm of the strategy. The proposed ADSGN method is successfully applied to describe the attack and defense courses in the enterprise network. Finally, we analyze the mean time to first security breach and the mean time to security breach in the enterprise network quantifiably, and proved that our method can also be applied to other areas with respect to game issues. Copyright © 2012 John Wiley & Sons, Ltd. According to the characteristics of the network attack and defense actions, we extend the previous work by proposing attack‐defense stochastic game Petri nets (or ADSGNs), which can be used to model and analyze the competitive game issues by using classical methods from stochastic Petri nets. ADSGN are suitable to investigate the complex and dynamic game‐related issues in network attack. In this paper, we use ADSGN to model and analyze the enterprise network attacks, compute the Nash equilibrium to deduce the best‐response strategies to defend the attacks. We believe that ADSGN can open a new avenue to handle the game‐related issues in network security.

computer science, information systems,telecommunications

Chuang Lin,Yuanzhuo Wang,Yang Wang,Haiyi Zhu

2008-01-01

Abstract:In this paper, we propose a novel modeling method, Stochastic Game Nets(SGN). SGN is an good method to model and deal with the game issues, which takes advantages of both stochastic game theory and Stochastic Petri Nets. The SGN could inherit the efficient and flexible modeling approach of Stochastic Petri Nets, and also make well use of the game-theoretical framework from game theory. Meanwhile, we apply the SGN method to model and analyze the network attacks, compute the Nash equilibrium and best-response strategies to defend the attacks. We believe that the SGN opens a new avenue to deal with the game issues in computer networks.

Zenan Wu,Liqin Tian,Yi Zhang,Yan Wang,Yuquan Du

DOI: https://doi.org/10.1155/2021/4005877

IF: 1.968

2021-11-13

Security and Communication Networks

Abstract:At present, most network security analysis theory assumes that the players are completely rational. However, this is not consistent with the actual situation. In this paper, based on the effectiveness constraints on both sides with network attack and defense, with the help of stochastic Petri net and evolutionary game theory, the Petri net model of network attack and defense stochastic evolutionary game is reconstructed, the specific definition of the model is given, and the modeling method is given through the network connection relationship and attack and defense strategy set. Using this model, a quantitative analysis of network attack events is carried out to solve a series of indicators related to system security, namely, attack success rate, average attack time, and average system repair time. Finally, the proposed model and analysis method are applied to a classic network attack and defense process for experimental analysis, and the results verify the rationality and accuracy of the model and analysis method.

computer science, information systems,telecommunications

Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

AbdelRahman Eldosouky,Walid Saad,Dusit Niyato

DOI: https://doi.org/10.1109/ICC.2016.7510985

2016-10-13

Abstract:Moving target defense (MTD) techniques that enable a system to randomize its configuration to thwart prospective attacks are an effective security solution for tomorrow's wireless networks. However, there is a lack of analytical techniques that enable one to quantify the benefits and tradeoffs of MTDs. In this paper, a novel approach for implementing MTD techniques that can be used to randomize cryptographic techniques and keys in wireless networks is proposed. In particular, the problem is formulated as a stochastic game in which a base station (BS), acting as a defender seeks to strategically change its cryptographic techniques and keys in an effort to deter an attacker that is trying to eavesdrop on the data. The game is shown to exhibit a single-controller property in which only one player, the defender, controls the state of the game. For this game, the existence and properties of the Nash equilibrium are studied, in the presence of a defense cost for using MTD. Then, a practical algorithm for deriving the equilibrium MTD strategies is derived. Simulation results show that the proposed game-theoretic MTD framework can significantly improve the overall utility of the defender, while enabling effective randomization over cryptographic techniques.

Computer Science and Game Theory,Information Theory

Ankur Chowdhary,Sailik Sengupta,Adel Alshamrani,Dijiang Huang,Abdulhakim Sabur

DOI: https://doi.org/10.1109/iccnc.2019.8685647

2019-02-01

Abstract:Large scale cloud networks consist of distributed networking and computing elements that process critical information and thus security is a key requirement for any environment. Unfortunately, assessing the security state of such networks is a challenging task and the tools used in the past by security experts such as packet filtering, firewall, Intrusion Detection Systems (IDS) etc., provide a reactive security mechanism. In this paper, we introduce a Moving Target Defense (MTD) based proactive security framework for monitoring attacks which lets us identify and reason about multi-stage attacks that target software vulnerabilities present in a cloud network. We formulate the multi-stage attack scenario as a two-player zero-sum Markov Game (between the attacker and the network administrator) on attack graphs. The rewards and transition probabilities are obtained by leveraging the expert knowledge present in the Common Vulnerability Scoring System (CVSS). Our framework identifies an attacker’s optimal policy and places countermeasures to ensure that this attack policy is always detected, thus forcing the attacker to use a sub-optimal policy with higher cost.

