Zixuan Wang,Jiliang Li,Yuntao Wang,Zhou Su,Shui Yu,Weizhi Meng

2023-09-01

Abstract:Advanced persistent threat (APT) is a kind of stealthy, sophisticated, and long-term cyberattack that has brought severe financial losses and critical infrastructure damages. Existing works mainly focus on APT defense under stable network topologies, while the problem under time-varying dynamic networks (e.g., vehicular networks) remains unexplored, which motivates our work. Besides, the spatiotemporal dynamics in defense resources, complex attackers' lateral movement behaviors, and lack of timely defense make APT defense a challenging issue under time-varying networks. In this paper, we propose a novel game-theoretical APT defense approach to promote real-time and optimal defense strategy-making under both periodic time-varying and general time-varying environments. Specifically, we first model the interactions between attackers and defenders in an APT process as a dynamic APT repair game, and then formulate the APT damage minimization problem as the precise prevention and control (PPAC) problem. To derive the optimal defense strategy under both latency and defense resource constraints, we further devise an online optimal control-based mechanism integrated with two backtracking-forward algorithms to fastly derive the near-optimal solution of the PPAC problem in real time. Extensive experiments are carried out, and the results demonstrate that our proposed scheme can efficiently obtain optimal defense strategy in 54481 ms under seven attack-defense interactions with 9.64$\%$ resource occupancy in stimulated periodic time-varying and general time-varying networks. Besides, even under static networks, our proposed scheme still outperforms existing representative APT defense approaches in terms of service stability and defense resource utilization.

Computer Science and Game Theory

Bowen Xu,Mengxiang Liu,Rui Zhong,Ke Zuo,Ruilong Deng

DOI: https://doi.org/10.1109/tii.2024.3457037

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:In recent years, numerous studies have explored how to allocate limited defense resource among meters to increase difficulties for launching attacks in power systems. However, existing studies often simplify this problem by assuming the linearity of attack cost functions, which creates an inevitable gap between theoretical analysis and practical scenarios. In this article, general nonlinear attack cost functions are considered in the formulation of the optimal defense resource problem, resulting in a mixed-integer nonlinear programming problem. This poses a challenging task for numerical methods or popular commercial solvers. To address this issue, an advanced slime mould algorithm with specialized initialization and evolutionary schemes is proposed. Specifically, a customized initialization strategy is designed such that the population can be easily initialized within the nonconvex feasible region aligning with the nonlinear constraints. Besides, in the evolutionary process, the fitness function is well-designed to encourage the individuals violating nonlinear constraints to evolve toward feasible directions. Comprehensive case studies verify that, compared to the state-of-the-art solvers, the proposed approach can achieve satisfactory defense resource allocation results in terms of feasibility, optimality, and real-time performance.

Zeqi Zhang,Chunxiao Jiang,Yong Ren

DOI: https://doi.org/10.1109/wcnc.2016.7564974

2016-01-01

Abstract:Wireless network's traffic capacity is one of the most important measurements of network performance. In a vulnerable network environment, attacks for network components can cause degradation of traffic capacity and lead to increasing network congestion and overall performance degradation. In this paper, we propose an effective protection resources allocation scheme which allocates limited protection resources of nodes based on assessment of vulnerability of network components. This scheme proves to be the best allocation strategy in respect to enhancing the quantity of network traffic capacity. The simulation results show that the proposed allocation scheme outperforms other traditional allocation schemes based on critical node analysis. A thorough analysis of traffic capacity and network vulnerability has also been provided.

Yifa Liu,Long Cheng

DOI: https://doi.org/10.1007/s11424-023-2256-z

2023-06-13

Journal of Systems Science and Complexity

Abstract:Networked cyber-physical systems are facing serious security threats from malicious attacks. It is noted that the networked cyber-physical system should take defense measures into account at the beginning of its construction. From the conservative defensive perspective, this paper proposes a robust optimal defense resource allocation strategy to reduce the maximum possible losses of the networked cyber-physical system caused by potential attacks. Then, based on the robust optimal allocation strategy, it can be proved that the topology of the networked cyber-physical system has a great influence on the loss function. In order to further improve security, the effects of adding redundant connections are investigated. Furthermore, by taking geographical knowledge into account, a hexagonal construction scheme is proposed for providing a geographically-feasible and economically-viable solution for building networked cyber-physical systems, where the loss function has a cubic decay.

