Chao Qi,Jiangxing Wu,Guozhen Cheng,Jianjian Ai,Shuo Zhao

DOI: https://doi.org/10.1155/2018/4123736

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Security evaluation of SDN architectures is of critical importance to develop robust systems and address attacks. Focused on a novel-proposed dynamic SDN framework, a game-theoretic model is presented to analyze its security performance. This model can represent several kinds of players' information, simulate approximate attack scenarios, and quantitatively estimate systems' reliability. Andwe explore several typical game instances defined by system's capability, players' objects, and strategies. Experimental results illustrate that the system's detection capability is not a decisive element to security enhancement as introduction of dynamism and redundancy into SDNcan significantly improve security gain and compensate for its detection weakness. Moreover, we observe a range of common strategic actions across environmental conditions. And analysis reveals diverse defense mechanisms adopted in dynamic systems have different effect on security improvement. Besides, the existence of equilibrium in particular situations further proves the novel structure's feasibility, flexibility, and its persistent ability against long-term attacks.

Tobias Friedrich,Sven Ihde,Christoph Keßler,Pascal Lenzner,Stefan Neubert,David Schumann

DOI: https://doi.org/10.48550/arXiv.1610.01861

2017-05-22

Abstract:Inspired by real world examples, e.g. the Internet, researchers have introduced an abundance of strategic games to study natural phenomena in networks. Unfortunately, almost all of these games have the conceptual drawback of being computationally intractable, i.e. computing a best response strategy or checking if an equilibrium is reached is NP-hard. Thus, a main challenge in the field is to find tractable realistic network formation models. We address this challenge by investigating a very recently introduced model by Goyal et al. [WINE'16] which focuses on robust networks in the presence of a strong adversary who attacks (and kills) nodes in the network and lets this attack spread virus-like to neighboring nodes and their neighbors. Our main result is to establish that this natural model is one of the few exceptions which are both realistic and computationally tractable. In particular, we answer an open question of Goyal et al. by providing an efficient algorithm for computing a best response strategy, which implies that deciding whether the game has reached a Nash equilibrium can be done efficiently as well. Our algorithm essentially solves the problem of computing a minimal connection to a network which maximizes the reachability while hedging against severe attacks on the network infrastructure and may thus be of independent interest.

Computer Science and Game Theory,Discrete Mathematics,Data Structures and Algorithms,Networking and Internet Architecture

Quanyan Zhu,Stefan Rass

DOI: https://doi.org/10.1145/3243734.3264421

2018-08-24

Abstract:The increasingly pervasive connectivity of today's information systems brings up new challenges to security. Traditional security has accomplished a long way toward protecting well-defined goals such as confidentiality, integrity, availability, and authenticity. However, with the growing sophistication of the attacks and the complexity of the system, the protection using traditional methods could be cost-prohibitive. A new perspective and a new theoretical foundation are needed to understand security from a strategic and decision-making perspective. Game theory provides a natural framework to capture the adversarial and defensive interactions between an attacker and a defender. It provides a quantitative assessment of security, prediction of security outcomes, and a mechanism design tool that can enable security-by-design and reverse the attacker's advantage. This tutorial provides an overview of diverse methodologies from game theory that includes games of incomplete information, dynamic games, mechanism design theory to offer a modern theoretic underpinning of a science of cybersecurity. The tutorial will also discuss open problems and research challenges that the CCS community can address and contribute with an objective to build a multidisciplinary bridge between cybersecurity, economics, game and decision theory.

Cryptography and Security

Juntao Chen,Corinne Touati,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.1906.07185

2019-06-18

Abstract:Infrastructure networks are vulnerable to both cyber and physical attacks. Building a secure and resilient networked system is essential for providing reliable and dependable services. To this end, we establish a two-player three-stage game framework to capture the dynamics in the infrastructure protection and recovery phases. Specifically, the goal of the infrastructure network designer is to keep the network connected before and after the attack, while the adversary aims to disconnect the network by compromising a set of links. With costs for creating and removing links, the two players aim to maximize their utilities while minimizing the costs. In this paper, we use the concept of subgame perfect equilibrium (SPE) to characterize the optimal strategies of the network defender and attacker. We derive the SPE explicitly in terms of system parameters. We further investigate the resilience planning of the defender and the strategic timing of attack of the adversary. Finally, we use case studies of UAV-enabled communication networks for disaster recovery to corroborate the obtained analytical results.