Mariusz Żal,Marek Michalski,Piotr Zwierzykowski

DOI: https://doi.org/10.3390/electronics13050918

IF: 2.9

2024-02-29

Electronics

Abstract:The contemporary world, dominated by information technologt (IT), necessitates sophisticated protection mechanisms against attacks that pose significant threats to individuals, companies, and governments alike. The unpredictability of human behavior, coupled with the scattered development of applications and devices, complicates supply chain maintenance, making it impossible to develop a system entirely immune to cyberattacks. Effective execution of many attack types hinges on prior network reconnaissance. Thus, hindering effective reconnaissance serves as a countermeasure to attacks. This paper introduces a solution within the moving target defense (MTD) strategies, focusing on the mutation of Internet protocol (IP) addresses in both edge and core network switches. The idea of complicating reconnaissance by continually changing IP addresses has been suggested in numerous studies. Nonetheless, previously proposed solutions have adversely impacted the quality of service (QoS) levels. Implementing these mechanisms could interrupt Transmission Control Protocol (TCP) connections and result in data losses. The IP address mutation algorithms presented in this study were designed to be fully transparent to transport layer protocols, thereby preserving the QoS for users without degradation. In this study, we leveraged the benefits of software-defined networking (SDN) and the Programming-Protocol-Ondependent Packet Processors (P4) language, which specifies packet processing methodologies in the data plane. Employing both SDN and P4 enables a dynamic customization of network device functionalities to meet network users' specific requirements, a feat unachievable with conventional computer networks. This approach not only enhances the adaptability of network configurations but also significantly increases the efficiency and effectiveness of network management and operation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Sailik Sengupta,Ankur Chowdhary,Abdulhakim Sabur,Adel Alshamrani,Dijiang Huang,Subbarao Kambhampati

DOI: https://doi.org/10.1109/comst.2020.2982955

2020-01-01

Abstract:Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to the static nature of network services and configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts the configuration of the underlying system, in turn reducing the success rate of cyberattacks. In this survey, we analyze the recent advancements made in the development of MTDs and highlight (1) how these defenses can be defined using common terminology, (2) can be made more effective with the use of artificial intelligence techniques for decision making, (3) be implemented in practice and (4) evaluated. We first define an MTD using a simple and yet general notation that captures the key aspects of such defenses. We then categorize these defenses into different sub-classes depending on what they move, when they move and how they move. In trying to answer the latter question, we showcase the use of domain knowledge and game-theoretic modeling can help the defender come up with effective and efficient movement strategies. Second, to understand the practicality of these defense methods, we discuss how various MTDs have been implemented and find that networking technologies such as Software Defined Networking and Network Function Virtualization act as key enablers for implementing these dynamic defenses. We then briefly highlight MTD test-beds and case-studies to aid readers who want to examine or deploy existing MTD techniques. Third, our survey categorizes proposed MTDs based on the qualitative and quantitative metrics they utilize to evaluate their effectiveness in terms of security and performance. We use well-defined metrics such as risk analysis and performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, and target-d threat models for quantitative evaluation. Finally, we show that our categorization of MTDs is effective in identifying novel research areas and highlight directions for future research.

computer science, information systems,telecommunications

Fannv He,Yuqing Zhang,Huizheng Liu

DOI: https://doi.org/10.48550/arXiv.1711.10182

2017-11-28

Cryptography and Security

Abstract:Internet of Things (IoT) is characterized by various of heterogeneous devices and facing numerous threats. Modeling security of IoT is still a certain challenge. This paper defines a Stochastic Colored Petri Net (SCPN) for IoT-based smart environment and then proposes a Markov Game model for security situational awareness (SSA) in the defined SCPN. All possible attack paths are computed by the SCPN, and antagonistic behavior of both attackers and defenders are taken into consideration dynamically according to Game Theory. Two attack scenarios in smart home environment are taken into consideration to demonstrate the effectiveness of the proposed model. The proposed model can form a macroscopic trend curve of security situation. Analysis of the results shows the capabilities of the proposed model in finding vulnerable devices and potential attack paths, and even mitigating the impact of attacks. To our knowledge, this is the first attempt to establish a dynamic SSA model for a complex IoT-based smart environment.