mathematics, interdisciplinary applications

Xingang Wang,Shuguang Guan,Choy Heng Lai

DOI: https://doi.org/10.1088/1367-2630/11/3/033006

2009-01-04

Abstract:It has been known that heterogeneous networks are vulnerable to the intentional removal of a small fraction of highly connected or loaded nodes, which implies that, to protect a network effectively, a few important nodes should be allocated with more defense resources than the others. However, if too many resources are allocated to the few important nodes, the numerous less-important nodes will be less protected, which, when attacked all together, still capable of causing a devastating damage. A natural question therefore is how to efficiently distribute the limited defense resources among the network nodes such that the network damage is minimized whatever attack strategy the attacker may take. In this paper, taking into account the factor of attack cost, we will revisit the problem of network security and search for efficient network defense against the cost-based attacks. The study shows that, for a general complex network, there will exist an optimal distribution of the defense resources, with which the network is well protected from cost-based attacks. Furthermore, it is found that the configuration of the optimal defense is dependent on the network parameters. Specifically, network that has a larger size, sparser connection and more heterogeneous structure will be more benefited from the defense optimization.

Networking and Internet Architecture

Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Lu-Xing Yang,Kaifan Huang,Xiaofan Yang,Yushu Zhang,Yong Xiang,Yuan Yan Tang

DOI: https://doi.org/10.1109/tnse.2020.3040247

IF: 6.6

2021-07-01

IEEE Transactions on Network Science and Engineering

Abstract:Advanced persistent threat (APT) as a generic highly sophisticated cyber attack poses a severe threat to organizational data security. Since the conventional detection and repair (DAR)-based APT defense mechanism has several conspicuous drawbacks, it is imperative to develop a more effective and efficient APT defense mechanism. Based on the data backup and recovery (DBAR) techniques developed in the field of disaster recovery, we propose a novel APT defense mechanism referred to as DBAR-based APT defense mechanism, which can overcome the main drawbacks of the DAR-based APT defense mechanism and is expected to be implementable efficiently in the software-defined networking (SDN) paradigm. Under the new mechanism, we study the problem of finding a cost-effective DBAR strategy. Based on a novel dynamic model characterizing the evolution of the expected security status of the organizational network, we reduce the problem to a differential game-theoretic problem, which is aimed to seek a cost-effective DBAR strategy in terms of the Nash equilibrium solution concept. Next, we derive the optimality system of the problem. Extensive comparative experiments show that the DBAR strategy obtained from the optimality system is cost-effective in the sense of Nash equilibrium solution concept.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Linan Huang,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.1809.02227

2018-09-07

Abstract:Advanced Persistent Threats (APTs) have created new security challenges for critical infrastructures due to their stealthy, dynamic, and adaptive natures. In this work, we aim to lay a game-theoretic foundation by establishing a multi-stage Bayesian game framework to capture incomplete information of deceptive APTs and their multi-stage multi-phase movement. The analysis of the perfect Bayesian Nash equilibrium (PBNE) enables a prediction of attacker's behaviors and a design of defensive strategies that can deter the adversaries and mitigate the security risks. A conjugate-prior method allows online computation of the belief and reduces Bayesian update into an iterative parameter update. The forwardly updated parameters are assimilated into the backward dynamic programming computation to characterize a computationally tractable and time-consistent equilibrium solution based on the expanded state space. The Tennessee Eastman (TE) process control problem is used as a case study to demonstrate the dynamic game under the information asymmetry and show that APTs tend to be stealthy and deceptive during their transitions in the cyber layer and behave aggressively when reaching the targeted physical plant. The online update of the belief allows the defender to learn the behavior of the attacker and choose strategic defensive actions that can thwart adversarial behaviors and mitigate APTs. Numerical results illustrate the defender's tradeoff between the immediate reward and the future expectation as well as the attacker's goal to reach an advantageous system state while making the defender form a positive belief.