Systems and Control,Computer Science and Game Theory

Gabriele Dragotto,Amine Boukhtouta,Andrea Lodi,Mehdi Taobane

DOI: https://doi.org/10.1007/s10878-024-01173-3

2024-05-20

Journal of Combinatorial Optimization

Abstract:In this work, we introduce a game-theoretic model that assesses the cyber-security risk of cloud networks and informs security experts on the optimal security strategies. Our approach combines game theory, combinatorial optimization, and cyber-security and aims to minimize the unexpected network disruptions caused by malicious cyber-attacks under uncertainty. Methodologically, we introduce the the critical node game , a simultaneous and non-cooperative attacker-defender game where each player solves a combinatorial optimization problem parametrized in the variables of the other player. Each player simultaneously commits to a defensive (or attacking) strategy with limited knowledge about the choices of their adversary. We provide a realistic model for the critical node game and propose an algorithm to compute its stable solutions, i.e. , its Nash equilibria. Practically, our approach enables security experts to assess the security posture of the cloud network and dynamically adapt the level of cyber-protection deployed on the network. We provide a detailed analysis of a real-world cloud network and demonstrate the efficacy of our approach through extensive computational tests.

mathematics, applied,computer science, interdisciplinary applications

S. Rasoul Etesami,Tamer Başar

DOI: https://doi.org/10.1007/s13235-018-00291-y

2019-01-01

Dynamic Games and Applications

Abstract:Due to complex dependencies between multiple layers and components of emerging cyber-physical systems, security and vulnerability of such systems have become a major challenge in recent years. In this regard, game theory, a powerful tool for modeling strategic interactions between multiple decision makers with conflicting objectives, offers a natural paradigm to address the security-related issues arising in these systems. While there exists substantial amount of work in modeling and analyzing security problems using game-theoretic techniques, most of the existing literature in this area focuses on static game models, ignoring the dynamic nature of interactions between the main players (defenders vs. attackers). In this paper, we focus only on dynamic game analysis of cyber-physical security problems and provide a general overview of the existing results and recent advances based on application domains. We also discuss several limitations of the existing models and identify several hitherto unaddressed directions for future research.

mathematics, interdisciplinary applications

T. Başar,Quanyan Zhu

DOI: https://doi.org/10.1109/MCS.2014.2364710

2015-01-16

IEEE Control Systems

Abstract:Critical infrastructures, such as power grids and transportation systems, are increasingly using open networks for operation. The use of open networks poses many challenges for control systems. The classical design of control systems takes into account modeling uncertainties as well as physical disturbances, providing a multitude of control design methods such as robust control, adaptive control, and stochastic control. With the growing level of integration of control systems with new information technologies, modern control systems face uncertainties not only from the physical world but also from the cybercomponents of the system. The vulnerabilities of the software deployed in the new control system infrastructure will expose the control system to many potential risks and threats from attackers. Exploitation of these vulnerabilities can lead to severe damage as has been reported in various news outlets [1], [2]. More recently, it has been reported in [3] and [4] that a computer worm, Stuxnet, was spread to target Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes.

Engineering,Computer Science

Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Suman Rath,Tapadhir Das,Shamik Sengupta

2023-06-27

Abstract:Cyber-physical microgrids are vulnerable to rootkit attacks that manipulate system dynamics to create instabilities in the network. Rootkits tend to hide their access level within microgrid system components to launch sudden attacks that prey on the slow response time of defenders to manipulate system trajectory. This problem can be formulated as a multi-stage, non-cooperative, zero-sum game with the attacker and the defender modeled as opposing players. To solve the game, this paper proposes a deep reinforcement learning-based strategy that dynamically identifies rootkit access levels and isolates incoming manipulations by incorporating changes in the defense plan. A major advantage of the proposed strategy is its ability to establish resiliency without altering the physical transmission/distribution network topology, thereby diminishing potential instability issues. The paper also presents several simulation results and case studies to demonstrate the operating mechanism and robustness of the proposed strategy.

Cryptography and Security,Systems and Control

Brandon Collins,Shouhuai Xu,Philip N. Brown

2024-01-25

Abstract:The discipline of game theory was introduced in the context of economics, and has been applied to study cyber attacker and defender behaviors. While adaptions have been made to accommodate features in the cyber domain, these studies are inherently limited by the root of game theory in economic systems where players (i.e., agents) may be selfish but not malicious. In this SoK, we systematize the major cybersecurity problems that have been studied with the game-theoretic approach, the assumptions that have been made, the models and solution concepts that have been proposed. The systematization leads to a characterization of the technical gaps that must be addressed in order to make game-theoretic cybersecurity models truly useful. We explore bridges to address them.

