Xu Chen,Liang Xiao,Wei Feng,Ning Ge,Xianbin Wang

DOI: https://doi.org/10.1109/jiot.2021.3138094

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The proliferation of Distributed Denial of Service (DDoS) attacks in Internet of Things (IoT) not only threatens the security of digital devices and infrastructure but also severely degrades IoT system performance due to the overly consumed network resources. With the knowledge of identity information of devices and signaling data, Internet service providers (ISPs) can detect and block DDoS traffic by monitoring the upstream IoT packets, and thereby, improve network efficiency. However, inspecting all data packets online for DDoS detection will significantly increase both the network delay and the computational overhead. Therefore, the packet sampling strategy is crucial for the defenders to detect DDoS attacks. To this end, this article formulates a Stackelberg game model to analyze the collaborative IoT packet sampling against DDoS attacks. Through the equilibrium analysis of the DDoS game, we derive the lower bound of packet sampling rate (PSR) that can effectively deter potential attackers. Unlike traditional offline detection, our proposed packet sampling strategy can support both the online detection and proactive prevention of DDoS traffic. As a use case, a multipoint DDoS defense framework is developed to address the IP spoofing in 5G networks based on the proposed packet sampling strategy, which deters DDoS attacks and reduces the packet sampling cost, and thereby, maximizes the IoT utility, compared with existing methods. In typical reflection attacks (in which no more than five packets of response are triggered by a request packet), our proposed scheme not only reduces more than 70% of the sampling rate but also demonstrates superior robustness against boundary condition variation.

Xu Chen,Yunfei Chen,Wei Feng,Liang Xiao,Xiangling Li,Jie Zhang,Ning Ge

DOI: https://doi.org/10.1109/jiot.2022.3218728

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:While 5G networks have accelerated the development of the Internet of Things (IoT), they have also introduced a large number of vulnerable IoT devices into the network, which would lead to severe Distributed Denial-of-Service (DDoS) attacks. The newly emerging DDoS attack methods generally have a shorter duration, which imposes higher requirements for the response time of DDoS mitigation technologies. Existing DDoS defense methods cannot achieve real-time detection due to the difficulty of reducing the delay of feature extraction and large-scale data processing. In this article, we focus on the timeliness of DDoS detection and mitigation. We hope that deploying effective defense countermeasures at the source side will block the majority of DDoS attack traffic in real time before it enters the data network (DN). To this end, we propose a real-time DDoS defense framework based on multidomain collaboration that combines multisource information to detect attack sessions with high accuracy in 5G networks. To operate the framework at line rate, we propose an optimal packet sampling strategy based on the accurate session size estimation, which can greatly reduce the detection overhead while ensuring good accuracy. In a typical scenario with an attack session size larger than 10, this method can achieve a 99% detection rate while reducing the packet inspection rate (PIR) to less than 37%.

Chunyang Qi,Jie Huang,Cheng Huang,Huaqing Wu,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/globecom48099.2022.10000946

2022-01-01

Abstract:IoTs generally rely on resource-constrained devices to sense, relay, and collect data, which are highly vulnerable to Distributed-Denial-of-Services (DDOS) attacks on network throughput. In this paper, we propose a trust-based method to optimize the network throughput of IoTs under DDOS attacks. Specifically, with the assistance of a small number of dedicatedly deployed defense nodes as defenders, a network controller can first measure the behavior of other IoT nodes and categorize them into three types (i.e., innocent, selfish, and attack) through a well-designed trust evaluation model. Then, a Stackelberg game model is constructed accordingly, where defenders are leaders and other nodes are followers. We carefully define the utilities of the leaders and the followers in the game, and transform the optimization problem of the network throughput into the maximization problem of the defenders' utilities considering the utilities of the followers. We adopt the Dinkelbach Programming (DP)-based algorithm to solve the maximization problem such that a Stackelberg equilibrium can be reached with optimized network throughput. Extensive simulations are performed to demonstrate that the proposed defense method can significantly increase the IoT network throughput under different DDOS attack intensities.

