A two-stage deception game for network defense. (English) Zbl 1521.91030
Bushnell, Linda (ed.) et al., Decision and game theory for security. 9th international conference, GameSec 2018, Seattle, WA, USA, October 29–31, 2018. Proceedings. Cham: Springer. Lect. Notes Comput. Sci. 11199, 569-582 (2018).
Summary: Computer network is always under the threat of adversaries. Before launching any real attacks, adversaries may scan and probe the systems to gain some key information. In this paper, we build a two-stage deception game to determine how to answer attackers’ scan and probe queries to minimize defender’s expected loss. To achieve optimal defense strategy, a sophisticated mixed integer program is formulated. To support fast computation in reality, a two-stage heuristic method is also developed based on the problem’s structural properties. Computational experiment shows that after scanning the whole network, adversary’s probe against some hosts and how such probe is responded have significant influences on defender’s expected loss. Our heuristic method is able to produce high quality solutions with a drastically improved computational performance.
For the entire collection see [Zbl 1398.68017].
For the entire collection see [Zbl 1398.68017].
MSC:
| 91A20 | Multistage and repeated games |
| 91A10 | Noncooperative games |
| 68M25 | Computer security |
| 90C11 | Mixed integer programming |
References:
| [1] | Albanese, M., Battista, E., Jajodia, S.: A deception based approach for defeating OS and service fingerprinting. In: 2015 IEEE Conference on Communications and Network Security (CNS) pp. 317-325. IEEE (2015) |
| [2] | Albanese, M.; Battista, E.; Jajodia, S.; Jajodia, S.; Subrahmanian, VSS; Swarup, V.; Wang, C., Deceiving attackers by creating a virtual attack surface, Cyber Deception, 169-201, 2016, Cham: Springer, Cham · doi:10.1007/978-3-319-32699-3_8 |
| [3] | Auffret, P., SinFP, unification of active and passive operating system fingerprinting, J. Comput. Virol., 6, 3, 197-205, 2010 · doi:10.1007/s11416-008-0107-z |
| [4] | Bezanson, J.; Edelman, A.; Karpinski, S.; Shah, VB, Julia: a fresh approach to numerical computing, SIAM Rev., 59, 1, 65-98, 2017 · Zbl 1356.68030 · doi:10.1137/141000671 |
| [5] | Brown, G.; Carlyle, M.; Diehl, D.; Kline, J.; Wood, K., A two-sided optimization for theater ballistic missile defense, Oper. Res., 53, 5, 745-763, 2005 · Zbl 1165.90704 · doi:10.1287/opre.1050.0231 |
| [6] | Cai, J-Y; Yegneswaran, V.; Alfeld, C.; Barford, P.; Ngo, HQ, An attacker-defender game for honeynets, Computing and Combinatorics, 7-16, 2009, Heidelberg: Springer, Heidelberg · Zbl 1248.68072 · doi:10.1007/978-3-642-02882-3_2 |
| [7] | Carroll, TE; Grosu, D., A game theoretic investigation of deception in network security, Secur. Commun. Netw., 4, 10, 1162-1172, 2011 · doi:10.1002/sec.242 |
| [8] | Dornseif, M., Holz, T., Klein, C.N.: Nosebreak-attacking honeynets. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop 2004, pp. 123-129. IEEE (2004) |
| [9] | Dunning, I.; Huchette, J.; Lubin, M., Jump: a modeling language for mathematical optimization, SIAM Rev., 59, 2, 295-320, 2017 · Zbl 1368.90002 · doi:10.1137/15M1020575 |
| [10] | Garg, N., Grosu, D.: Deception in honeynets: a game-theoretic analysis. In: Information Assurance and Security Workshop 2007. IAW 2007. IEEE SMC, pp. 107-113. IEEE (2007) |
| [11] | Gurobi Optimization, I.: Gurobi optimizer reference manual (2016). http://www.gurobi.com |
| [12] | Hendricks, K.; McAfee, RP, Feints, J. Econ. Manag. Strat., 15, 2, 431-456, 2006 · doi:10.1111/j.1530-9134.2006.00106.x |
| [13] | Jajodia, S.; Ghosh, AK; Swarup, V.; Wang, C.; Wang, XS, Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, 2011, Heidelberg: Springer, Heidelberg · doi:10.1007/978-1-4614-0977-9 |
| [14] | Jajodia, S., A probabilistic logic of cyber deception, IEEE Trans. Inf. Forensics Secur., 12, 11, 2532-2544, 2017 · doi:10.1109/TIFS.2017.2710945 |
| [15] | Kuwatly, I., Sraj, M., Al Masri, Z., Artail, H.: A dynamic honeypot design for intrusion detection. In: IEEE/ACS International Conference on Pervasive Services, 2004. ICPS 2004,, pp. 95-104. IEEE (2004) |
| [16] | Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure (2009) |
| [17] | Mathews, L.: Equifax data breach impacts 143 million americans, 7 September 2017. https://www.forbes.com/sites/leemathews/2017/09/07/equifax-data-breach-impacts-143-million-americans/#5a924209356f |
| [18] | McMillan, R., Knutson, R.: Yahoo triples estimate of breached accounts to 3 billion, 3 October 2017. https://www.wsj.com/articles/yahoo-triples-estimate-of-breached-accounts-to-3-billion-1507062804 |
| [19] | Perlroth, N.: Yahoo says hackers stole data on 500 million users in 2014, 22 September 2016. https://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html |
| [20] | Píbil, R.; Lisý, V.; Kiekintveld, C.; Bošanský, B.; Pěchouček, M.; Grossklags, J.; Walrand, J., Game theoretic model of strategic honeypot selection in computer networks, Decision and Game Theory for Security, 201-220, 2012, Heidelberg: Springer, Heidelberg · Zbl 1377.68025 · doi:10.1007/978-3-642-34266-0_12 |
| [21] | Schlenker, A., et al.: Deceiving cyber adversaries: a game theoretic approach. In: International Conference on Autonomous Agents and Multiagent Systems (2018) |
| [22] | Shan, X.; Zhuang, J., Modeling credible retaliation threats in deterring the smuggling of nuclear weapons using partial inspection’a three-stage game, Decis. Anal., 11, 1, 43-62, 2014 · Zbl 1398.91067 · doi:10.1287/deca.2013.0288 |
| [23] | Times, T.N.Y.: What are the panama papers? 4 April 2016. https://www.nytimes.com/2016/04/05/world/panama-papers-explainer.html |
| [24] | Yegneswaran, V., Alfeld, C., Barford, P., Cai, J.Y.: Camouflaging honeynets. In: IEEE Global Internet Symposium, 2007, pp. 49-54. IEEE (2007) |
| [25] | Zhang, F., Zhou, S., Qin, Z., Liu, J.: Honeypot: a supplemented active defense system for network security. In: Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2003. PDCAT 2003, pp. 231-235. IEEE (2003) |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
