Optimal Defense Strategy Selection for Spear-Phishing Attack Based on a Multistage Signaling Game

The integration of industrial control systems (ICS) with information technologies offers not only convenience but also creates security problems, from public networks to ICS. Spear-phishing attacks account for a considerable proportion of such security incidents. Therefore, there have been many studies about dealing with spear-phishing attacks. Most of these studies focus on studying strategies with better defense capabilities for spear-phishing attacks while neglecting the cost of implementing the strategies. However, a strategy with strong defense capabilities may not always be highly cost-effective. Moreover, considerable research has tended to consider the attacker and defender separately while ignoring the fact that the spear-phishing attack–defense process is a dynamic process of confrontation between the attacker and the defender. Actually, the deployment of defense strategies should comprehensively consider the defender’s condition and the adversary’s possible actions. Therefore, how to select the optimal strategy that defends against spear-phishing attacks with minimum overhead is a problem worthy of further study. Motivated by this consideration, we construct the multistage spear-phishing attack–defense signaling game model (MSPAD-SGM), which comprehensively considers the defense capability, the strategy cost, and the possible strategies of the two sides. Based on this model, we propose the optimal strategy selection algorithm for the spear-phishing attack–defense process. In addition, rather than numerical values, we adopt symbolic variables to quantify the payoffs and present a deep analysis of how the variation of payoffs influences the game result, which helps to reduce the subjectivity and improve the feasibility of our model. The simulation and deduction of the proposed approach are presented in a case study of MSPAD-SGM to demonstrate the feasibility and effectiveness of the proposed strategy’s optimal selection approach. Our method provides decision support for the spear-phishing attack–defense process and improves the dynamic analysis efficiency of defense decision-making.

[1]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[2]  Afrand Agah,et al.  Preventing DoS Attacks in Wireless Sensor Networks: A Repeated Game Theory Approach , 2007, Int. J. Netw. Secur..

[3]  Yevgeniy Vorobeychik,et al.  Multi-Defender Strategic Filtering Against Spear-Phishing Attacks , 2016, AAAI.

[4]  Jiang Wei Evaluating Network Security and Optimal Active Defense Based on Attack-Defense Game Model , 2009 .

[5]  Tian Zhihong,et al.  Research on Defense Strategies Selection Based on Attack-Defense Stochastic Game Model , 2010 .

[6]  Peng Liu,et al.  Using Signaling Games to Model the Multi-step Attack-Defense Scenarios on Confidentiality , 2012, GameSec.

[7]  Liangzhong Yao,et al.  Electric grid vulnerability assessment under attack-defense scenario based on game theory , 2013, 2013 IEEE PES Asia-Pacific Power and Energy Engineering Conference (APPEEC).

[8]  Yuchen Zhang,et al.  Attack-Defense Differential Game Model for Network Defense Strategy Selection , 2019, IEEE Access.

[9]  Cheng Lei,et al.  Optimal Strategy Selection for Moving Target Defense Based on Markov Game , 2017, IEEE Access.

[10]  Jindong Wang,et al.  Active defense strategy selection based on static Bayesian game , 2015 .

[11]  Xiao Ma,et al.  A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network , 2017, IEICE Trans. Inf. Syst..

[12]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[13]  Zhao Yang Dong,et al.  Exploring Reliable Strategies for Defending Power Systems Against Targeted Attacks , 2011, IEEE Transactions on Power Systems.

[14]  Hao Hu,et al.  Optimal Network Defense Strategy Selection Based on Incomplete Information Evolutionary Game , 2018, IEEE Access.

[15]  Zhu Han,et al.  Bad Data Injection Attack and Defense in Electricity Market Using Game Theory Study , 2012, IEEE Transactions on Smart Grid.

[16]  I. Dobson,et al.  Investment Planning for Electric Power Systems Under Terrorist Threat , 2010, IEEE Transactions on Power Systems.

[17]  Lu Liu,et al.  Incomplete information Markov game theoretic approach to strategy generation for moving target defense , 2018, Comput. Commun..

[18]  Wei He,et al.  A Game Theoretical Attack-Defense Model Oriented to Network Security Risk Assessment , 2008, CSSE.

[19]  Quanyan Zhu,et al.  Modeling and Analysis of Leaky Deception Using Signaling Games With Evidence , 2018, IEEE Transactions on Information Forensics and Security.

[20]  Jindong Wang,et al.  Markov Evolutionary Games for Network Defense Strategy Selection , 2017, IEEE Access.

[21]  Yevgeniy Vorobeychik,et al.  Optimal Personalized Filtering Against Spear-Phishing Attacks , 2015, AAAI.

[22]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[23]  D. Fudenberg,et al.  Perfect Bayesian equilibrium and sequential equilibrium , 1991 .

[24]  Xiang Gao,et al.  DDoS Defense Mechanism Analysis Based on Signaling Game Model , 2013, 2013 5th International Conference on Intelligent Human-Machine Systems and Cybernetics.

[25]  Jindong Wang,et al.  Markov Differential Game for Network Defense Decision-Making Method , 2018, IEEE Access.

[26]  Liu Yu,et al.  Performance Evaluation of Worm Attack and Defense Strategies Based on Static Bayesian Game , 2012 .