Ning Liu,Qing-Wei Chai,Shangkun Liu,Fanying Meng,Wei-Min Zheng

DOI: https://doi.org/10.1155/2022/1181398

IF: 1.968

2022-11-09

Security and Communication Networks

Abstract:The development of the 5th Generation Mobile Communication Technology not only brings convenience to people but also brings many network security problems. Based on the static game theory of complete information, a game model of attack and defense with limited resources in heterogeneous networks of Cyber Physical Systems is established. This model analyzes the basic rules of the offensive and defensive strategies of both parties when the offensive and defensive resources are limited in the 5th Generation Mobile Communication Technology network environment. The model can also describe the interaction between attackers and defenders. A novel compact particle swarm optimization algorithm is proposed to solve the difficult problem of solving the Nash equilibrium of this game model. The simulation experiment proves that novel compact particle swarm optimization algorithm has good optimization ability and shows that the algorithm can effectively solve the Nash equilibrium of the model. The simulation experiment provides a strategic reference for the attack-defense game with limited resources.

computer science, information systems,telecommunications

Yichuan Wang,Yefei Zhang,Xinhong Hei,Wenjiang Ji,Weigang Ma

DOI: https://doi.org/10.1007/bf03391587

2017-01-01

Journal of Communications and Information Networks

Abstract:Integration of the IoT (Internet of Things) with Cloud Computing, termed as the CoT (Cloud of Things) can help achieve the goals of the envisioned IoT and future Internet. In a typical CoT infrastructure, the data collected from wireless sensor networks and IoTs is transmitted through a SG (Smart Gateway) to the cloud. The bandwidth between an IoT access point and SG becomes a bottleneck for information transmission between the IoT and the cloud. We propose a novel game theory model to describe the CoT attacker, who expects to use minimum set and energy consumption of IoT attack devices to occupy as many bandwidth resources as possible in a given time period; and the defender, who expects to minimize false alarms. By analyzing this model, we have found that the game theory model is a non-cooperative and repeated incomplete information game, and Nash equilibrium is existent, perfected by the subgame. The best strategy for each stage of the attack is to adjust the attack link number dynamically based on the comparison results of value ϵ and turning point ϵ0 for each time period. At the same time, the defender adjusts the threshold value β dynamically, based on the comparison results of the Load value and expected value of a for each time period. The simulation result shows that our strategy can significantly mitigate the harm of a distributed denial of service attack.

Xu Chen,Wei Feng,Yinglun Ma,Ning Ge,xianbin Wang

DOI: https://doi.org/10.1109/globecom42002.2020.9322314

2020-01-01

Abstract:Distributed Reflection Denial of Service (DRDoS) attack has become one of the most serious threats to Internet security. With the ongoing development of 5G, a massive number of insecure Internet of Things (IoT) devices are connected to the Internet, which brings great challenges to defend against DRDoS attacks. To overcome these challenges, we extend the User Plane Function (UPF) of 5G core network, and propose a new framework accordingly for source IP address validation, so as to suppress the source IP address spoofing behaviors of DRDoS attackers. Under this framework, the packet inspection rate (PIR), i.e., the inspection probability of each packet, is crucial to simplify the validation complexity. To unveil the optimal PIR, we establish a two-player game which models the IP address spoofing and detection behaviors. Analysis on the formulated game implies a lower bound of sufficient PIR, which may be used to set PIR in practice. Simulation results show that the proposed method can efficiently deter IP spoofing behaviors. Thereby the derived PIR could achieve low-cost and effective defense of DRDoS.

