Approximate Solutions for Attack Graph Games with Imperfect Information

We study the problem of network security hardening, in which a network administrator decides what security measures to use to best improve the security of the network. Specifically, we focus on deploying decoy services or hosts called honeypots. We model the problem as a general-sum extensive-form game with imperfect information and seek a solution in the form of Stackelberg Equilibrium. The defender seeks the optimal randomized honeypot deployment in a specific computer network, while the attacker chooses the best response as a contingency attack policy from a library of possible attacks compactly represented by attack graphs. Computing an exact Stackelberg Equilibrium using standard mixed-integer linear programming has a limited scalability in this game. We propose a set of approximate solution methods and analyze the trade-off between the computation time and the quality of the strategies calculated.

[1]  Vincent Conitzer,et al.  Computing optimal strategies to commit to in extensive-form games , 2010, EC '10.

[2]  Yevgeniy Vorobeychik,et al.  Optimal interdiction of attack plans , 2013, AAMAS.

[3]  Mahmoud T. Qassrawi,et al.  Deception Methodology in Virtual Honeypots , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[4]  Avrim Blum,et al.  Planning in the Presence of Cost Functions Controlled by an Adversary , 2003, ICML.

[5]  Vincent Conitzer,et al.  Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness , 2011, J. Artif. Intell. Res..

[6]  이영희 IN 과 CCS , 1989 .

[7]  Bernhard von Stengel,et al.  Extensive-Form Correlated Equilibrium: Definition and Computational Complexity , 2008, Math. Oper. Res..

[8]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[9]  Mark S. Boddy,et al.  Course of Action Generation for Cyber Security Using Classical Planning , 2005, ICAPS.

[10]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[11]  J. Meigs,et al.  WHO Technical Report , 1954, The Yale Journal of Biology and Medicine.

[12]  Carlos Sarraute,et al.  Attack Planning in the Real World , 2013, ArXiv.

[13]  Branislav Bosanský,et al.  Game Theoretic Model of Strategic Honeypot Selection in Computer Networks , 2012, GameSec.

[14]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[15]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[16]  Dock Bumpers,et al.  Volume 2 , 2005, Proceedings of the Ninth International Conference on Computer Supported Cooperative Work in Design, 2005..

[17]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  Michael L. Littman,et al.  Incremental Pruning: A Simple, Fast, Exact Method for Partially Observable Markov Decision Processes , 1997, UAI.

[19]  Roger Grimes,et al.  Honeypots for Windows , 2005 .

[20]  Tuomas Sandholm,et al.  Algorithms for Closed Under Rational Behavior (CURB) Sets , 2010, J. Artif. Intell. Res..

[21]  Milind Tambe,et al.  Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[22]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[23]  Branislav Bosanský,et al.  Optimal Network Security Hardening Using Attack Graph Games , 2015, IJCAI.

[24]  Xinming Ou,et al.  Identifying Critical Attack Assets in Dependency Attack Graphs , 2008, ESORICS.

[25]  M. Littman The Witness Algorithm: Solving Partially Observable Markov Decision Processes , 1994 .

[26]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[27]  Glen Henderson,et al.  MulVAL Extensions for Dynamic Asset Protection , 2006 .

[28]  D. Koller,et al.  Efficient Computation of Equilibria for Extensive Two-Person Games , 1996 .

[29]  David A. Schmidt,et al.  Aggregating vulnerability metrics in enterprise networks using attack graphs , 2013, J. Comput. Secur..

[30]  Branislav Bosanský,et al.  Sequence-Form Algorithm for Computing Stackelberg Equilibria in Extensive-Form Games , 2015, AAAI.

[31]  Branislav Bosanský,et al.  An Exact Double-Oracle Algorithm for Zero-Sum Extensive-Form Games with Imperfect Information , 2014, J. Artif. Intell. Res..

[32]  松本 晋一,et al.  第23回USENIX Security Symposium参加報告 , 2015 .

[33]  Vincent Conitzer,et al.  A double oracle algorithm for zero-sum security games on graphs , 2011, AAMAS.

[34]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[35]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[36]  S. Erfani,et al.  Journal of network and systems management , 2005, Journal of Network and Systems Management.

[37]  Vincent Conitzer,et al.  Commitment to Correlated Strategies , 2011, AAAI.

[38]  B. Bernheim Rationalizable Strategic Behavior , 1984 .

[39]  Sushil Jajodia,et al.  Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs , 2008, Journal of Network and Systems Management.

[40]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[41]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).