HU He,HU Chang-zhen,YAO Shu-ping

2012-01-01

Abstract:To help network administrators to pre-identify potential vulnerabilities and security threats,an active response strategy selecting method based on attack graph was presented.In this method,the network attack graph model forecast aggressive behavior,and analysed attack path with quantitative metrics.The method used the observations during the attack process to match attack graph and updates the belief state.Finally,the partial observable Markov game(POMG) algorithm was used to choose optimal active response strategy.Experimental results show that the active response strategy selection method based on attack graph can improve the accuracy and effectiveness of the response.

Gang Liu,Hong Zhang,Qianmu Li

DOI: https://doi.org/10.3969/j.issn.1005-9830.2014.01.003

2014-01-01

Abstract:To effectively implement the network security risk management and reduce the security risk loss,based on the game theory,this paper designs a network security optimal attack and defense decision-making method through the analysis of interactions between the attacker and the defender. According to the network's topology information,reachable relationship of nodes and vulnerability in-formation,the proposed method generates the network state attack-defense graph( SADG) ,calculates the successful probability and hazard index of each atomic attack in the SADG and gets the successful probability and hazard index of all possible attack paths. The method calculates the utility matrix of different strategies taken by the attacker and the defender at the different network security states. According to the SADG and based on the non-cooperative non-zero-sum game model, this paper proposes an optimal attack and defense decision-making algorithm, and generates optimal attack and defense strategies with the prevention and control measures of vulnerability. This paper analyzes the application of the proposed method in the network security risk management through a typical network example. The experimental results show that this method can effectively generate the optimal offensive and defensive decision.

Jianye Hao,Yinxing Xue,Mahinthan Chandramohan,Yang Liu,Jun Sun

DOI: https://doi.org/10.1109/ictai.2015.154

2015-01-01

Abstract:Network monitoring is an important way to ensure the security of hosts from being attacked by malicious attackers. One challenging problem for network operators is how to distribute the limited monitoring resources (e. g., intrusion detectors) among the network to detect attacks in a cost-effective manner, especially when the attacking strategies can be changing dynamically and unpredictable. To this end, we adopt Markov game to model the interactions between the network operator and the attacker and propose an adaptive Markov strategy (AMS) to determine how the detectors should be placed on the network against possible attacks to minimize the network's accumulated cost over time. The AMS is guaranteed to converge to the best response strategy when the attacker's strategy is fixed (rationality), converge to a fixed strategy under self-play (convergence) and obtain a payoff no less than that under the precomputed Nash equilibrium strategy of the Markov game (safety). The experimental results show that the AMS can achieve better protection for the network compared with both previous approaches based on the prediction of attack paths (equivalent to a graph coloring problem) and Nash equilibrium strategy.

Armita Kazeminajafabadi,Mahdi Imani

DOI: https://doi.org/10.1049/2024/7966713

2024-06-04

IET Information Security

Abstract:The increasing interconnectivity in our infrastructure poses a significant security challenge, with external threats having the potential to penetrate and propagate throughout the network. Bayesian attack graphs have proven to be effective in capturing the propagation of attacks in complex interconnected networks. However, most existing security approaches fail to systematically account for the limitation of resources and uncertainty arising from the complexity of attacks and possible undetected compromises. To address these challenges, this paper proposes a partially observable Markov decision process (POMDP) model for network security under uncertainty. The POMDP model accounts for uncertainty in monitoring and defense processes, as well as the probabilistic attack propagation. This paper develops two security policies based on the optimal stationary defense policy for the underlying POMDP state process (i.e., a network with known compromises): the estimation‐based policy that performs the defense actions corresponding to the optimal minimum mean square error state estimation and the distribution‐based policy that utilizes the posterior distribution of network compromises to make defense decisions. Optimal monitoring policies are designed to specifically support each of the defense policies, allowing dynamic allocation of monitoring resources to capture network vulnerabilities/compromises. The performance of the proposed policies is examined in terms of robustness, accuracy, and uncertainty using various numerical experiments.