Computer Science and Game Theory

Rounak Meyur,Sumit Purohit,Braden K. Webb

2023-12-21

Abstract:The abundance of cyber-physical components in modern day power grid with their diverse hardware and software vulnerabilities has made it difficult to protect them from advanced persistent threats (APTs). An attack graph depicting the propagation of potential cyber-attack sequences from the initial access point to the end objective is vital to identify critical weaknesses of any cyber-physical system. A cyber security personnel can accordingly plan preventive mitigation measures for the identified weaknesses addressing the cyber-attack sequences. However, limitations on available cybersecurity budget restrict the choice of mitigation measures. We address this aspect through our framework, which solves the following problem: given potential cyber-attack sequences for a cyber-physical component in the power grid, find the optimal manner to allocate an available budget to implement necessary preventive mitigation measures. We formulate the problem as a mixed integer linear program (MILP) to identify the optimal budget partition and set of mitigation measures which minimize the vulnerability of cyber-physical components to potential attack sequences. We assume that the allocation of budget affects the efficacy of the mitigation measures. We show how altering the budget allocation for tasks such as asset management, cybersecurity infrastructure improvement, incident response planning and employee training affects the choice of the optimal set of preventive mitigation measures and modifies the associated cybersecurity risk. The proposed framework can be used by cyber policymakers and system owners to allocate optimal budgets for various tasks required to improve the overall security of a cyber-physical system.

Cryptography and Security,Artificial Intelligence,Systems and Control

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Rufan Bai,Haoxing Lin,Xinyu Yang,Xiaowei Wu,Minming Li,Weijia Jia

DOI: https://doi.org/10.48550/arXiv.2012.01036

2020-12-09

Abstract:In classic network security games, the defender distributes defending resources to the nodes of the network, and the attacker attacks a node, with the objective to maximize the damage caused. Existing models assume that the attack at node u causes damage only at u. However, in many real-world security scenarios, the attack at a node u spreads to the neighbors of u and can cause damage at multiple nodes, e.g., for the outbreak of a virus. In this paper, we consider the network defending problem against contagious attacks. Existing works that study shared resources assume that the resource allocated to a node can be shared or duplicated between neighboring nodes. However, in real world, sharing resource naturally leads to a decrease in defending power of the source node, especially when defending against contagious attacks. To this end, we study the model in which resources allocated to a node can only be transferred to its neighboring nodes, which we refer to as a reallocation process. We show that this more general model is difficult in two aspects: (1) even for a fixed allocation of resources, we show that computing the optimal reallocation is NP-hard; (2) for the case when reallocation is not allowed, we show that computing the optimal allocation (against contagious attack) is also NP-hard. For positive results, we give a mixed integer linear program formulation for the problem and a bi-criteria approximation algorithm. Our experimental results demonstrate that the allocation and reallocation strategies our algorithm computes perform well in terms of minimizing the damage due to contagious attacks.

Computer Science and Game Theory

Yingyan Lou,Lihui Zhang

DOI: https://doi.org/10.3141/2234-04

IF: 1.7

2011-01-01

Transportation Research Record

Abstract:This paper explores several reliability and vulnerability measures for transportation networks and proposes three models for optimal resource allocation for transportation network design or defense to minimize the disruption caused by both random and targeted attacks. The common day to-day disturbances with less severe consequences are referred to as ran tom attacks, but targeted attacks include both coordinated terrorist strikes and large-scale natural disasters. For random attacks, the major concern would be the reliability of the total system travel time. A robust discrete network design problem is formulated to take into account random attacks in the planning stage. The transport capacity or the unsatisfied demand would be critical in case of emergency evacuation, and law enforcement forces could be deployed to prevent malicious attacks in the first place or to ensure a smooth evacuation operation. The proposed models feature an intrinsic trilevel game structure of the network users, the attacker, and the defender (planner). By exploring the unique properties of the proposed measures and reformulating the problems, the trilevel structure models are reduced to mixed-integer semi-infinite optimization programs. This paper further applies an active-set algorithm, combined with a cutting-plane scheme to solve the proposed models. Numerical examples indicate that the proposed formulations are valid and that the solution algorithm can solve the problems effectively and efficiently. The models for targeted attacks provide practical implications on identifying critical infrastructures for evacuation.

Stefan Rass,Sandra König,Stefan Schauer

DOI: https://doi.org/10.1371/journal.pone.0168675

2022-05-02

Abstract:Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker's incentives is often vague, uncertain and in many cases even unavailable. Game theory is a natural approach to model the conflict between the attacker and the defender, and this work investigates a generalized class of matrix games as a risk mitigation tool for an APT defense. Unlike standard game and decision theory, our model is tailored to capture and handle the full uncertainty that is immanent to APT, such as disagreement among qualitative expert risk assessments, unknown adversarial incentives and uncertainty about the current system state (in terms of how deeply the attacker may have penetrated into the system's protective shells already). Practically, game-theoretic APT models can be derived straightforwardly from topological vulnerability analysis, together with risk assessments as they are done in common risk management standards like the ISO 31000 family. Theoretically, these models come with different properties than classical game theoretic models, whose technical solution presented in this work may be of independent interest.

