Strategic Learning for Active, Adaptive, and Autonomous Cyber Defense

The increasing instances of advanced attacks call for a new defense paradigm that is active, autonomous, and adaptive, named as the \texttt{`3A'} defense paradigm. This chapter introduces three defense schemes that actively interact with attackers to increase the attack cost and gather threat information, i.e., defensive deception for detection and counter-deception, feedback-driven Moving Target Defense (MTD), and adaptive honeypot engagement. Due to the cyber deception, external noise, and the absent knowledge of the other players' behaviors and goals, these schemes possess three progressive levels of information restrictions, i.e., from the parameter uncertainty, the payoff uncertainty, to the environmental uncertainty. To estimate the unknown and reduce uncertainty, we adopt three different strategic learning schemes that fit the associated information restrictions. All three learning schemes share the same feedback structure of sensation, estimation, and actions so that the most rewarding policies get reinforced and converge to the optimal ones in autonomous and adaptive fashions. This work aims to shed lights on proactive defense strategies, lay a solid foundation for strategic learning under incomplete information, and quantify the tradeoff between the security and costs.

[1]  Quanyan Zhu,et al.  Dynamic Interference Minimization Routing Game for On-Demand Cognitive Pilot Channel , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[2]  Quanyan Zhu,et al.  Heterogeneous learning in zero-sum stochastic games with incomplete information , 2011, 49th IEEE Conference on Decision and Control (CDC).

[3]  Quanyan Zhu,et al.  A game-theoretical approach to incentive design in collaborative intrusion detection networks , 2009, 2009 International Conference on Game Theory for Networks.

[4]  Quanyan Zhu,et al.  A cyber-physical game framework for secure and resilient multi-agent autonomous systems , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[5]  Quanyan Zhu,et al.  Analysis and Computation of Adaptive Defense Strategies Against Advanced Persistent Threats for Cyber-Physical Systems , 2018, GameSec.

[6]  Quanyan Zhu,et al.  PHY-layer location privacy-preserving access point selection mechanism in next-generation wireless networks , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[7]  Quanyan Zhu,et al.  A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks , 2017, IEEE Journal on Selected Areas in Communications.

[8]  Brian Hay,et al.  A methodology for intelligent honeypot deployment and active engagement of attackers , 2012 .

[9]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[10]  Diana Marculescu,et al.  Distributed reinforcement learning for power limited many-core system performance optimization , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[11]  Oscar Serrano Serrano,et al.  Changing the game: The art of deceiving sophisticated attackers , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[12]  Quanyan Zhu,et al.  Tragedy of Anticommons in Digital Right Management of Medical Records , 2012, HealthSec.

[13]  Quanyan Zhu,et al.  Network Security Configurations: A Nonzero-Sum Stochastic Game Approach , 2010, Proceedings of the 2010 American Control Conference.

[14]  Quanyan Zhu,et al.  Modeling and Analysis of Leaky Deception Using Signaling Games With Evidence , 2018, IEEE Transactions on Information Forensics and Security.

[15]  Daniel Grosu,et al.  A Game Theoretic Investigation of Deception in Network Security , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[16]  Quanyan Zhu,et al.  Deceptive Routing in Relay Networks , 2012, GameSec.

[17]  Quanyan Zhu,et al.  GUIDEX: A Game-Theoretic Incentive-Based Mechanism for Intrusion Detection Networks , 2012, IEEE Journal on Selected Areas in Communications.

[18]  Quanyan Zhu,et al.  Strategic Defense Against Deceptive Civilian GPS Spoofing of Unmanned Aerial Vehicles , 2017, GameSec.

[19]  Azer Bestavros,et al.  Markov Modeling of Moving Target Defense Games , 2016, MTD@CCS.

[20]  Quanyan Zhu,et al.  Optimal Timing in Dynamic and Robust Attacker Engagement During Advanced Persistent Threats , 2017, 2019 International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOPT).

[21]  Quanyan Zhu,et al.  Dynamic policy-based IDS configuration , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[22]  Quanyan Zhu,et al.  Hybrid Learning in Stochastic Games and Its Application in Network Security , 2013 .

[23]  Quanyan Zhu,et al.  A Large-Scale Markov Game Approach to Dynamic Protection of Interdependent Infrastructure Networks , 2017, GameSec.

[24]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[25]  Quanyan Zhu,et al.  Attack-Aware Cyber Insurance for Risk Sharing in Computer Networks , 2015, GameSec.

[26]  Frank J. Stech,et al.  Integrating Cyber-D&D into Adversary Modeling for Active Cyber Defense , 2016, Cyber Deception.

[27]  Daniel Kudenko,et al.  Multi-Agent Reinforcement Learning for Intrusion Detection: A case study and evaluation , 2008, ECAI.

[28]  Peter Stone,et al.  Transfer Learning for Reinforcement Learning Domains: A Survey , 2009, J. Mach. Learn. Res..

[29]  Quanyan Zhu,et al.  Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks , 2018, IEEE Transactions on Information Forensics and Security.

[30]  Quanyan Zhu,et al.  Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense , 2013, GameSec.

[31]  Quanyan Zhu,et al.  Secure and practical output feedback control for cloud-enabled cyber-physical systems , 2017, 2017 IEEE Conference on Communications and Network Security (CNS).