Computer Science and Game Theory,Cryptography and Security

Stamatios Katsikas,Vassili Kolokoltsov

DOI: https://doi.org/10.3934/jdg.2019021

2018-08-20

Abstract:The recently developed mean-field game models of corruption and bot-net defence in cyber-security, the evolutionary game approach to inspection and corruption, and the pressure-resistance game element, can be combined under an extended model of interaction of large number of indistinguishable small players against a major player, with focus on the study of security and crime prevention. In this paper we introduce such a general framework for complex interaction in network structures of many players, that incorporates individual decision making inside the environment (the mean-field game component), binary interaction (the evolutionary game component), and the interference of a principal player (the pressure-resistance game component). To perform concrete calculations with this overall complicated model we work in three basic asymptotic regimes; fast execution of personal decisions, small rates of binary interactions, and small payoff discounting in time. By this approach we construct a class of solutions having the so-called turnpike property.

Optimization and Control

Bram de Witte,Paolo Frasca,Bastiaan Overvest,Judith Timmer

DOI: https://doi.org/10.48550/arXiv.1906.09486

2019-06-23

Abstract:A digital security breach, by which confidential information is leaked, does not only affect the agent whose system is infiltrated, but is also detrimental to other agents socially connected to the infiltrated system. Although it has been argued that these externalities create incentives to under-invest in security, this presumption is challenged by the possibility of strategic adversaries that attack the least protected agents. In this paper we study a new model of security games in which agents share tokens of sensitive information in a network of contacts. The agents have the opportunity to invest in security to protect against an attack that can be either strategically or randomly targeted. We show that, in the presence of random attack, under-investments always prevail at the Nash equilibrium in comparison with the social optimum. Instead, when the attack is strategic, either under-investments or over-investments are possible, depending on the network topology and on the characteristics of the process of the spreading of information. Actually, agents invest more in security than socially optimal when dependencies among agents are low (which can happen because the information network is sparsely connected or because the probability that information tokens are shared is small). These over-investments pass on to under-investments when information sharing is more likely (and therefore, when the risk brought by the attack is higher).

Social and Information Networks,Computer Science and Game Theory

Juntao Chen,Corinne Touati,Quanyan Zhu

DOI: https://doi.org/10.1145/3152042.3152079

2017-07-22

Abstract:Infrastructure networks are vulnerable to both cyber and physical attacks. Building a secure and resilient networked system is essential for providing reliable and dependable services. To this end, we establish a two-player three-stage game framework to capture the dynamics in the infrastructure protection and recovery phases. Specifically, the goal of the infrastructure network designer is to keep the network connected before and after the attack, while the adversary aims to disconnect the network by compromising a set of links. With costs for creating and removing links, the two players aim to maximize their utilities while minimizing the costs. In this paper, we use the concept of subgame perfect equilibrium (SPE) to characterize the optimal strategies of the network defender and attacker. We derive the SPE explicitly in terms of system parameters. Finally, we use a case study of UAV-enabled communication networks for disaster recovery to corroborate the obtained analytical results.

Computer Science and Game Theory

Fei He,Jun Zhuang,Nageswara S. V. Rao

2012-01-01

Abstract:Critical infrastructures rely on cyber and physical components that are both subject to natural, incidental or intentional degradations. Game theory has been used in studying the strategic interactions between attackers and defenders for critical infrastructure protection, but has not been extensively used in complex cyber-physical networks. This paper fills the gap by modeling the probabilities of successful attacks in both cyber and physical spaces as functions of the number of components that are attacked and defended. The results show that the attack effort would first increase then decrease in (a) defense effort, (b) the probability of successful attack on each component, (c) the number of minimum required functioning resources, and (d) the maximum number of available resources. Comparing simultaneous and sequential games, our results show that the defender performs better when she moves first. Our research provides some novel insights into the survival of such infrastructures and optimal resource allocation under various costs and target valuations that players may have.