Ankita A. Mahamune,M. M. Chandane

DOI: https://doi.org/10.1007/s40031-021-00627-0

2021-06-15

Journal of The Institution of Engineers (India): Series B

Abstract:Mobile Ad hoc NETwork (MANET) is a distributed architecture-less network having mobile nodes dynamically building up routes among themselves for transmission of packets. Security is the most crucial interest for its essential working. Due to its distinctive features including active network topology, lack of fixed/centralized authority, slower data transfer rate, a limited number of resources, bandwidth, and battery power, it is often attackable by malevolent nodes. Various types of attacks can affect network operations and make trans-reception untrustworthy. In order to obtain a more robust MANET operation through innovative design and development strategies, the study of severity of various attacks and their respective counter measures is necessary. This paper presents a detailed survey of TCP/IP layerwise attacks on MANET and the corresponding defence mechanisms. Further, a MANET scenario using a standard dynamic routing protocol Ad Hoc On-demand Distance Vector (AODV) is framed and tested under the routing disruption attacks viz. grayhole, blackhole, and cooperative blackhole. The attacks are simulated in the EXata environment to determine their prevalence over others in varying network scenarios. The comparative performance analysis is also carried out based on the measurements of the state-of-the-art evaluation metrics like Packet Delivery Ratio (PDR), end-to-end delay, throughput, jitter, and the number of data packets dropped by malicious nodes. The presented work brings uniqueness where it covers a wide variety of attacks, respective defence mechanisms, and a successful practical demonstration to validate the severity of selective dominant attacks all at one place which is not found in earlier literature.

Akhil Gupta,Rakesh Kumar Jha,Sanjeev Jain

DOI: https://doi.org/10.1002/dac.3237

2016-11-28

International Journal of Communication Systems

Abstract:Research has been going around the globe to overcome the challenges that are associated with the increase in the number of users, such as interference management, load sharing, and increased capacity. 5G is emerging as a budding prospect for fulfilling demand and overcoming these challenges. For meeting the increased demands, new technologies such as relays in device‐to‐device communication and small cell access points have been introduced. However, these introductions have opened up security issues in the 5G wireless communication networks. This article focuses on security issues of the 5G wireless communication networks and analyzes the effect of a bandwidth spoofing attack using game theory on the small cell access point in 5G wireless communication network. This article also proposes an adaptive intrusion detection system using a hidden Markov Model for detecting an intrusion on small cell access point in a 5G wireless communication networks. This article has concluded that the Game theory has proven to be a useful method in examining the bandwidth spoofing attack. In addition, with the use of prisoner's dilemma game theory, attacker is able to spoof the bandwidth from the defender with a significant winning percentage. This article has also proposed an adaptive intrusion detection system, which is capable of detecting and removing the intruder executing the bandwidth spoofing attack on the small cell access in a 5G wireless communication network.

telecommunications,engineering, electrical & electronic

Gaoxin Qi,Jichao Li,Chi Xu,Gang Chen,Kewei Yang

DOI: https://doi.org/10.3390/e25010057

IF: 2.738

2022-12-29

Entropy

Abstract:Today, people rely heavily on infrastructure networks. Attacks on infrastructure networks can lead to significant property damage and production stagnation. The game theory provides a suitable theoretical framework for solving the problem of infrastructure protection. Existing models consider only the beneficial effects that the defender obtains from information gaps. If the attacker's countermeasures are ignored, the defender will become passive. Herein, we consider that a proficient attacker with a probability in the game can fill information gaps in the network. First, we introduce the link-hiding rule and the information dilemma. Second, based on the Bayesian static game model, we establish an attack–defense game model with multiple types of attackers. In the game model, we consider resource-consistent and different types of distributions of the attacker. Then, we introduce the solution method of our model by combining the Harsanyi transformation and the bi-matrix game. Finally, we conduct experiments using a scale-free network. The result shows that the defender can be benefited by hiding some links when facing a normal attacker or by estimating the distribution of the attacker correctly. The defender will experience a loss if it ignores the proficient attacker or misestimates the distribution.