computer science, information systems, theory & methods

Zhao Jin-long,Man Da-peng,Yang Wu

DOI: https://doi.org/10.1109/iscram.2011.6184094

2011-01-01

Abstract:To solve the network security response problem, a novel network response decision-making method based on the two-matrix game model was present. We analyzed the attackers and system administrators' different strategies, and then constructed the dual-benefit matrix of the attackers and defenders. On the basis of this, the two-matrix network security game model was proposed. At last, the optimal defense strategy decision-making algorithm was proposed. Using this algorithm, we could analyze benefits of both offensive and defensive, and solved the Nash Equilibrium Point which balanced the both and gave the optimal response decision-making strategy. The proposed method could make accurate response decision and had a high efficiency. Also, it occupied a lower memory which could reduce the interference to normal user when administrators manage the network.

Cheng ZHOU,Wei-wei LI,Yuan-yuan MA,Qian-mu LI

DOI: https://doi.org/10.3969/j.issn.1671-1815.2017.11.013

2017-01-01

Abstract:The uncertainty of electric power information optical network is very high,the current optical network security policy strengthening methods mostly by game model,unable to effectively cope with attack intention and strategy change,can not guarantee the reliability of the electric power information optical network.For this,a new model based on Markov offensive and defensive power of optical network information security policy reinforcement method was put forward.A optical network security strategy selection model was givesn,the power information was described by 7 elements group.Build Markov model of offensive and defensive,on the basis of electric power information form against the state transition diagram,optical network attack process based on observation of attack to get event to match against the state transition diagram,state based on the analysis of uncertain power information optical network belief state,the probability value is greater than the threshold value belief state state as the initial node,son get attack state transition diagram,detailed introduces the Markov process model of equilibrium solution.The experimental results show that the proposed method not only has high applicability,and treated with the method of electric power information optical network has a high reliability.

Yan Mi,Hengwei Zhang,Hao Hu,Jinglei Tan,Jindong Wang

DOI: https://doi.org/10.1155/2021/5594697

IF: 1.968

2021-08-21

Security and Communication Networks

Abstract:In a real-world network confrontation process, attack and defense actions change rapidly and continuously. The network environment is complex and dynamically random. Therefore, attack and defense strategies are inevitably subject to random disturbances during their execution, and the transition of the network security state is affected accordingly. In this paper, we construct a network security state transition model by referring to the epidemic evolution process, use Gaussian noise to describe random effects during the strategy execution, and introduce a random disturbance intensity factor to describe the degree of random effects. On this basis, we establish an attack-defense stochastic differential game model, propose a saddle point equilibrium solution method, and provide an algorithm to select the optimal defense strategy. Our method achieves real-time defense decision-making in network attack-defense scenarios with random disturbances and has better real-time performance and practicality than current methods. Results of a simulation experiment show that our model and algorithm are effective and feasible.

computer science, information systems,telecommunications

Zhang Hengwei,Li Tao,Wang Jindong,Han Jihong

2015-01-01

China Communications

Abstract:Nowadays, security defence of network uses the game theory, which mostly applies complete information game model or even the static game model. To get closer to the actual network and defend actively, we propose a network attack-defence game model by using signalling game, which is modelled in the way of dynamic and incomplete information. We improve the traditional attack-defence strategies quantization method to meet the needs of the network signalling game model. Moreover, we give the calculation of the game equilibrium and analyse the optimal defence scheme. Finally, we analyse and verify effectiveness of the model and method through a simulation experiment.