Jon Goohs,Georgel Savin,Lucas Starks,Josiah Dykstra,William Casey

2024-03-16

Abstract:Variations of the Flip-It game have been applied to model network cyber operations. While Flip-It can accurately express uncertainty and loss of control, it imposes no essential resource constraints for operations. Capture the flag (CTF) style competitive games, such as Flip-It , entail uncertainties and loss of control, but also impose realistic constraints on resource use. As such, they bear a closer resemblance to actual cyber operations. We formalize a dynamical network control game for CTF competitions and detail the static game for each time step. The static game can be reformulated as instances of a novel optimization problem called Adversarial Knapsack (AK) or Dueling Knapsack (DK) when there are only two players. We define the Adversarial Knapsack optimization problems as a system of interacting Weighted Knapsack problems, and illustrate its applications to general scenarios involving multiple agents with conflicting optimization goals, e.g., cyber operations and CTF games in particular. Common awareness of the scenario, rewards, and costs will set the stage for a non-cooperative game. Critically, rational players may second guess that their AK solution -- with a better response and higher reward -- is possible if opponents predictably play their AK optimal solutions. Thus, secondary reasoning which such as belief modeling of opponents play can be anticipated for rational players and will introduce a type of non-stability where players maneuver for slight reward differentials. To analyze this, we provide the best-response algorithms and simulation software to consider how rational agents may heuristically search for maneuvers. We further summarize insights offered by the game model by predicting that metrics such as Common Vulnerability Scoring System (CVSS) may intensify the secondary reasoning in cyber operations.

Cryptography and Security

Yapeng Li,Yu Xiao,Yong Li,Jun Wu

DOI: https://doi.org/10.1109/ACCESS.2018.2872767

IF: 3.9

2018-01-01

IEEE Access

Abstract:Modern society is highly dependent on its critical infrastructures. These infrastructures usually suffer intentional attacks, which is a serious threat to social wellbeing, making the protection of them to be a great challenge for the security agencies. Many game models have been proposed to tackle this problem. However, little of them consider the interrelationship of different targets within the infrastructures. In this paper, the protection of critical infrastructures against a malicious attacker is modeled as a simultaneous game, where the payoffs of the players are evaluated on the basis of the topology structure of the infrastructure system. An efficient algorithm is adopted to obtain the Nash equilibrium solution. The experimental results reveal that in the equilibriums, the defender distributes higher probabilities on protecting the targets who are more important, for example, those with large degrees or betweenness, while the attacker prefers attacking targets with medium degrees or betweenness. The effectiveness of the game-theoretic solution is validated, and the experimental results in a real-world network provide us a clear insight on which targets to protect.

Abhishek N. Kulkarni,Matthew S. Cohen,Charles A. Kamhoua,Jie Fu

2024-07-20

Abstract:Deception plays a crucial role in strategic interactions with incomplete information. Motivated by security applications, we study a class of two-player turn-based deterministic games with one-sided incomplete information, in which player 1 (P1) aims to prevent player 2 (P2) from reaching a set of target states. In addition to actions, P1 can place two kinds of deception resources: "traps" and "fake targets" to disinform P2 about the transition dynamics and payoff of the game. Traps "hide the real" by making trap states appear normal, while fake targets "reveal the fiction" by advertising non-target states as targets. We are interested in jointly synthesizing optimal decoy placement and deceptive defense strategies for P1 that exploits P2's misinformation. We introduce a novel hypergame on graph model and two solution concepts: stealthy deceptive sure winning and stealthy deceptive almost-sure winning. These identify states from which P1 can prevent P2 from reaching the target in a finite number of steps or with probability one without allowing P2 to become aware that it is being deceived. Consequently, determining the optimal decoy placement corresponds to maximizing the size of P1's deceptive winning region. Considering the combinatorial complexity of exploring all decoy allocations, we utilize compositional synthesis concepts to show that the objective function for decoy placement is monotone, non-decreasing, and, in certain cases, sub- or super-modular. This leads to a greedy algorithm for decoy placement, achieving a $(1 - 1/e)$-approximation when the objective function is sub- or super-modular. The proposed hypergame model and solution concepts contribute to understanding the optimal deception resource allocation and deception strategies in various security applications.

Computer Science and Game Theory

Stefan Rass,Sandra König,Stefan Schauer

DOI: https://doi.org/10.1371/journal.pone.0168675

2022-05-02

Abstract:Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker's incentives is often vague, uncertain and in many cases even unavailable. Game theory is a natural approach to model the conflict between the attacker and the defender, and this work investigates a generalized class of matrix games as a risk mitigation tool for an APT defense. Unlike standard game and decision theory, our model is tailored to capture and handle the full uncertainty that is immanent to APT, such as disagreement among qualitative expert risk assessments, unknown adversarial incentives and uncertainty about the current system state (in terms of how deeply the attacker may have penetrated into the system's protective shells already). Practically, game-theoretic APT models can be derived straightforwardly from topological vulnerability analysis, together with risk assessments as they are done in common risk management standards like the ISO 31000 family. Theoretically, these models come with different properties than classical game theoretic models, whose technical solution presented in this work may be of independent interest.

Cryptography and Security,Computer Science and Game Theory