Optimizing Active Cyber Defense

Active cyber defense is one important defensive method for combating cyber attacks. Unlike traditional defensive methods such as firewall-based filtering and anti-malware tools, active cyber defense is based on spreading "white" or "benign" worms to combat against the attackers' malwares (i.e., malicious worms) that also spread over the network. In this paper, we initiate the study of {\em optimal} active cyber defense in the setting of strategic attackers and/or strategic defenders. Specifically, we investigate infinite-time horizon optimal control and fast optimal control for strategic defenders (who want to minimize their cost) against non-strategic attackers (who do not consider the issue of cost). We also investigate the Nash equilibria for strategic defenders and attackers. We discuss the cyber security meanings/implications of the theoretic results. Our study brings interesting open problems for future research.

[1]  M. Patrick Collins A Cost-Based Mechanism for Evaluating the Effectiveness of Moving Target Defenses , 2012, GameSec.

[2]  P. Van Mieghem,et al.  Virus Spread in Networks , 2009, IEEE/ACM Transactions on Networking.

[3]  Christos Faloutsos,et al.  Epidemic spreading in real networks: an eigenvalue viewpoint , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[4]  Jeffrey O. Kephart,et al.  Measuring and modeling computer virus prevalence , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Kendrick,et al.  Applications of Mathematics to Medical Problems , 1925, Proceedings of the Edinburgh Mathematical Society.

[6]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[7]  Shouhuai Xu,et al.  A Stochastic Model of Multivirus Dynamics , 2012, IEEE Transactions on Dependable and Secure Computing.

[8]  Tansu Alpcan,et al.  Network Security , 2010 .

[9]  Jens Grossklags,et al.  Blue versus Red: Towards a Model of Distributed Security Attacks , 2009, Financial Cryptography.

[10]  John S. Baras,et al.  Selfish Response to Epidemic Propagation , 2010, IEEE Transactions on Automatic Control.

[11]  A. M'Kendrick Applications of Mathematics to Medical Problems , 1925, Proceedings of the Edinburgh Mathematical Society.

[12]  Eitan Altman,et al.  A dynamic game solution to malware attack , 2011, 2011 Proceedings IEEE INFOCOM.

[13]  Daniel P. W. Ellis,et al.  White Worms Don't Work , 2006, Login: The Usenix Magazine.

[14]  Branislav Bosanský,et al.  Game Theoretic Model of Strategic Honeypot Selection in Computer Networks , 2012, GameSec.

[15]  Eitan Altman,et al.  Saddle-Point Strategies in Malware Attack , 2012, IEEE Journal on Selected Areas in Communications.

[16]  XuLi,et al.  Adaptive Epidemic Dynamics in Networks , 2014 .

[17]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[18]  Shouhuai Xu,et al.  A Stochastic Model of Active Cyber Defense Dynamics , 2015, Internet Math..

[19]  A.J. Ganesh,et al.  On the Race of Worms, Alerts, and Patches , 2008, IEEE/ACM Transactions on Networking.

[20]  Jun Xu,et al.  WORM vs. WORM: preliminary study of an active counter-attack mechanism , 2004, WORM '04.

[21]  Murat Kantarcioglu,et al.  A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model , 2010, GameSec.

[22]  Jay P. Kesan,et al.  Mitigative Counterstriking: Self-Defense and Deterrence in Cyberspace , 2011 .

[23]  M. Bardi,et al.  Optimal Control and Viscosity Solutions of Hamilton-Jacobi-Bellman Equations , 1997 .

[24]  Shouhuai Xu,et al.  Adaptive Epidemic Dynamics in Networks , 2013, ACM Trans. Auton. Adapt. Syst..

[25]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Shouhuai Xu,et al.  Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights , 2012, TAAS.

[27]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[28]  Christos Faloutsos,et al.  Epidemic thresholds in real networks , 2008, TSEC.

[29]  Herbert Lin Lifting the Veil on Cyber Offense , 2009, IEEE Security & Privacy.

[30]  Piet Van Mieghem,et al.  Protecting Against Network Infections: A Game Theoretic Perspective , 2009, IEEE INFOCOM 2009.