Mitigating Covert Compromises - A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two main types: targeted and non-targeted attacks. Targeted attacks include, for example, cyberespionage, while non-targeted attacks include botnet recruitment. We are concerned with the subclass of these attacks for which detection is too costly or technically infeasible given the capabilities of a typical organization. As a result, defenders have to mitigate potential damages under a regime of incomplete information. A primary mitigation strategy is to reset potentially compromised resources to a known safe state, for example, by reinstalling computer systems, and changing passwords or cryptographic private keys. In a game-theoretic framework, we study the economically optimal mitigation strategies in the presence of targeted and non-targeted covert attacks. Our work has practical implications for the definition of security policies, in particular, for password and key renewal schedules.

[1]  Eoghan Casey Determining Intent — Opportunistic vs Targeted Attacks , 2003 .

[2]  Aron Laszka,et al.  A Survey of Interdependent Security Games Working paper , 2012 .

[3]  Tadeusz Radzik RESULTS AND PROBLEMS IN GAMES OF TIMING , 1996 .

[4]  Carlos Cid,et al.  Are We Compromised? Modelling Security Assessment Games , 2012, GameSec.

[5]  Jens Grossklags,et al.  A Behavioral Investigation of the FlipIt Game , 2013 .

[6]  Jens Grossklags,et al.  Risk-Seeking in a Continuous Game of Timing , 2013 .

[7]  Cormac Herley,et al.  The Plight of the Targeted Attacker in a World of Scale , 2010, WEIS.

[8]  Sushil Jajodia,et al.  Computer Security – ESORICS 2013 , 2013, Lecture Notes in Computer Science.

[9]  L. Shapley,et al.  Statistics, probability, and game theory : papers in honor of David Blackwell , 1999 .

[10]  Gábor Horváth,et al.  FlipThem: Modeling Targeted Attacks with FlipIt for Multiple Resources , 2014, GameSec.

[11]  Rainer Böhme,et al.  Security Games with Market Insurance , 2011, GameSec.

[12]  Bart Preneel,et al.  Computer Security - ESORICS 2010, 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. Proceedings , 2010, ESORICS.

[13]  Levente Buttyán,et al.  The Cousins of Stuxnet: Duqu, Flame, and Gauss , 2012, Future Internet.

[14]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[15]  Aron Laszka,et al.  Mitigation of Targeted and Non-targeted Covert Attacks as a Timing Game , 2013, GameSec.

[16]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[17]  John S. Baras,et al.  Decision and Game Theory for Security , 2010, Lecture Notes in Computer Science.

[18]  Rainer Böhme,et al.  Managing the Weakest Link - A Game-Theoretic Approach for the Mitigation of Insider Threats , 2013, ESORICS.

[19]  Nicolas Christin,et al.  Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information , 2010, ESORICS.

[20]  Ronald L. Rivest,et al.  Defending against the Unknown Enemy: Applying FlipIt to System Security , 2012, GameSec.