Exploiting bounded rationality in risk-based cyber camouflage games. (English) Zbl 1483.68049
Zhu, Quanyan (ed.) et al., Decision and game theory for security. 11th international conference, GameSec 2020, College Park, MD, USA, October 28–30, 2020. Proceedings. Cham: Springer. Lect. Notes Comput. Sci. 12513, 103-124 (2020).
Summary: Recent works have growingly shown that Cyber deception can effectively impede the reconnaissance efforts of intelligent cyber attackers. Recently proposed models to optimize a deceptive defense based on camouflaging network and system attributes, have shown effective numerical results on simulated data. However, these models possess a fundamental drawback due to the assumption that an attempted attack is always successful – as a direct consequence of the deceptive strategies being deployed, the attacker runs a significant risk that the attack fails. Further, this risk or uncertainty in the rewards magnifies the boundedly rational behavior in humans which the previous models do not handle. To that end, we present Risk-based Cyber Camouflage Games – a general-sum game model that captures the uncertainty in the attack’s success. In case of the rational attackers, we show that optimal defender strategy computation is NP-hard even in the zero-sum case. We provide an MILP formulation for the general problem with constraints on cost and feasibility, along with a pseudo-polynomial time algorithm for the special unconstrained setting. Second, for risk-averse attackers, we present a solution based on Prospect theoretic modeling along with a robust variant that minimizes regret. Third, we propose a solution that does not rely on the attacker behavior model or past data, and effective for the broad setting of strictly competitive games where previous solutions against bounded rationality prove ineffective. Finally, we provide numerical results that our solutions effectively lower the defender loss.
For the entire collection see [Zbl 1475.68029].
For the entire collection see [Zbl 1475.68029].
References:
| [1] | Aggarwal, P., et al.: An exploratory study of a masking strategy of cyberdeception using cybervan. In: HFES (2020) |
| [2] | Alpcan, T.; Başar, T., Network Security: A Decision and Game-Theoretic Approach (2010), Cambridge: Cambridge University Press, Cambridge · Zbl 1200.68002 · doi:10.1007/978-3-642-17197-0 |
| [3] | Ben-Tal, A.; El Ghaoui, L.; Nemirovski, A., Robust optimization (2009), Princeton: Princeton University Press, Princeton · Zbl 1221.90001 · doi:10.1515/9781400831050 |
| [4] | Berrueta, D.: A Practical Approach for Defeating Nmap OS- Fingerprinting (2003) |
| [5] | Boutilier, C.; Patrascu, R.; Poupart, P.; Schuurmans, D., Constraint-based optimization and utility elicitation using the minimax decision criterion, Artif. Intell., 170, 8-9, 686-713 (2006) · Zbl 1131.91317 · doi:10.1016/j.artint.2006.02.003 |
| [6] | Breton, M.; Alj, A.; Haurie, A., Sequential stackelberg equilibria in two-person games, J. Optim. Theory Appl., 59, 71-97 (1988) · Zbl 0631.90100 · doi:10.1007/BF00939867 |
| [7] | Chadha, R., et al.: Cybervan: a cyber security virtual assured network testbed. In: MILCOM 2016-2016 IEEE Military Communications Conference (Nov 2016). doi:10.1109/MILCOM.2016.7795481 |
| [8] | Cooney, S., Wang, K., Bondi, E., Nguyen, T., Vayanos, P., et al.: Learning to signal in the goldilocks zone: improving adversary compliance in security games. In: ECML/PKDD (2019) |
| [9] | de Farias, D.P., Van Roy, B.: On constraint sampling in the linear programming approach to approximate linear programming. In: CDC (2003) · Zbl 1165.90666 |
| [10] | De Gaspari, F., Jajodia, S., Mancini, L.V., Panico, A.: Ahead: a new architecture for active defense. In: SafeConfig (2016) |
| [11] | Eatwell, J.; Milgate, M.; Newman, P., The New Palgrave: A Dictionary of Economics (1987), London: Palgrave Macmillan, London · doi:10.1057/9780230279803 |
| [12] | Ferguson-Walter, K.; LaFon, D.; Shade, T., Friend or faux: deception for cyber defense, J. Info. Warfare, 16, 2, 28-42 (2017) |
