Empirical Game-Theoretic Analysis for Moving Target Defense

The effectiveness of a moving target defense depends on how it is deployed through specific system operations over time, and how attackers may respond to this deployment. We define a generic cyber-defense scenario, and examine the interplay between attack and defense strategies using empirical game-theoretic techniques. In this approach, the scenario is defined procedurally by a simulator, and data derived from systematic simulation is used to induce a game model. We explore a space of 72 game instances, defined by differences in agent objectives, attack cost, and ability of the defender to detect attack actions. We observe a range of qualitative strategic behaviors, which vary in clear patterns across environmental conditions. In particular, we find that the efficacy of deterrent defense is critically sensitive to detection capability, and in the absence of perfect detection the defender is often driven to proactive moving-target actions.

[1]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[2]  Gábor Horváth,et al.  FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources , 2014, GameSec.

[3]  C. E. Lemke,et al.  Equilibrium Points of Bimatrix Games , 1964 .

[4]  H. Kuk On equilibrium points in bimatrix games , 1996 .

[5]  Michael P. Wellman,et al.  Empirical Game-Theoretic Analysis of an Adaptive Cyber-Defense Scenario (Preliminary Report) , 2014, GameSec.

[6]  Richard Colbaugh,et al.  Predictability-oriented defense against adaptive adversaries , 2012, 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[7]  Carlos Cid,et al.  Are We Compromised? Modelling Security Assessment Games , 2012, GameSec.

[8]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[9]  Andrew McLennan,et al.  Gambit: Software Tools for Game Theory , 2006 .

[10]  Aron Laszka,et al.  Mitigation of Targeted and Non-targeted Covert Attacks as a Timing Game , 2013, GameSec.

[11]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[12]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[13]  Kevin M. Carter,et al.  A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses , 2014, MTD '14.

[14]  Jens Grossklags,et al.  A Behavioral Investigation of the FlipIt Game , 2013 .

[15]  Ronald L. Rivest,et al.  Defending against the Unknown Enemy: Applying FlipIt to System Security , 2012, GameSec.

[16]  Aron Laszka,et al.  Mitigating Covert Compromises - A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks , 2013, WINE.

[17]  Shari Lawrence Pfleeger,et al.  Analyzing Computer Security - A Threat / Vulnerability / Countermeasure Approach , 2012 .

[18]  Viliam Lisý,et al.  Game-Theoretic Foundations for the Strategic Use of Honeypots in Network Security , 2015, Cyber Warfare.

[19]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[20]  Michael P. Wellman,et al.  EGTAOnline: An Experiment Manager for Simulation-Based Game Studies , 2012, MABS.

[21]  Maxim Raya,et al.  Security Games in Online Advertising: Can Ads Help Secure the Web? , 2010, WEIS.

[22]  Michael P. Wellman,et al.  Analyzing Incentives for Protocol Compliance in Complex Domains: A Case Study of Introduction-Based Routing , 2013, ArXiv.

[23]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.