Xiaofan Zhou,Simon Yusuf Enoch,Dong Seong Kim

DOI: https://doi.org/10.48550/arXiv.2207.05436

2022-07-12

Cryptography and Security

Abstract:It is challenging for a security analyst to detect or defend against cyber-attacks. Moreover, traditional defense deployment methods require the security analyst to manually enforce the defenses in the presence of uncertainties about the defense to deploy. As a result, it is essential to develop an automated and resilient defense deployment mechanism to thwart the new generation of attacks. In this paper, we propose a framework based on Markov Decision Process (MDP) and Q-learning to automatically generate optimal defense solutions for networked system states. The framework consists of four phases namely; the model initialization phase, model generation phase, Q-learning phase, and the conclusion phase. The proposed model collects real network information as inputs and then builds them into structural data. We implement a Q-learning process in the model to learn the quality of a defense action in a particular state. To investigate the feasibility of the proposed model, we perform simulation experiments and the result reveals that the model can reduce the risk of network systems from cyber attacks. Furthermore, the experiment shows that the model has shown a certain level of flexibility when different parameters are used for Q-learning.

Wang Yang,Liu Dong,Wang Dong,Xu Chun

DOI: https://doi.org/10.13052/dgaej2156-3306.3635

2021-07-13

Abstract:Aiming at the problem that the current generation method of power networksecurity defense strategy ignores the dependency relationship between nodes,resulting in closed-loop attack graph, which makes the defense strategy notgenerate attack path, resulting in poor defense effect and long generationresponse time of power network security defense strategy, a generationmethod of power network security defense strategy based on Markov decisionprocess is proposed. Based on the generation of network attack and defensediagram, the paper describes the state change of attack network by usingMarkov decision-making process correlation principle, introduces discountfactor, calculates the income value of attack and defense game process,constructs the evolutionary game model of attack and defense, solves theobjective function according to the dynamic programming theory, obtains theoptimal strategy set and outputs the final results, and generates the powernetwork security defense strategy. The experimental results show that the proposed method has good defense effect and can effectively shorten thegeneration response time of power network security defense strategy.

English Else

Wei Jiang,Zhi-Hong Tian,Hong-Li Zhang,Xin-fang Song

DOI: https://doi.org/10.1109/ICNSC.2008.4525297

2008-01-01

Abstract:This paper presents a stochastic game theoretic approach to analyzing attack prediction and the active defense of computer networks. A Markov chain for privilege (MCP) model to predict attacker's behavior and strategies is proposed. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite stochastic game and formulate an attack-defense stochastic game (ADSG) model for the game. An attack strategies prediction and optimal active defense strategy decision algorithm is developed using the ADSG and cost-sensitive model. Optimal defense strategies with minimizing costs are used to defend the attack and harden the network in advance. Finally, a simple example of an attack against a network is modeled and analyzed.

Jianyi Liu,Fangyu Weng,Ru Zhang,Yunbiao Guo

DOI: https://doi.org/10.1007/978-3-030-00012-7_15

2018-01-01

Abstract:To analyze the influence of threat propagation on network system and accurately evaluate system security, this paper proposes an approach to improve the awareness of network security, based on Attack-Defense Stochastic Game Model (ADSGM). The variety of network security elements collected by multi-sensors are fused into a standard dataset such as assets, threats and vulnerabilities. For every threat, it builds a threat propagation network and propagation rule. By using the game theory to analyze the network offensive and defensive process, it establishes the ADSGM. The ADSGM can dynamically evaluate network security situation and provide the best reinforcement schema. Experimental results on a specific network indicate that the approach is more precise and more suitable for a real network environment. The reinforcement schema can effectively prevent the propagation of threats and reduce security risks.