Liming Fang,Bo Zhao,Yang Li,Zhe Liu,Chunpeng Ge,Weizhi Meng

DOI: https://doi.org/10.1109/mnet.021.1900614

IF: 10.294

2020-11-01

IEEE Network

Abstract:The development of 5G has substantially increased the destructiveness of DoS/DDoS attacks because the data processing capability of computers has not been accordingly enhanced, and this contradiction creates a vulnerability for attackers to compromise a server by sending a massive data flow. in practical 5G circumstances, it is difficult to extract distinct features between malicious and benign massive data flows. This amplifies the difficulties of DoS/DDoS detection. Thus, precautions against DoS/DDoS attack in 5G are of great importance. in this article, we present a solution based on smart contracts and machine learning as a countermeasure against DoS/DDoS attacks in the 5G background by hiding a protected server in a blockchain network and flexibly restricting the scale of DoS/DDoS via transaction fees. We also leverage non-repudiation of smart contracts, analyzing users' malicious behavior of communication and executing punishment via smart contracts. Our scheme could effectively mitigate massive DoS/DDoS attacks in advance and dynamically punitively charge DoS/DDoS attacks. Compared to existing DoS/DDoS defense in 4G, our scheme offers numerous benefits, including making benign communication always dominate rational users and countering DoS/DDoS attacks before they are launched. Moreover, compared to common DoS/DDoS detection based on Ai, we consider the source trustworthiness of training samples and take measures to avoid backdoors where model trainers may compromise Ai models to launch DoS/DDoS attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Huici Wu,Qiuyue Gao,Xiaofeng Tao,Ning Zhang,Dajiang Chen,Zhu Han

DOI: https://doi.org/10.1109/jiot.2021.3122115

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) is vulnerable to various cyber attacks due to the massive deployment of IoT devices and the openness of wireless environments. In this article, taking IoT devices as the network resources competed between an attacker and a defender, we study the modeling and analysis of network resource competition in an attack-defense game. The attacker and defender inject different competition strength in each IoT device as their strategies. As a result, the security state of each IoT device will change, which is captured by differential equations. To study the interaction between the attacker and defender and the evolution of the system security states, a zero-sum differential game is formulated by modeling the competition of IoT devices. To achieve the equilibrium of the formulated differential game, optimal control theory is employed to solve the optimization problems of players. Further, a Gauss–Seidel-like implicit finite-difference method is utilized to obtain the saddle point strategy. Finally, numerical results are provided to demonstrate the evolution of network resource competition between the attacker and defender. The results show that our formulated model can effectively and accurately characterize the evolution of the system security states with strategic interactions between the attacker and defender.

Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Saurav Kumar,Ajit kumar Keshri

DOI: https://doi.org/10.1016/j.knosys.2024.112052

IF: 8.139

2024-06-21

Knowledge-Based Systems

Abstract:The Internet of Things enables the creation of transmitted use cases for interconnected devices and complementary channels. The varied structure of it creates additional security needs and problems. In particular, the safeguards used in the IoT should adjust to the changing environment. One of the major dangers to the World Wide Web (WWW) things is Distributed Denial of Service (DDoS). Therefore, in this work, an intelligent Game Theory-based Adaptive security (GT-AS) mathematical model was developed to maximize the effectiveness of DDoS attack mitigation. Moreover, this strategy can strongly derive the five parameters such as energy channel, memory, intruder, and hybrid. These all can achieve a stronger defense posture against DDoS attacks from the newly designed IoT. Consequently, the Recurrent Bat (RB) framework is developed to classify the nodes into two classes such as trusted node and malicious node. In addition, the proposed frameworks analyze how protection effectiveness and energy consumption interact when evaluating adaptive security techniques. To analyze the effectiveness of the suggested paradigm, researchers also give the outcomes of simulation experiments. Researchers demonstrate that, in comparison to existing models, the developed approach has increased the lifespan of the connected objects by 47 %. Also, the developed strategy has attained better accuracy and lower error rates when comparing traditional strategies. Moreover, the packet delivery ratio is 60 KB, energy consumption is 116 KJ, Mean Location Error is 0.078 and resource usage is 148.

