Defending Against Advanced Persistent Threats Using Game-Theory

Raß, Stefan; König, Sandra; Schauer, Stefan

doi:10.1371/journal.pone.0168675

Cited by 84 publications

(43 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As an alternative to these detection methods, security game models [9], [10], [11] have provided quantitative risk management frameworks that allow the system to prepare for attacks proactively. FlipIt game [12] models the key leakage under APTs as a private takeover between the system operator and the attacker.…”

Section: Introductionmentioning

confidence: 99%

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Huang

Zhu

2020

Computers & Security

113

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for Cyber-Physical Systems (CPSs) due to APTs' stealthy, dynamic and adaptive nature. The proactive dynamic defense provides a strategic and holistic security mechanism to increase costs of attacks and mitigate risks. This work proposes a dynamic game framework to model the long-term interaction between the stealthy attacker and the proactive defender. The stealthy and deceptive behaviors are captured by the multistage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by multistage observation and learning. The solution concept of Perfect Bayesian Nash Equilibrium (PBNE) provides a useful prediction of both players' policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the PBNE and use Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.

show abstract

Section: Introductionmentioning

confidence: 99%

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

Huang

Zhu

2020

Computers & Security

113

View full text Add to dashboard Cite

show abstract

“…We found that many MTD works only consider (and show) the improvement in regards to security and either assuming that it has no impact on performance or ignore that aspect altogether. We will now discuss the details [62], [65], [75], [69], [127], [100], [70], [59], [146], [61], [65], [76], [66], [91], [71], [78], [79], [80], [147] [64], [94], [143] [72], [67] [85], [7], [58], [107], [68], [131], [118], [77], [141] [105], [109], [73] Works in bold explicitly consider diversity of configurations.…”

Section: A Qualitative Evaluationmentioning

confidence: 99%

“…[62], [58], [59], [146], [61], [78], [79], [80], [94], [148], [147] [75], [69], [70], [107], [76], [71] [7], [68], [65], [66], [91], [131], [118], [143] Fig . 11: A Moving Target Defense is more effective if it considers the security and performance impacts of the system configurations, both in unison and also when placed in an ensemble of system configurations that the MTD leverages.…”

Section: A Qualitative Evaluationmentioning

confidence: 99%

“…MTDs the consider some form of game-theoretic modeling, consider the security of individual defenses in the ensemble by representing them as a part of the defender's utility value [62], [79], [61], [91], [67], [79], [147], [80]. For most of these works, the security metrics considered for each action are obtained using scoring metrics designed by experts like the Common Vulnerability Scoring Services (CVSS) discussed earlier.…”

Section: A) Considers Only Security Of Individual Defenses: Mostmentioning

confidence: 99%

“…In that regard, authors in [67] model the security of a configuration as inversely proportional to the probability with which an adversary can come up with a new attack given the attacks it performed in the earlier time steps. In [147], the authors try to model zero-day attacks by asking security experts to annotate how effective they think a particular countermeasure or defense action will be against zero-day vulnerabilities. As the annotations might be inaccurate (due to lack of actual black-hat hackers who invent zero-day attacks in the set of security experts who annotate the defense methods), we believe the effectiveness of their MTD cannot be accurately determined.…”

Section: A) Considers Only Security Of Individual Defenses: Mostmentioning

confidence: 99%

See 2 more Smart Citations

A Survey of Moving Target Defenses for Network Security

Sengupta

Chowdhary

Sabur

et al. 2020

IEEE Commun. Surv. Tutorials

182

View full text Add to dashboard Cite

Network defense techniques based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due to static nature of network services and configurations. Moving Target Defense (MTD), on the other hand, provides an intelligent countermeasure by dynamically re-configuring the underlying systems, thereby reducing the effectiveness of cyber attacks. In this survey, we analyze the recent advancements made in the development of MTD tools, techniques and procedures (TTP) and highlight how these defenses can be made more effective with the use of artificial intelligence techniques for decision making. We first define a unified formal notation for MTDs that can capture different aspects of such defenses. We then categorize these defenses into different sub-classes depending on how they answer the three questions-what to move, when to move and how to moveshowcasing how game theoretic strategies can effectively answer the latter question. To understand the usefulness of these defense methods, we study the implementation of such MTD techniques. We find that (relatively) new networking technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV) provide effective means for implementing these dynamic defense methods. To encourage researchers and industry experts in using such defenses, we highlight industry use-cases and discuss the practicality and maturity of these defenses. To aid readers who want to test or deploy MTD techniques, we highlight existing MTD test-beds. Our survey then performs both a qualitative and quantitative analysis to better understand the effectiveness of these MTDs in terms of security and performance. To that extent, we use well-defined metrics such as risk analysis, performance costs for qualitative evaluation and metrics based on Confidentiality, Integrity, Availability (CIA), attack representation, QoS impact, targeted threat models and defense cost for quantitative evaluation. Finally, we conclude by summarizing research opportunities that our survey elucidates.

show abstract

An active defense model based on situational awareness and firewalls

Xiao

et al. 2023

Concurrency and Computation

View full text Add to dashboard Cite

With the rapid development of the internet, cyberspace security issues have become increasingly prominent. The importance of constructing a cyberspace security system is self-evident, but compared with attackers, defenders in cyberspace are in a castle-like passive defense state in most cases. Therefore, building a reliable, accurate, timely, and active defense system is challenging. The key is to accurately focus on defense priorities, the anticipation of attackers who will likely succeed, and blocking attacks in a timely manner. In this article, we propose an active defense model based on the interaction of situational awareness and firewalls. First, by biasing the integrity, confidentiality, and availability of assets to get the score of assets, and using the Common Vulnerability Scoring System to assess the threat level of assets, we combine the two to determine the maximum system damage that the asset will suffer if it is lost, and then focus on defense. Meanwhile, log analysis of the network situational awareness platform can predict successful attackers, and then the linked firewall strategy can block these attacks in time before the attackers obtain attack gains. After that, we force the attackers to give up their attacks on the target by increasing the attack cost.We compared our model with iptables auto-blocking and nginx auto-blocking, and our model excelled them across the board in terms of comprehensiveness and false positive rate. The experimental results verify thar our active defense model proposed in this article can better reduce the defense cost and increase the attack cost, thus achieving the relatively defense goal. K E Y W O R D Sactive defense, cyber attack and defense, defense cost, game theory INTRODUCTIONWith the development of information technology, cyberspace has become the fifth space after "land, sea, air, and sky", and the security of cyberspace is directly related to the sovereign security of the country. Cyber attack and defense have become hot spots in current cybersecurity research. The objectives of cyber attackers include collecting information about a target, paralyzing the target service, entering the target and stealing data, while the objectives of cyber defenders are to keep the service running normally and stop attackers. Scanning of the target system is something that a cyber attacker must do before launching cyber attacks, which helps the attacker gain access to exploitable vulnerabilities in the target system to compromise the network. The purpose of such a scan is to understand the configurations of target systems, including but not limited to the target system's operating system, IP address, running services, software versions, existing common vulnerabilities & exposures(CVEs), weak passwords, and so on. How to prevent attackers from obtaining the scan results or prevent the attacker from using the scan results for other benefits is the goal

show abstract

Defending Against Advanced Persistent Threats Using Game-Theory

Cited by 84 publications

References 58 publications

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems

A Survey of Moving Target Defenses for Network Security

An active defense model based on situational awareness and firewalls

Contact Info

Product

Resources

About