physics, multidisciplinary

El Mehdi Kandoussi,Adam Houmairi,Iman El Mir,Mostafa Bellafkih

DOI: https://doi.org/10.1007/s10586-024-04604-2

2024-06-15

Cluster Computing

Abstract:Security challenges in complex information technologies continue to grow and diversify. To improve network security, many researchers have explored the game theoretic approach as a hopeful modeling tool. Knowing that the attacker can take advantage of vulnerabilities and explore existing weaknesses in the network configuration to gain access to the system for a successful attack, our objective is to benefit from virtual machines' migration as a moving target defense technique and honeypot as a deceiving technique to increase the attack surface's dynamicity. This paper presents a game-theoretic framework for modeling attack-defense interaction. A model based on incomplete information game and attack graph is developed. Our main findings reveal in which case migration of virtual machines should be established in a architecture where a honeypot is deployed and identify the potential attack paths based on system security parameters. This provides network administrators with the ability to find unsecure nodes, avoid negative externality and more precisely inefficient migrations which impact the quality of service.

computer science, information systems, theory & methods

Arash Bozorgchenani,Charilaos C. Zarakovitis,Su Fong Chien,Qiang Ni,Antonios Gouglidis,Wissam Mallouli,Heng Siong Lim

DOI: https://doi.org/10.1109/tnse.2024.3358170

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Network connectivity exposes the network infrastructure and assets to vulnerabilities that attackers can exploit. Protecting network assets against attacks requires the application of security countermeasures. Nevertheless, employing countermeasures incurs costs, such as monetary costs, along with time and energy to prepare and deploy the countermeasures. Thus, an Intrusion Response System (IRS) shall consider security and QoS costs when dynamically selecting the countermeasures to address the detected attacks. This has motivated us to formulate a joint Security-vs-QoS optimization problem to select the best countermeasures in an IRS. The problem is then transformed into a matching game-theoretical model. Considering the monetary costs and attack coverage constraints, we first derive the theoretical upper bound for the problem and later propose stable matching-based solutions to address the trade-off. The performance of the proposed solution, considering different settings, is validated over a series of simulations.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Parmod Kumar,Anupam Baliyan,K. Ramalingeswara Prasad,N. Sreekanth,Parag Jawarkar,Vandana Roy,Enoch Tetteh Amoatey

DOI: https://doi.org/10.1155/2022/5713092

2022-04-13

Wireless Communications and Mobile Computing

Abstract:A number of disadvantages of traditional networks may be attributed to the close relationship that exists between the control plane and the data plane inside proprietary hardware designs, as described above. The problem of security is one of the most difficult to deal with. There are a plethora of network hazards and attacks that might be encountered these days. DDoS attacks are one of the most popular and disruptive attacks on the internet today, and they affect a wide range of organisations. Despite a large number of traditional mitigation solutions now available, the frequency, volume, and intensity of distributed denial-of-service (DDoS) attacks continue to rise. According to the findings of this paper, a new network paradigm is necessary to satisfy the requirements of today’s complex security concerns. It was necessary to develop a software-defined network (SDN) in order to meet the real-time needs of the massive network that was expanding at an exponential rate. Many advantages of SDN exist, including simplicity of administration, scalability, and agility, but one of the most critical is security, which is one of the most important considerations when implementing SDN. SDS may be seen as a paradigm in which the implementation of new security regulations in the computer environment is performed via the use of protected software, which is described further below. The goal is to provide a flexible and extensible architecture for DDoS detection and prevention that is both flexible and extendable; the suggested clustering approach, which is based on the Open Day Light (ODL) Controller, is employed to carry out the experimental findings. In this section, we emphasise DDoS penetration techniques from a range of tools, and we evaluate the vulnerability against various tactics. It is necessary to use a Mininet emulation tool to construct a detection and prevention system against distributed denial of service (DDoS) attacks in order to achieve success. There is a range of other simulation tools that are utilised in conjunction with this research in order to bring it to a conclusion. Integration of industry standards such as SNORT and Flow has been accomplished in a variety of situations and parameter settings. During the creation of a framework capable of detecting and mitigating DDoS attacks at an early stage in both the control and application levels, the implementation of this framework has been shown to be crucial in the development of a framework.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ning Liu,Qing-Wei Chai,Shangkun Liu,Fanying Meng,Wei-Min Zheng