computer science, artificial intelligence

Ziming Zhao,Zhuotao Liu,Huan Chen,Fan Zhang,Zhuoxue Song,Zhaoxuan Li

DOI: https://doi.org/10.1109/tdsc.2023.3349180

2024-01-01

Abstract:Defending against Distributed Denial of Service (DDoS) attacks is a fundamental problem in the Internet. Over the past few decades, the research and industry communities have proposed a variety of solutions, from adding incremental capabilities to the existing Internet routing stack, to clean-slate future Internet architectures, and to widely deployed commercial DDoS prevention services. Yet a recent interview with over 100 security practitioners in multiple sectors reveals that existing solutions are still insufficient against , due to either unenforceable protocol deployment or non-comprehensive traffic filters. This seemingly endless arms race with attackers probably means that we need a fundamental paradigm shift. In this paper, we propose a new DDoS prevention paradigm named preference-driven and in-network enforced traffic shaping , aiming to explore the novel DDoS prevention norms that focus on delivering victim-preferred traffic rather than consistently chasing after the DDoS attacks. Towards this end, we propose DFNet, a novel DDoS prevention system that provides reliable delivery of victim-preferred traffic without full knowledge of DDoS attacks. At a very high level, the core innovative design of DFNet embraces the advances in Machine Learning (ML) and new network dataplane primitives, by encoding the victim's traffic preference (in the form of complex ML models) into dataplane packet scheduling algorithms such that the victim-preferred traffic is forwarded with priority at line-speed, regardless of the attacker strategy. We implement a prototype of DFNet in 11,560 lines of code, and extensively evaluate it on our testbed. The results show that a single instance of DFNet can forward 99.93% of victim-desired traffic when facing previously unseen attacks, while imposing less than 0.1% forwarding overhead on a dataplane with 80 Gbps upstream links and a 40 Gbps bottleneck.

Yunfan Zhang,Feihuang Chu,Luliang Jia,Miao Yu,Wenting Cao

DOI: https://doi.org/10.1109/tce.2024.3412166

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:The Internet of Things (IoT) is a key factor driving the widespread use of smart consumer electronics, yet remote areas are difficult to access. Satellite Internet of Things (SIoT), as a complement and extension of IoT, has the advantages of being able to achieve global coverage and the deployment of sensors that are virtually unrestricted by space. However, due to its highly exposed star-ground links, SIoT is highly susceptible to jamming attacks. Therefore, this paper investigates the dynamic anti-jamming scheme for SIoT to decrease consumption in the jamming environment. A hierarchical anti-jamming Stackelberg game (HASG) is proposed to characterize the adversarial interactions between the jamming satellites and the ground cells, and it has been demonstrated that a Stackelberg equilibrium exists in the proposed HASG. Subsequently, to avoid the dimensional catastrophe associated with exhaustive enumeration, the leader subgame and follower subgame are described as many-to-one matching and one-to-one matching problems, respectively. A low-complexity matching strategy is proposed, and the existence of stable suboptimal solutions is proved. Simulation results show that the proposed anti-jamming matching strategy can realize efficient communication.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Akhil Gupta,Rakesh Kumar Jha,Sanjeev Jain

DOI: https://doi.org/10.1002/dac.3237

2016-11-28

International Journal of Communication Systems

Abstract:Research has been going around the globe to overcome the challenges that are associated with the increase in the number of users, such as interference management, load sharing, and increased capacity. 5G is emerging as a budding prospect for fulfilling demand and overcoming these challenges. For meeting the increased demands, new technologies such as relays in device‐to‐device communication and small cell access points have been introduced. However, these introductions have opened up security issues in the 5G wireless communication networks. This article focuses on security issues of the 5G wireless communication networks and analyzes the effect of a bandwidth spoofing attack using game theory on the small cell access point in 5G wireless communication network. This article also proposes an adaptive intrusion detection system using a hidden Markov Model for detecting an intrusion on small cell access point in a 5G wireless communication networks. This article has concluded that the Game theory has proven to be a useful method in examining the bandwidth spoofing attack. In addition, with the use of prisoner's dilemma game theory, attacker is able to spoof the bandwidth from the defender with a significant winning percentage. This article has also proposed an adaptive intrusion detection system, which is capable of detecting and removing the intruder executing the bandwidth spoofing attack on the small cell access in a 5G wireless communication network.