| [13] | Goel, V., Perlroth, N.: Yahoo Says 1 Billion User Accounts Were Hacked. (December 2016). https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html |
| [14] | Guo, Q., Gan, J., Fang, F., Tran-Thanh, L., Tambe, M., An, B.: On the inducibility of stackelberg equilibrium for security games. CoRR, abs/1811.03823 (2018) |
| [15] | Gutzmer, I.: Equifax Announces Cybersecurity Incident Involving Consumer Information (2017). https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628 |
| [16] | Xin Jiang, A., Chan, H., Leyton-Brown, K.: Resource graph games: a compact representation for games with structured strategy spaces. In: AAAI (2017) |
| [17] | Joyce, R., Disrupting Nation State Hackers (2016), San Francisco: USENIX Association, San Francisco |
| [18] | Kiekintveld, C., Marecki, J., Tambe, M.: Approximation methods for infinite bayesian stackelberg games: modeling distributional payoff uncertainty. In: AAMAS (2011) · Zbl 1241.91030 |
| [19] | Kiekintveld, C., Islam, T., Kreinovich, V.: Security games with interval uncertainty. In: AAMAS (2013) |
| [20] | Laszka, A., Vorobeychik, Y., Koutsoukos, X.D.: Optimal personalized filtering against spear-phishing attacks. In: AAAI (2015) |
| [21] | Mandiant: Apt1: exposing one of china’s cyber espionage units (2013) |
| [22] | McKelvey, R.; Palfrey, T., Quantal response equilibria for normal form games, Games Econ. Behav., 10, 1, 6-38 (1995) · Zbl 0832.90126 · doi:10.1006/game.1995.1023 |
| [23] | Nguyen, T.H., Yadav, A., An, B., Tambe, M., Boutilier, C.: Regret-based optimization and preference elicitation for stackelberg security games with uncertainty. In: AAAI (2014) |
| [24] | Peterson, A.: OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought (September 2015). https://www.washingtonpost.com/news/the-switch/wp/2015/09/23/opm-now-says-more-than-five-million-fingerprints -compromised-in-breaches |
| [25] | Pita, J., John, R., Maheswaran, R., Tambe, M., Kraus, S.: A robust approach to addressing human adversaries in security games. In: ECAI, pp. 660-665 (2012a) |
| [26] | Pita, J., John, R., Maheswaran, R., Tambe, M., Yang, R., Kraus, S.: A robust approach to addressing human adversaries in security games. In: AAMAS, pp. 1297-1298 (2012) |
| [27] | Qian, Y., Haskell, W., Tambe, M.: Robust strategy against unknown risk-averse attackers in security games. In: AAMAS (2015) |
| [28] | Rahman, M., Manshaei, M., Al-Shaer, E.: A game-theoretic approach for deceiving remote operating system fingerprinting. In: CNS, pp. 73-81 (2013) |
| [29] | Schlenker, A., et al.: Don’t bury your head in warnings: A game-theoretic approach for intelligent allocation of cyber-security alerts (2017) |
| [30] | Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: AAMAS (2018) |
| [31] | Serra, E.; Jajodia, S.; Pugliese, A.; Rullo, A.; Subrahmanian, VS, Pareto-optimal adversarial defense of enterprise systems, ACM Trans. Inf. Syst. Secur. (TISSEC), 17, 3, 11 (2015) · doi:10.1145/2699907 |
| [32] | Sinha, A.; Malo, P.; Deb, K., A review on bilevel optimization: from classical to evolutionary approaches and applications, IEEE Trans. Evol. Comput., 22, 2, 276-295 (2018) · doi:10.1109/TEVC.2017.2712906 |
| [33] | Tambe, M.: Security and game theory: algorithms, deployed systems, lessons learned (2011) · Zbl 1235.91005 |
| [34] | Thakoor, O., Tambe, M., Vayanos, P., Xu, H., Kiekintveld, C., Fang, F.: Cyber camouflage games for strategic deception. In: GameSec (2019) |
| [35] | Thinkst. Canary (2015). https://canary.tools/ |
| [36] | Tversky, A.; Kahneman, D., Prospect theory: an analysis of decision under risk, Econometrica, 47, 2, 263-291 (1979) · Zbl 0411.90012 · doi:10.2307/1914185 |
| [37] | von Stengel, B., Zamir, S.: Leadership with commitment to mixed strategies. Technical report (2004) |
| [38] | Yang, R., Kiekintveld, C., Ordonez, F., Tambe, M., John, R.: Improving resource allocation strategy against human adversaries in security games. In: ICJAI (2011) · Zbl 1270.91015 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