Cryptography and Security,Computer Science and Game Theory

Shun Chen,Xudong Zhao,Zhilong Chen,Benwei Hou,Yipeng Wu

DOI: https://doi.org/10.1016/j.ijcip.2021.100494

IF: 3.683

2022-03-01

International Journal of Critical Infrastructure Protection

Abstract:Urban water treatment plants (WTPs) threatened by terrorist attacks is critical to residents’ security and economic development. They are treating and transit hubs that connect the upstream water sources and downstream urban distribution network. Due to the limitation of defensive resources, how to appropriately allocate defensive resources to protect WTPs against terrorist attack is still a challenging issue for urban municipal department. As of now, very few studies have investigated this problem, which often involve strategic game between the attacker and defender. This study presents a game-theoretic method and operational framework to optimize the allocation of defensive resource to protect urban WTPs against terrorist physical attacks. This method fully considers the direct economic loss, systematic loss and human loss generated by the attack on WTPs, and then model the strategic interactions between defenders and terrorists by integrating game theory with risk assessment. In the case study of typical urban water distribution network including five WTPs in central China, we figure out the optimal allocation strategy of defensive resources in Nash equilibrium using proposed game-theoretic method, and then thoroughly compare it with three conventional allocation strategies solely based on risk assessment. The results show that the resources allocation strategy and the attack strategy in Nash equilibrium are optimal strategies for both defender and attacker respectively. Furthermore, the feasibility and availability of the proposed method and operational framework in identifying the optimal allocation strategy of defensive resources is also tested and confirmed in the case study.

engineering, multidisciplinary,computer science, information systems

Cheng-Wu Shao,Yan-Fu Li

DOI: https://doi.org/10.1109/tpwrs.2021.3060009

IF: 7.326

2021-01-01

IEEE Transactions on Power Systems

Abstract:Power utility allocates defense resources to prevent unscheduled load shedding due to transmission line failure caused by the malicious physical attacks. Game theory explains the interaction between the defender and the attacker, overcoming the shortage of unilateral vulnerability analysis. Different from previous researches typically assuming the players are rational and the total defense resources are fixed, this paper investigates the bounded rationality and allows variable total defense resources aiming for a higher level of practicability. Stochastic response to strategies of the bounded rational attacker is described by the Quantal Response Equilibrium (QRE) model. A two-layer defense resources allocation optimization framework is established to obtain both optimal total defense resources and optimal resource distribution, and we design a combined power-of-two and dichotomy (CPTD) algorithm for solution. We also explore the multiple properties of bounded rational behaviors in the attack-defense game. Besides, a unified resources allocation framework of bilateral players is established, which advantages in both cost and reward calculations. To the knowledge of the authors, this work is more general and more practical than previous relevant publications. The experimental studies on the IEEE 14-bus system and the IEEE 118-bus system empirically justify the improvements by our modeling and solution approaches.

Xu Liu,Xiaoqiang Di,Jinqing Li,Huan Wang,Jianping Zhao,Huamin Yang,Ligang Cong,Yuming Jiang

DOI: https://doi.org/10.1155/2019/5475341

IF: 1.43

2019-03-13

Mathematical Problems in Engineering

Abstract:Resource allocation is the process of optimizing the rare resources. In the area of security, how to allocate limited resources to protect a massive number of targets is especially challenging. This paper addresses this resource allocation issue by constructing a game theoretic model. A defender and an attacker are players and the interaction is formulated as a trade-off between protecting targets and consuming resources. The action cost which is a necessary role of consuming resource is considered in the proposed model. Additionally, a bounded rational behavior model (quantal response: QR), which simulates a human attacker of the adversarial nature, is introduced to improve the proposed model. To validate the proposed model, we compare the different utility functions and resource allocation strategies. The comparison results suggest that the proposed resource allocation strategy performs better than others in the perspective of utility and resource effectiveness.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Yuntao Wang,Han Liu,Zhendong Li,Zhou Su,Jiliang Li

DOI: https://doi.org/10.1109/MNET.2024.3389734

2024-04-12

Abstract:The rise of advanced persistent threats (APTs) has marked a significant cybersecurity challenge, characterized by sophisticated orchestration, stealthy execution, extended persistence, and targeting valuable assets across diverse sectors. Provenance graph-based kernel-level auditing has emerged as a promising approach to enhance visibility and traceability within intricate network environments. However, it still faces challenges including reconstructing complex lateral attack chains, detecting dynamic evasion behaviors, and defending smart adversarial subgraphs. To bridge the research gap, this paper proposes an efficient and robust APT defense scheme leveraging provenance graphs, including a network-level distributed audit model for cost-effective lateral attack reconstruction, a trust-oriented APT evasion behavior detection strategy, and a hidden Markov model based adversarial subgraph defense approach. Through prototype implementation and extensive experiments, we validate the effectiveness of our system. Lastly, crucial open research directions are outlined in this emerging field.