telecommunications,engineering, electrical & electronic

Zhe Li,Jin Liu,Jiaqi Ren,Yibo Dong,Weili Li

DOI: https://doi.org/10.1016/j.chaos.2024.115662

2024-10-24

Abstract:Critical infrastructure networks serve as the backbone of modern society's operations, and the application of game theory to safeguard these networks against deliberate attacks under resource constraints is of paramount importance. Regrettably, the existing body of research on hybrid attack and defense strategies for nodes and edges is notably scarce, despite the ubiquity of such strategies in practical contexts. Current understanding regarding the establishment of a cost constraint model within the framework of hybrid attack and defense strategies, the strategic inclinations of both adversarial and defensive parties under varying cost constraint coefficients, and the influence of resource allocation ratios on equilibrium outcomes remains limited. Consequently, this study constructs a game-theoretic model for the engagement of critical infrastructure networks under non-uniform cost constraints, incorporating hybrid attack and defense strategies for nodes and edges, and conducts an equilibrium analysis across a range of cost constraint coefficients and resource allocation ratios. The findings reveal that when resource availability is limited, both attackers and defenders are inclined towards a strategy of concentrated resource allocation; in contrast, under most circumstances, defenders exhibit a preference for an equitable distribution of resources.

mathematics, interdisciplinary applications,physics, mathematical, multidisciplinary

Chao Qi,Jiangxing Wu,Hongchang Chen,Hongtao Yu,Hongchao Hu,Guozhen Cheng

DOI: https://doi.org/10.1109/VTCSpring.2017.8108542

2017-01-01

Abstract:Security evaluation of diverse SDN frameworks is of significant importance to design resilient systems and deal with attacks. Focused on SDN scenarios, a game-theoretic model is proposed to analyze their security performance in existing SDN architectures. The model can describe specific traits in different structures, represent several types of information of players (attacker and defender) and quantitatively calculate systems' reliability. Simulation results illustrate dynamic SDN structures have distinct security improvement over static ones. Besides, effective dynamic scheduling mechanisms adopted in dynamic systems can enhance their security further.

Morteza Sheibani,Savas Konur,Irfan Awan,Amna Qureshi

DOI: https://doi.org/10.3390/electronics13081515

IF: 2.9

2024-04-18

Electronics

Abstract:Software-defined networking (SDN) and network functions virtualisation (NFV) are crucial technologies for integration in the fifth generation of cellular networks (5G). However, they also pose new security challenges, and a timely research subject is working on intrusion detection systems (IDSs) for 5G networks. Current IDSs suffer from several limitations, resulting in a waste of resources and some security threats. This work proposes a new three-layered solution that includes forwarding and data transport, management and control, and virtualisation layers, emphasising distributed controllers in the management and control layer. The proposed solution uses entropy detection to classify arriving packets as normal or suspicious and then forwards the suspicious packets to a centralised controller for further processing using a self-organising map (SOM). A dynamic OpenFlow switch relocation method is introduced based on deep reinforcement learning to address the unbalanced burden among controllers and the static allocation of OpenFlow switches. The proposed system is analysed using the Markov decision process, and a Double Deep Q-Network (DDQN) is used to train the system. The experimental results demonstrate the effectiveness of the proposed approach in mitigating DDoS attacks, efficiently balancing controller workloads, and reducing the duration of the balancing process in 5G networks.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jie Ma,Wei Su,Yikun Li,Yihua Peng

DOI: https://doi.org/10.1016/j.future.2023.12.033

IF: 7.307

2024-01-05

Future Generation Computer Systems

Abstract:The availability of SD-IoT is now under complex and serious cyber threats, especially distributed denial-of-service attacks. However, traditional defense schemes suffer from coarse-grained centralized sampling approaches, low accuracy of detection models, and inefficient mitigation methods. In this paper, a novel DDoS defense scheme is proposed, which consists of a high-accuracy detection mechanism based on a Graph Convolutional Neural Network learning model and a mitigation mechanism based on fast traffic migration. In the detection stage, a fine-grained INT sampling approach is utilized to obtain multidimensional network topology and status information. The Graph Convolutional Neural Network learning model detects switches containing DDoS attack traffic with high accuracy because the detection model not only extracts and utilizes multiple temporal and spatial features of the collected information, but also has a better learning and representation capability. In the mitigation stage, the enhanced whitelist with dynamic threshold-based values is automatically adapted to the real-time state of the network environment for enhanced mitigation flexibility. The fast programmable segment rerouting strategy can block attack traffic in time and ensure the continuity of network services. The results of several comparison experiments show that the proposed scheme can detect DDoS attacks more accurately and mitigate them more effectively than traditional schemes.

