A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy

Zhu

2020

Computers & Security

Self Cite

113

Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for Cyber-Physical Systems (CPSs) due to APTs' stealthy, dynamic and adaptive nature. The proactive dynamic defense provides a strategic and holistic security mechanism to increase costs of attacks and mitigate risks. This work proposes a dynamic game framework to model the long-term interaction between the stealthy attacker and the proactive defender. The stealthy and deceptive behaviors are captured by the multistage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by multistage observation and learning. The solution concept of Perfect Bayesian Nash Equilibrium (PBNE) provides a useful prediction of both players' policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the PBNE and use Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.

Section: Introductionmentioning

confidence: 99%

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Zhu

2020

Computers & Security

Self Cite

113

“…They are useful to describe outcomes of different types of interactions among players. For a detailed exposition of basic concepts of equilibrium solutions, we refer the reader to [27], [28]; and for a review of game-theoretic applications to cyber security, we refer readers to [20], [31]- [33].…”

Section: B Game-theoretic Methodsmentioning

confidence: 99%

Dynamic games for secure and resilient control system design

Chen

National Science Review

et al. 2020

Self Cite

Modern control systems are featured by their hierarchical structure composing of cyber, physical, and human layers. The intricate dependencies among multiple layers and units of modern control systems require an integrated framework to address cross-layer design issues related to security and resilience challenges. To this end, game theory provides a bottom-up modeling paradigm to capture the strategic interactions among multiple components of the complex system and enables a holistic view to understand and design cyber-physical-human control systems. In this review, we first provide a multi-layer perspective toward increasingly complex and integrated control systems and then introduce several variants of dynamic games for modeling different layers of control systems. We present game-theoretic methods for understanding the fundamental tradeoffs of robustness, security, and resilience and developing a cross-layer approach to enhance the system performance in various adversarial environments. This review also includes three quintessential research problems that represent three research directions where dynamic game approaches can bridge between multiple research areas and make significant contributions to the design of modern control systems. The paper is concluded with a discussion on emerging areas of research that crosscut dynamic games and control systems.

“…The idea of using deceptions defensively to detect and deter attacks has been studied theoretically as listed in the taxonomic survey [8], implemented to the Adversarial Tactics, Techniques and Common Knowledge (ATT&CK T M ) adversary model system [9], and tested in the real-time cyber-wargame experiment [10]. Many previous works imply the similar idea of type obfuscation, e.g., creating social network avatars (fake personas) on the major social networks [11], implementing honey files for ransomware actions [12], and disguising a production system as a honeypot to scare attackers away [13].…”

Section: Literaturementioning

confidence: 99%

“…The indicators in (8) mean that both players only update the estimate average risk of the current action.…”

Section: Distributed Learningmentioning

confidence: 99%

“…The coupled dynamics of the payoff learning (8) and policy learning (13) converge to their Ordinary Differential Equations (ODEs) counterparts in system dynamics (15) and attacker dynamics (16), respectively. Let e c l, h ∈ C l , e a l, h ∈ A l be vectors of proper dimensions with the h-th entry being 1 and others being 0.…”

Section: Learning Dynamics and Ode Counterpartsmentioning

confidence: 99%

See 1 more Smart Citation

Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

Adaptive Autonomous Secure Cyber Systems

Zhu

2020

Self Cite

The increasing instances of advanced attacks call for a new defense paradigm that is active, autonomous, and adaptive, named as the '3A' defense paradigm. This chapter introduces three defense schemes that actively interact with attackers to increase the attack cost and gather threat information, i.e., defensive deception for detection and counter-deception, feedback-driven Moving Target Defense (MTD), and adaptive honeypot engagement. Due to the cyber deception, external noise, and the absent knowledge of the other players' behaviors and goals, these schemes possess three progressive levels of information restrictions, i.e., from the parameter uncertainty, the payoff uncertainty, to the environmental uncertainty. To estimate the unknown and reduce the uncertainty, we adopt three different strategic learning schemes that fit the associated information restrictions. All three learning schemes share the same feedback structure of sensation, estimation, and actions so that the most rewarding policies get reinforced and converge to the optimal ones in autonomous and adaptive fashions. This work aims to shed lights on proactive defense strategies, lay a solid foundation for strategic learning under incomplete information, and quantify the tradeoff between the security and costs.Recent instances of WannaCry ransomware, Petya cyberattack, and Stuxnet malware have demonstrated the trends of modern attacks and the corresponding new security challenges as follows.