Moving Target Defense for Web Applications using Bayesian Stackelberg Games: (Extended Abstract)

Vulnerabilities in web applications allow hackers to access and/or modify restricted data. Here the hackers have the opportunity to perform reconnaissance so as to gain knowledge about the web application layout before launching an attack, whereas the defender (administrator of the web application) must secure the application even with its potential vulnerabilities. In order to mask such vulnerabilities which are primarily associated with different individual configurations, Moving Target Defense systems were proposed wherein the defender switches between various configurations thereby making it difficult to attack with success, while maintaining a seamless experience for the genuine users. In this paper, we present a way to find effective switching strategies by modeling this ecosystem as a Bayesian Stackelberg game with the administrator as the leader and the hackers as the followers, which as we show succinctly captures various aspects of the Moving Target Defense systems. Furthermore, we propose ways to find the most critical vulnerabilities and the most sensitive attacker types, which are key issues in such scenarios.

[1]  Viliam Lisý,et al.  Game-Theoretic Foundations for the Strategic Use of Honeypots in Network Security , 2015, Cyber Warfare.

[2]  J. Nash NON-COOPERATIVE GAMES , 1951 .

[3]  Oren Etzioni,et al.  Sound and Efficient Closed-World Reasoning for Planning , 1997, Artif. Intell..

[4]  Milind Tambe,et al.  From Physical Security to Cyber Security ? , 2015 .

[5]  Manish Jain,et al.  Quality-bounded solutions for finite Bayesian Stackelberg games: scaling up , 2011, AAMAS.

[6]  Heinrich von Stackelberg Market Structure and Equilibrium , 2010 .

[7]  Milind Tambe,et al.  From physical security to cybersecurity , 2015, J. Cybersecur..

[8]  Chao Yang,et al.  NOMAD: Towards non-intrusive moving-target defense against web bots , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[9]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS.

[10]  Manish Jain,et al.  Computing optimal randomized resource allocations for massive security games , 2009, AAMAS.

[11]  Alexander V. Outkin,et al.  Evaluating Moving Target Defense with PLADD , 2015 .

[12]  Nathaniel Evans,et al.  Multiple OS rotational environment an implemented Moving Target Defense , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[13]  Michael P. Wellman,et al.  Gradient methods for stackelberg security games , 2016, UAI 2016.

[14]  Pratyusa K. Manadhata Game Theoretic Approaches to Attack Surface Shifting , 2013, Moving Target Defense.

[15]  Joel Spencer,et al.  A deception game , 1973 .

[16]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[17]  Christopher Krügel,et al.  Toward Automated Detection of Logic Vulnerabilities in Web Applications , 2010, USENIX Security Symposium.

[18]  Oren Etzioni,et al.  Tractable Closed World Reasoning with Updates , 1994, KR.

[19]  G. Leitmann On generalized Stackelberg strategies , 1978 .

[20]  Yu Li,et al.  Morphing communications of Cyber-Physical Systems towards moving-target defense , 2014, 2014 IEEE International Conference on Communications (ICC).

[21]  Vincent Conitzer,et al.  Complexity of Computing Optimal Stackelberg Strategies in Security Resource Allocation Games , 2010, AAAI.

[22]  Milind Tambe,et al.  Approximation methods for infinite Bayesian Stackelberg games: modeling distributional payoff uncertainty , 2011, AAMAS.

[23]  Siv Hilde Houmb,et al.  Quantifying security risk level from CVSS estimates of frequency and impact , 2010, J. Syst. Softw..

[24]  Michael P. Wellman,et al.  Empirical Game-Theoretic Analysis for Moving Target Defense , 2015, MTD@CCS.

[25]  R. Selten,et al.  A Generalized Nash Solution for Two-Person Bargaining Games with Incomplete Information , 1972 .

[26]  Milind Tambe,et al.  GUARDS: game theoretic security allocation on a national scale , 2011, AAMAS.

[27]  Nicola Basilico,et al.  Leader-follower strategies for robotic patrolling in environments with arbitrary topologies , 2009, AAMAS.

[28]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[29]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[30]  Christopher Krügel,et al.  Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[31]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[32]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[33]  Christopher Krügel,et al.  deDacota: toward preventing server-side XSS via automatic code and data separation , 2013, CCS.

[34]  Salvatore J. Stolfo,et al.  Symbiotes and defensive Mutualism: Moving Target Defense , 2011, Moving Target Defense.

[35]  Christopher Krügel,et al.  Static analysis for detecting taint-style vulnerabilities in web applications , 2010, J. Comput. Secur..

[36]  Christopher Krügel,et al.  Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner , 2012, USENIX Security Symposium.

[37]  Milind Tambe,et al.  Unleashing Dec-MDPs in Security Games: Enabling Effective Defender Teamwork , 2014, ECAI.

[38]  Kevin M. Carter,et al.  A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses , 2014, MTD '14.

[39]  Sarit Kraus,et al.  Robust solutions to Stackelberg games: Addressing bounded rationality and limited observations in human cognition , 2010, Artif. Intell..

[40]  Marthony Taguinod,et al.  Toward a Moving Target Defense for Web Applications , 2015, 2015 IEEE International Conference on Information Reuse and Integration.

[41]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[42]  Bo An,et al.  PROTECT: a deployed game theoretic system to protect the ports of the United States , 2012, AAMAS.

[43]  Vincent Conitzer,et al.  Learning and Approximating the Optimal Strategy to Commit To , 2009, SAGT.

[44]  Richard Ford,et al.  Moving-Target Defenses for Computer Networks , 2014, IEEE Security & Privacy.

[45]  Vincent Conitzer,et al.  Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness , 2011, J. Artif. Intell. Res..

[46]  Kevin M. Carter,et al.  Adaptive Attacker Strategy Development Against Moving Target Cyber Defenses , 2014, ArXiv.

[47]  Manish Jain,et al.  Security Games with Arbitrary Schedules: A Branch and Price Approach , 2010, AAAI.

[48]  Branislav Bosanský,et al.  Game-theoretic resource allocation for malicious packet detection in computer networks , 2012, AAMAS.

[49]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[50]  Christopher Krügel,et al.  Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[51]  I. Karimi,et al.  Piecewise MILP under‐ and overestimators for global optimization of bilinear programs , 2008 .

[52]  Kevin M. Carter,et al.  Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism , 2014, RAID.

[53]  Milind Tambe,et al.  Effective solutions for real-world Stackelberg games: when agents must deal with human uncertainties , 2009, AAMAS 2009.

[54]  Milind Tambe,et al.  Game-theoretic patrol strategies for transit systems: the TRUSTS system and its mobile app , 2013, AAMAS.

[55]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[56]  HoumbSiv Hilde,et al.  Quantifying security risk level from CVSS estimates of frequency and impact , 2010 .