Wu Tao,Wang Chong-Jun,Xie Jun-Yuan

2010-01-01

Abstract:Intrusion detection,as an active measure to assure information security,has been receiving intensive attention and has recently become the focus of the computer security especially the network security research communities.In order to avoid being detected,however,intrusion events have evolved to become intelligent and distributive,making them good at concealing their purposes and so penetrating the intrusion detection system.To deal with this problem,as this paper does,techniques involving artificial intelligence and machine learning are brought in.This paper models intrusion and its detection as two multi-agent systems that have conflict interests,and holds the opinion that to intrude is just to device and execut attacking plans aiming to achieve certain objectives,the key of intrusion detection then is to analyze the observed opopnent's actions perceived as abnormal and reveal their intentions,which is then a classical intention recognition problem.Be is justifiable,we noticed that the traditional KEY-HOLE observing method for intention recognition is not suitable to be used here,because the environment for intrusion detection usually has an attack-defense nature thus is dynamic and can be extremely complex,making it expectable that failures to report intrusions and false reports of intrusions do happen,as a result acquiring a complete and true action sequence of the intruder is impossible.Under this circumstance,to design a strategy so robust that can recognize the intruder's intention using just an action sequence which not only contains only part of the intruder's complete action squence and also unknownly includs some misclassified actions is desperated needed,and this is exactly what this paper may contribute.Further than proposing the two multi-agent systems model,this paper sees the intrusion process as a Partially Observable Markov Decision Process(POMDP),and then estimates the intruder's intention as the output of the process.In this cae intention of the intruder can be recognized through an incomplete and defective action sequence it has just taken.The effectiveness of the proposed method is proved by experiments on data set contributed by DARPA.

Wei Jiang,Bin-xing Fang,Hong-li Zhang,Zhi-hong Tian,Xin-fang Song

DOI: https://doi.org/10.1109/itng.2009.300

2009-01-01

Abstract:For assessing the security and optimal strengthening of large enterprise networks, this paper proposes a new approach uses configuration information on firewalls and vulnerability information on all network devices to build defense graphs that show the attack and defense strategy. Some models including a defense graph model, attack-defense taxonomy and cost quantitative model, and Attack-Defense Game (ADG) model. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite strategic game and formulate the ADG model for the game. An algorithm for optimal strengthening strategy selection based on those models is proposed. Optimal strengthening strategies with minimizing costs are used to defend the attack and strengthening the network in advance. And finally, we perform empirical experiments to verify the effectiveness of the model experiment results indicate that our models and methods are effective and efficient.

Shuo Chen,Athirai A. Irissappane,Jie Zhang

DOI: https://doi.org/10.1609/aaai.v32i1.11577

2018-01-01

Abstract:Malicious vehicle agents broadcast fake information about traffic events and thereby undermine the benefits of vehicle-to-vehicle communication in vehicular ad-hoc networks (VANETs). Trust management schemes addressing this issue do not focus on effective/fast decision making in reacting to traffic events. We propose a Partially Observable Markov Decision Process (POMDP) based approach to balance the trade-off between information gathering and exploiting actions resulting in faster responses. Our model copes with malicious behavior by maintaining it as part of a small state space, thus is scalable for large VANETs. We also propose an algorithm to learn model parameters in a dynamic behavior setting. Experimental results demonstrate that our model can effectively balance the decision quality and response time while still being robust to sophisticated malicious attacks.

Zhen Ni,Qianmu Li,Gang Liu

DOI: https://doi.org/10.1109/mc.2018.2141032

2018-01-01

Computer

Abstract:Network security decisions must consider how to balance information security risk and output in light of limited resources. Using game theory, the authors propose an optimum attack-defense decision-making algorithm that considers the interaction between attackers and defenders.

Md. Reya Shad Azim,Timothy Cason,Mustafa Abdallah

DOI: https://doi.org/10.1109/access.2024.3391305

IF: 3.9

2024-04-27

IEEE Access

Abstract:Interdependent systems, under the management of multiple decision-makers, confront rapidly growing cybersecurity threats. This paper delves into the realm of security decision-making within these complex interdependent systems managed by multiple defenders. Each defender assumes responsibility for safeguarding a specific subnetwork of the system against potential attacks. The relationships between these assets are depicted through an attack graph, where edges connecting assets signify that the compromise of one asset could expose vulnerabilities in another asset. These edges are associated with probabilities that represent the likelihood of a successful attack, which can be reduced through security investments by the defenders. Our approach involves modeling these systems using game-theoretic frameworks, accounting for the impact of bounded rationality and imperfect best-response behavior—as frequently observed in human decision-making within the domains of behavioral economics and psychology. We first establish the existence of quantal response equilibrium in our interdependent security games. We present illustrative examples to highlight the disparities between the solutions derived from the social optimal perspective and those arising from quantal response equilibrium. Subsequently, we analyze the inefficiency introduced by behavioral players with this type of bounded rationality in terms of the overall social cost of the system. We adapt a widely recognized metric to quantify the extent of this inefficiency, providing bounds and illustrating its exponential growth with an increase in the security budget. To assess our models, we employ a representative real-world interdependent system and compare the game-theoretic optimal investment strategies to those derived from a socially optimal standpoint.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yalong LI,Qin CHEN,Min ZHANG