DOI: https://doi.org/10.1155/2022/1181398

IF: 1.968

2022-11-09

Security and Communication Networks

Abstract:The development of the 5th Generation Mobile Communication Technology not only brings convenience to people but also brings many network security problems. Based on the static game theory of complete information, a game model of attack and defense with limited resources in heterogeneous networks of Cyber Physical Systems is established. This model analyzes the basic rules of the offensive and defensive strategies of both parties when the offensive and defensive resources are limited in the 5th Generation Mobile Communication Technology network environment. The model can also describe the interaction between attackers and defenders. A novel compact particle swarm optimization algorithm is proposed to solve the difficult problem of solving the Nash equilibrium of this game model. The simulation experiment proves that novel compact particle swarm optimization algorithm has good optimization ability and shows that the algorithm can effectively solve the Nash equilibrium of the model. The simulation experiment provides a strategic reference for the attack-defense game with limited resources.

computer science, information systems,telecommunications

Yuanzhuo Wang,Min Yu,Jingyuan Li,Kun Meng,Chuang Lin,Xueqi Cheng

DOI: https://doi.org/10.1007/s10207-011-0148-z

2011-01-01

International Journal of Information Security

Abstract:Stochastic game theoretic framework has been used in many fields of networks with interactive behaviors. However, further use of this framework is limited due to the following reasons. Firstly, it is difficult to build comprehensive and rigorous models for complex network structures by the state-based game model. Secondly, solving and extending the dynamic behaviors of participators of the network are nearly impossible, because of the complexity of state transitions. Last but not least, general game model is not able to describe and analyze specific events and behaviors in some kinds of networks, like enterprise networks. In this paper, we propose a new modeling paradigm (stochastic game net, or SGN) for stochastic games representation with Petri nets. Based on our graphical tool, stochastic game problems can be described clearly, and the model can be solved and extended easily. Moreover, this paper puts forth a series of methods for modeling and analyzing the competitive game by SGN, which is the main contribution of this work. Our achievements are applied to the security analysis for enterprise networks. The analysis results prove the powerful ability of our achievements in solving the complicated and dynamic game problems. Furthermore, our approaches can be used to calculate the existence and the value of an equilibrium point.

Xin YANG,Hui LI,Jiangxing WU,Peng YI

DOI: https://doi.org/10.1360/ssi-2019-0224

2020-01-01

Abstract:Cyber mimic defenses have recently emerged as a dynamic heterogeneity redundancy architecture, which adjust the asymmetry between defenders and attackers by reconfiguring the system according to the network scenario. Some studies have investigated the effectiveness of security models, however, there is still a lack of convincing and practical methods to assess CMD networks quantitatively. Thus, in this paper, we propose a two-dimension model that calculates those details as a digital result to compare different CMD networks. In addition, the proposed method demonstrates good scalability in different networks. Specifically, in the first dimension, i.e., attacking a single node, we elaborate on system configurations and employ the Generalized Stochastic Petri net model to capture the effectiveness of different behaviors from gamers. To quantify the impacts of those behaviors, we parameterized them using a Poisson process, common vulnerabilities and exposures, and the common vulnerability scoring system. In the second dimension, we adopt Markov chains and the Martingale theory to analyze the attack process along the attack chain. Finally, security metrics and countermeasures under different scenarios are presented to verify the effectiveness of CMD, which provides some guidance for designing future systems with acceptable cost.

Fei He,Jun Zhuang,Nageswara S. V. Rao

2012-01-01

Abstract:Critical infrastructures rely on cyber and physical components that are both subject to natural, incidental or intentional degradations. Game theory has been used in studying the strategic interactions between attackers and defenders for critical infrastructure protection, but has not been extensively used in complex cyber-physical networks. This paper fills the gap by modeling the probabilities of successful attacks in both cyber and physical spaces as functions of the number of components that are attacked and defended. The results show that the attack effort would first increase then decrease in (a) defense effort, (b) the probability of successful attack on each component, (c) the number of minimum required functioning resources, and (d) the maximum number of available resources. Comparing simultaneous and sequential games, our results show that the defender performs better when she moves first. Our research provides some novel insights into the survival of such infrastructures and optimal resource allocation under various costs and target valuations that players may have.