Cryptography and Security

Chengwu Shao,Yan‐Fu Li

DOI: https://doi.org/10.1111/risa.13837

2021-10-11

Risk Analysis

Abstract:Cyber vulnerabilities become ever more critical in modern industrial systems since the attacker can utilize the vulnerabilities to degrade their performance or even cause disasters. In 2015, a series of sequential and well-organized cyber attacks intruded into the Ukrainian power grid, compromised access to the control system, and interrupted the power supply system, finally causing a widespread power outage. To assist the defender, e.g., power grid operator, to allocate protection resources against cyber attacks, existing studies have devoted considerable efforts to risk and reliability analysis and interaction analysis using game theory. The defender's protection strategy includes preevent defense strategy and postevent repair strategy. The strategy spaces of both players were static in previous studies. However, facing Ukrainian-style cyber attacks, the strategy spaces could variate during the attacker–defender confrontation. In other words, the vulnerability compromised by the attacker in one stage could expose the subsequential vulnerabilities, leading to the change of strategy spaces. In this work, a multistage attack–defense graph game model is proposed to assist the defender in allocating protection resources optimally against sequential cyber attacks during multiple stages. In addition, we consider the existence of the rationality evolution of the attacker, which mainly results from asymmetric information, capacity limitation, and progressive learning during the confrontation. Compared to previous studies based on static strategy spaces and static rationalities, our model is more practical and effective in dealing with Ukrainian-style cyber attacks. The simulation results show the superiority of our approach, and some notable observations and practical suggestions are summarized for the defender.

public, environmental & occupational health,mathematics, interdisciplinary applications,social sciences, mathematical methods

Lu-Xing Yang,Pengdeng Li,Xiaofan Yang,Luosheng Wen,Yingbo Wu,Yuan Yan Tang

DOI: https://doi.org/10.48550/arXiv.1707.03611

2017-07-12

Cryptography and Security

Abstract:This paper is devoted to measuring the security of cyber networks under advanced persistent threats (APTs). First, an APT-based cyber attack-defense process is modeled as an individual-level dynamical system. Second, the dynamic model is shown to exhibit the global stability. On this basis, a new security metric of cyber networks, which is known as the limit security, is defined as the limit expected fraction of compromised nodes in the networks. Next, the influence of different factors on the limit security is illuminated through theoretical analysis and computer simulation. This work helps understand the security of cyber networks under APTs.

Bingjing Yan,Zhenze Jiang,Pengchao Yao,Qiang Yang,Wei Li,Albert Y. Zomaya

DOI: https://doi.org/10.23919/pcmp.2023.000138

IF: 10.5

2024-01-01

Protection and Control of Modern Power Systems

Abstract:Modern power grid is fast emerging as a complex cyber-physical power system (CPPS) integrating physical current-carrying components and processes with cyber-embedded computing, which faces increasing cyberspace security threats and risks. In this paper, the state (i.e., voltage) offsets resulting from false data injection (FDI) attacks and the bus safety characterization are applied to quantify the attack consequences. The state offsets are obtained by the state estimation method, and the bus safety characterization considers the power network topology as well as the vulnerability and connection relationship of buses. Considering the indeterminacy of attacker's resource consumption and reward, a zero-sum game-theoretical model from the defender's perspective with incomplete information is explored for the optimal allocation of limited defensive resources. The attacker aims to falsify measurements without triggering threshold alarms to break through the protection, leading to load shedding, over-voltage or under-voltage. The defender attempts to ensure the estimation results to be as close to the actual states as possible, and guarantee the system's safety and efficient defensive resource utilization. The proposed solution is extensively evaluated through simulations using the IEEE 33-bus test network and real-time digital simulator (RTDS) based testbed experiments of the IEEE 14-bus network. The results demonstrate the effectiveness of the proposed game-theoretical approach for optimal defensive resource allocation in CPPS when limited resources are available when under FDI attacks.