DOI: https://doi.org/10.3778/j.issn.1002-8331.1808-0070

2019-01-01

Abstract:At present, most of the network security defenses based on game theory use the full information static game or the incomplete information dynamic game theory to establish the offensive and defensive model. However, the use of the full information static game is limited and its practicality is not strong. Therefore, using the incomplete information dynamic game to establish the offensive and defensive model is closer to the actual situation, but the attack and defense model established by the incomplete information dynamic game in the past believes that the observed attack strategy is true, which in fact is likely to have errors. The attack strategy without considering the observed attack strategy is likely to have errors. To this end, this paper introduces the idea of Bayesian decision making with minimum risk. When the defense system misjudges the attack strategy, the risks brought to the system arising from the adopted defense strategy will be taken into account. Then, this paper establishes the game’s moving target optimal defense strategy model based on incom-plete information dynamic game. By analyzing the risk of the defense decision, this model makes the defense strategy revenue more accurate and comprehensive. It uses the refined Bayesian equilibrium of the incomplete information dynamic game to select the optimal defense strategy. Finally, an example is analyzed to verify the validity of the model.

Zenan Wu,Liqin Tian,Yan Wang,Jianfei Xie,Yuquan Du,Yi Zhang

DOI: https://doi.org/10.1155/2021/2283786

IF: 1.968

2021-12-16

Security and Communication Networks

Abstract:Aiming at the existing network attack and defense stochastic game models, most of them are based on the assumption of complete information, which causes the problem of poor applicability of the model. Based on the actual modeling requirements of the network attack and defense process, a network defense decision-making model combining incomplete information stochastic game and deep reinforcement learning is proposed. This model regards the incomplete information of the attacker and the defender as the defender’s uncertainty about the attacker’s type and uses the Double Deep Q-Network algorithm to solve the problem of the difficulty of determining the network state transition probability, so that the network system can dynamically adjust the defense strategy. Finally, a simulation experiment was performed on the proposed model. The results show that, under the same experimental conditions, the proposed method in this paper has a better convergence speed than other methods in solving the defense equilibrium strategy. This model is a fusion of traditional methods and artificial intelligence technology and provides new research ideas for the application of artificial intelligence in the field of cyberspace security.

computer science, information systems,telecommunications

Hao Wu,Wei Wang,Changyun Wen,Zhengguo Li

DOI: https://doi.org/10.1016/j.ins.2018.04.051

IF: 8.1

2018-01-01

Information Sciences

Abstract:In this paper, a game theoretical analysis method is presented to provide the optimal security detection strategies for heterogeneous networked systems. A two-stage game model is firstly established, in which the attacker and defender are considered as two players. In the first stage, the two players make decisions on whether to execute the attack/monitoring actions or to keep silence for each network unit. In the second stage, two important strategic varibles, i.e. the attack intensity and detection threshold, are cautiously determined. The necessary and sufficient conditions to ensure the existence of the Nash equilibriums for the game with complete information are rigorously analyzed. The results reflect that with limited resources and capacities, the defender (attacker) tends to perform defense (attack) actions and further allocate more defense (less attack) resources to the units with larger assets. Besides, Bayesian and robust Nash equilibrium analysis is provided for the game with incomplete information. Finally, a sampling based Nash equilibrium verification and calculation approach is proposed for the game model with continuous kernels. Thus the convexity restrictions can be relaxed and the computational complexity is effectively reduced, with comparison to the existing recursive calculation methods. Numerical examples are given to validate our theoretical results.