computer science, theory & methods

Parmod Kumar,Anupam Baliyan,K. Ramalingeswara Prasad,N. Sreekanth,Parag Jawarkar,Vandana Roy,Enoch Tetteh Amoatey

DOI: https://doi.org/10.1155/2022/5713092

2022-04-13

Wireless Communications and Mobile Computing

Abstract:A number of disadvantages of traditional networks may be attributed to the close relationship that exists between the control plane and the data plane inside proprietary hardware designs, as described above. The problem of security is one of the most difficult to deal with. There are a plethora of network hazards and attacks that might be encountered these days. DDoS attacks are one of the most popular and disruptive attacks on the internet today, and they affect a wide range of organisations. Despite a large number of traditional mitigation solutions now available, the frequency, volume, and intensity of distributed denial-of-service (DDoS) attacks continue to rise. According to the findings of this paper, a new network paradigm is necessary to satisfy the requirements of today’s complex security concerns. It was necessary to develop a software-defined network (SDN) in order to meet the real-time needs of the massive network that was expanding at an exponential rate. Many advantages of SDN exist, including simplicity of administration, scalability, and agility, but one of the most critical is security, which is one of the most important considerations when implementing SDN. SDS may be seen as a paradigm in which the implementation of new security regulations in the computer environment is performed via the use of protected software, which is described further below. The goal is to provide a flexible and extensible architecture for DDoS detection and prevention that is both flexible and extendable; the suggested clustering approach, which is based on the Open Day Light (ODL) Controller, is employed to carry out the experimental findings. In this section, we emphasise DDoS penetration techniques from a range of tools, and we evaluate the vulnerability against various tactics. It is necessary to use a Mininet emulation tool to construct a detection and prevention system against distributed denial of service (DDoS) attacks in order to achieve success. There is a range of other simulation tools that are utilised in conjunction with this research in order to bring it to a conclusion. Integration of industry standards such as SNORT and Flow has been accomplished in a variety of situations and parameter settings. During the creation of a framework capable of detecting and mitigating DDoS attacks at an early stage in both the control and application levels, the implementation of this framework has been shown to be crucial in the development of a framework.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shaohan Feng,Zehui Xiong,Dusit Niyato,Ping Wang

DOI: https://doi.org/10.1109/tcc.2019.2896632

IF: 5.697

2021-07-01

IEEE Transactions on Cloud Computing

Abstract:Fog computing has gained tremendous popularity due to its capability of addressing the surging demand on high-quality ubiquitous mobile services. Nevertheless, the highly virtualized environment in fog computing leads to vulnerability to cyber attacks such as advanced persistent threats. In this paper, we propose a novel game approach of cyber risk management for the fog computing platform. We adopt the cyber-insurance concept to transfer cyber risks from fog computing platform to a third party. The system model under consideration consists of three main entities, i.e., the fog computing provider, attacker, and cyber-insurer. The fog computing provider dynamically optimizes the allocation of its defense computing resources to improve the security of the fog computing platform which is composed of multiple fog nodes. Meanwhile, the attacker dynamically adjusts the allocation of its attack computing resources to increase the probability of successful attack. Additionally, to prevent from the potential loss due to the attacks, the provider also makes a dynamic decision on the subscription of cyber-insurance for each fog node. Thereafter, the cyber-insurer accordingly determines the premium of cyber-insurance for each fog node. To model this dynamic interactive decision making problem, we formulate a dynamic Stackelberg game. In the lower-level, we formulate an evolutionary subgame to analyze the provider's defense and cyber-insurance subscription strategies as well as the attacker's attack strategy. In the upper-level, the cyber-insurer optimizes its premium strategy, taking into account the evolutionary equilibrium at the lower-level evolutionary subgame. We analytically prove that the evolutionary equilibrium is unique and stable, and we investigate the Stackelberg equilibrium by capitalizing on tools from the optimal control theory. Moreover, we provide a series of insightful analytical and numerical results on the equilibrium -f the dynamic Stackelberg game.

computer science, information systems, theory & methods