A Game Theoretic Approach for Dynamic Information Flow Tracking with Conditional Branching

Sahabandu, Dinuka; Moothedath, Shana; Bushnell, Linda; Poovendran, Radha; Aller, Joey; Lee, Wenke; Clark, Andrew

doi:10.23919/acc.2019.8814596

Cited by 12 publications

(4 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In other words, the game models in [17]- [20] assume that security analysis performed by DIFT can verify the authenticity of tagged information flows accurately. A stochastic game model for detecting APTs was recently introduced in [21]. Paper [21] analyzed a discounted stochastic game and presented a value iteration based algorithm to obtain an ε-NE of the discounted game.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic Information Flow Tracking for Detection of Advanced Persistent Threats: A Stochastic Game Approach

Moothedath,

Sahabandu,

Allen

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) are stealthy customized attacks by intelligent adversaries. This paper deals with detection of APTs that infiltrate cyber systems and compromise specifically targeted data and/or infrastructures. Dynamic information flow tracking is an information trace-based detection mechanism against APTs that taints suspicious information flows in the system and generates security analysis for unauthorized use of tainted data. In this paper, we develop an analytical model for resource efficient detection of APTs using an information flow tracking game. The game is a nonzero-sum, turn-based, stochastic game with asymmetric information as the defender cannot distinguish whether an incoming flow is malicious or benign and hence has only partial state observation. We analyze equilibrium of the game and prove that a Nash equilibrium is given by a solution to the minimum capacity cut set problem on a flow-network derived from the system, where the edge capacities are obtained from the cost of performing security analysis. Finally, we implement our algorithm on the real-world dataset for a data exfiltration attack augmented with false-negative and false-positive rates and compute an optimal defender strategy.

show abstract

Section: Related Workmentioning

confidence: 99%

“…A stochastic game model for detecting APTs was recently introduced in [21]. Paper [21] analyzed a discounted stochastic game and presented a value iteration based algorithm to obtain an ε-NE of the discounted game. In contrast to [21], this paper solves an average reward (undiscounted) game.…”

Section: Related Workmentioning

confidence: 99%

Dynamic Information Flow Tracking for Detection of Advanced Persistent Threats: A Stochastic Game Approach

Moothedath,

Sahabandu,

Allen

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…The game models in [34], [36], [37] are non-stochastic as the notions of false alarms and false-negatives are not considered. Recently, a stochastic model of DIFT-games was proposed in [38], [39] when the transition probabilities of the game are known. However, the transition probabilities, which are the rates of generation of false alarms and false negatives at the different system components, are often unknown.…”

Section: A Related Workmentioning

confidence: 99%

DIFT Games: Dynamic Information Flow Tracking Games for Advanced Persistent Threats

Sahabandu

Xiao

Clark

et al. 2018

2018 IEEE Conference on Decision and Control (CDC)

Self Cite

View full text Add to dashboard Cite

“…Recently, the authors in [32] propose a two player mixed strategy game to address a dynamic resource-planning problem between an attacker targeting the communication equipment and a defender protecting the control network. Similar frameworks have also been deployed to model the dynamics of information flow between an advanced persistent threat and a detector [30,29].…”

Section: Introductionmentioning

confidence: 99%

From Static to Dynamic Anomaly Detection With Application to Power System Cyber Security

Pan

Pálenský

Esfahani

2020

IEEE Trans. Power Syst.

View full text Add to dashboard Cite

Developing advanced diagnosis tools to detect cyber attacks is the key to security of power systems. It has been shown that multivariate data injection attacks can bypass bad data detection schemes typically built on static behavior of the systems, which misleads operators to disruptive decisions. In this article, we depart from the existing static viewpoint to develop a diagnosis filter that captures the dynamics signatures of such a multivariate intrusion. To this end, we introduce a dynamic residual generator approach formulated as robust optimization programs in order to detect a class of disruptive multivariate attacks that potentially remain stealthy in view of a static bad data detector. We investigate two possible desired features: (i) a non-zero transient and (ii) a non-zero steady-state behavior of the residual generator in the presence of an attack. In case (i), the problem is reformulated as a finite, but possibly non-convex, optimization program.We further develop a linear programming relaxation that improves the scalability, and as such practicality, of the diagnosis filter design. In case (ii), it turns out that the resulting robust program admits an exact convex reformulation, yielding a Nash equilibrium between the attacker and the residual generator. This assertion has an interesting implication: the proposed approach is not conservative in the sense that the additional knowledge of the worst-case attack does not improve the diagnosis performance. To illustrate our theoretical results, we implement the proposed diagnosis filter to detect multivariate attacks on the system measurements deployed to generate the so-called Automatic Generation Control signals in a three-area IEEE 39-bus system. P.MohajerinEsfahani}@tudelft.nl).

show abstract

A Game Theoretic Approach for Dynamic Information Flow Tracking with Conditional Branching

Cited by 12 publications

References 23 publications

Dynamic Information Flow Tracking for Detection of Advanced Persistent Threats: A Stochastic Game Approach

Dynamic Information Flow Tracking for Detection of Advanced Persistent Threats: A Stochastic Game Approach

DIFT Games: Dynamic Information Flow Tracking Games for Advanced Persistent Threats

From Static to Dynamic Anomaly Detection With Application to Power System Cyber Security

Contact Info

Product

Resources

About