Defending Against Man-In-The-Middle Attack in Repeated Games

The Man-in-the-Middle (MITM) attack has become widespread in networks nowadays. The MITM attack would cause serious information leakage and result in tremendous loss to users. Previous work applies game theory to analyze the MITM attack-defense problem and computes the optimal defense strategy to minimize the total loss. It assumes that all defenders are cooperative and the attacker know defenders’ strategies beforehand. However, each individual defender is rational and may not have the incentive to cooperate. Furthermore, the attacker can hardly know defenders’ strategies ahead of schedule in practice. To this end, we assume that all defenders are self-interested and model the MITM attack-defense scenario as a simultaneous-move game. Nash equilibrium is adopted as the solution concept which is proved to be always unique. Given the impracticability of computing Nash equilibrium directly, we propose practical adaptive algorithms for the defenders and the attacker to learn towards the unique Nash equilibrium through repeated interactions. Simulation results show that the algorithms are able to converge to Nash equilibrium strategy efficiently.

[1]  D. Chandler,et al.  Introduction To Modern Statistical Mechanics , 1987 .

[2]  Manish Jain,et al.  Software Assistants for Randomized Patrol Planning for the LAX Airport Police and the Federal Air Marshal Service , 2010, Interfaces.

[3]  Bo An,et al.  PROTECT - A Deployed Game Theoretic System for Strategic Security Allocation for the United States Coast Guard , 2012, AI Mag..

[4]  C. Krishna Kumar,et al.  SAFETY MEASURES AGAINST MAN-IN-THE-MIDDLE ATTACK IN KEY EXCHANGE , 2012 .

[5]  Patrick Traynor,et al.  Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties , 2012, ESORICS.

[6]  Bo An,et al.  PROTECT: An Application of Computational Game Theory for the Security of the Ports of the United States , 2012, AAAI.

[7]  Bharat K. Bhargava,et al.  International journal of security and its applications , 2013 .

[8]  Vladik Kreinovich,et al.  Security games with interval uncertainty , 2013, AAMAS.

[9]  Praveen Kumar Mishra,et al.  ANALYSIS OF MITM ATTACK IN SECURE SIMPLE PAIRING , 2013 .

[10]  Yue-Bin Luo,et al.  Effectiveness of Port Hopping as a Moving Target Defense , 2014, 2014 7th International Conference on Security Technology.

[11]  Viliam Lisý,et al.  Online Learning Methods for Border Patrol Resource Allocation , 2014, GameSec.

[12]  Viliam Lisý,et al.  Combining Online Learning and Equilibrium Computation in Security Games , 2015, GameSec.

[13]  Baosheng Wang,et al.  Analysis of Port Hopping for Proactive Cyber Defense 1 , 2015 .

[14]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.

[15]  Nicholas R. Jennings,et al.  Playing Repeated Security Games with No Prior Knowledge , 2016, AAMAS.

[16]  Bo An,et al.  Optimizing Personalized Email Filtering Thresholds to Mitigate Sequential Spear Phishing Attacks , 2016, AAAI.

[17]  Christopher Kiekintveld,et al.  Bandits for Cybersecurity: Adaptive Intrusion Detection Using Honeypots , 2016, AAAI Workshop: Artificial Intelligence for Cyber Security.

[18]  Quanyan Zhu,et al.  Decision and Game Theory for Security , 2016, Lecture Notes in Computer Science.

[19]  Yevgeniy Vorobeychik,et al.  Multi-Defender Strategic Filtering Against Spear-Phishing Attacks , 2016, AAAI.

[20]  Bo An,et al.  Optimal Personalized Defense Strategy Against Man-In-The-Middle Attack , 2017, AAAI.