[32]  Quanyan Zhu,et al.  Distributed Privacy-Preserving Collaborative Intrusion Detection Systems for VANETs , 2018, IEEE Transactions on Signal and Information Processing over Networks.

[33]  Quanyan Zhu,et al.  Adaptive Strategic Cyber Defense for Advanced Persistent Threats in Critical Infrastructure Networks , 2018, PERV.

[34]  Sajal K. Das,et al.  gPath: A Game-Theoretic Path Selection Algorithm to Protect Tor's Anonymity , 2010, GameSec.

[35]  Quanyan Zhu,et al.  A Stackelberg game perspective on the conflict between machine learning and data obfuscation , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[36]  Quanyan Zhu,et al.  Resilient control of cyber-physical systems against Denial-of-Service attacks , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[37]  Quanyan Zhu,et al.  Security as a Service for Cloud-Enabled Internet of Controlled Things Under Advanced Persistent Threats: A Contract Design Approach , 2017, IEEE Transactions on Information Forensics and Security.

[38]  John C. Harsanyi,et al.  Games with Incomplete Information Played by "Bayesian" Players, I-III: Part I. The Basic Model& , 2004, Manag. Sci..

[39]  Quanyan Zhu,et al.  Deceptive routing games , 2012, 2012 IEEE 51st IEEE Conference on Decision and Control (CDC).

[40]  Petar M. Djuric,et al.  Distributed Bayesian learning in multiagent systems: Improving our understanding of its capabilities and limitations , 2012, IEEE Signal Processing Magazine.

[41]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[42]  Quanyan Zhu,et al.  A Dynamic Game Analysis and Design of Infrastructure Network Protection and Recovery: 125 , 2017, PERV.

[43]  Craig Boutilier,et al.  Coordination in multiagent reinforcement learning: a Bayesian approach , 2003, AAMAS '03.

[44]  Quanyan Zhu,et al.  A hybrid stochastic game for secure control of cyber-physical systems , 2018, Autom..

[45]  Quanyan Zhu,et al.  Epidemic Protection Over Heterogeneous Networks Using Evolutionary Poisson Games , 2017, IEEE Transactions on Information Forensics and Security.

[46]  Quanyan Zhu,et al.  Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks , 2012, 2012 IEEE 51st IEEE Conference on Decision and Control (CDC).

[47]  Frank J. Stech,et al.  Active cyber defense with denial and deception: A cyber-wargame experiment , 2013, Comput. Secur..

[48]  Pedro García-Teodoro,et al.  R-Locker: Thwarting ransomware action through a honeyfile-based approach , 2018, Comput. Secur..

[49]  Quanyan Zhu,et al.  Deployment and exploitation of deceptive honeybots in social networks , 2012, 52nd IEEE Conference on Decision and Control.

[50]  Quanyan Zhu,et al.  A Dynamic Games Approach to Proactive Defense Strategies against Advanced Persistent Threats in Cyber-Physical Systems , 2019, Comput. Secur..

[51]  Quanyan Zhu,et al.  Cross-layer secure cyber-physical control system design for networked 3D printers , 2016, 2016 American Control Conference (ACC).

[52]  Quanyan Zhu,et al.  A Dynamic Bayesian Security Game Framework for Strategic Defense Mechanism Design , 2014, GameSec.

[53]  Quanyan Zhu,et al.  GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats , 2016, GameSec.

[54]  Quanyan Zhu,et al.  Distributed strategic learning with application to network security , 2011, Proceedings of the 2011 American Control Conference.

[55]  Quanyan Zhu,et al.  Compliance Control: Managed Vulnerability Surface in Social-Technological Systems via Signaling Games , 2015, MIST@CCS.

[56]  Quanyan Zhu,et al.  A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy , 2017, ACM Comput. Surv..

[57]  Rui Zhang,et al.  Attack-Aware Cyber Insurance of Interdependent Computer Networks , 2016 .

[58]  Quanyan Zhu,et al.  A Game-Theoretic Approach to Secure Control of Communication-Based Train Control Systems Under Jamming Attacks , 2017, SCAV@CPSWeek.

[59]  Hongbo Zhu,et al.  Deceptive Attack and Defense Game in Honeypot-Enabled Networks for the Internet of Things , 2016, IEEE Internet of Things Journal.

[60]  Quanyan Zhu,et al.  Interference Aware Routing Game for Cognitive Radio Multi-Hop Networks , 2012, IEEE Journal on Selected Areas in Communications.

[61]  Quanyan Zhu,et al.  A Stochastic Game Model for Jamming in Multi-Channel Cognitive Radio Systems , 2010, 2010 IEEE International Conference on Communications.

[62]  Quanyan Zhu,et al.  Adaptive Honeypot Engagement through Reinforcement Learning of Semi-Markov Decision Processes , 2019, GameSec.

[63]  H. Vincent Poor,et al.  Security Games With Unknown Adversarial Strategies , 2016, IEEE Transactions on Cybernetics.

[64]  Quanyan Zhu,et al.  Dynamic Differential Privacy for ADMM-Based Distributed Classification Learning , 2017, IEEE Transactions on Information Forensics and Security.