Game Theoretic Approaches to Protect Cyberspace

Abstract : The area of cyberspace defense mechanism design has received immense attention from the research community for more than two decades. However, the cyberspace security problem is far from completely solved. In this project we explored the applicability of game theoretic approaches to address some of the challenging cyber security issues: (a) We built a state-of-the-art attack taxonomy which can provide the system administrator with information on how to mitigate or remediate an attack, (b) We conducted a thorough survey of the existing game-theoretic solutions to cyber security problems and proposed a detailed taxonomy, which points out that this area requires more attention from the research community, (c) We proposed stochastic game models for generic cyber activities (attacks and defenses), which eliminate the unrealistic assumptions of the existing models. We validated the effectiveness of our model via extensive simulation, (d) We modeled the interaction between a class of attacks (such as the Denial of Service (DoS) and Distributed Denial of Service (DDoS)) and the possible countermeasures as a two-player general-sum game. We validated our analytical results via simulation experiments, (c) We compiled a set of metrics which can evaluate the cost and benefit of a game-theoretic defense solution. In addition, we have proposed a Game Theory Inspired Defense Architecture (GIDA).

[1]  J. Roos Residual risk management : a quantitative approach to information security , 2008 .

[2]  Jorma Jormakka,et al.  Modelling Information Warfare as a Game , 2005 .

[3]  A. Patcha,et al.  A game theoretic approach to modeling intrusion detection in mobile ad hoc networks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[4]  Tansu Alpcan,et al.  Nash equilibrium design and optimization , 2009, 2009 International Conference on Game Theory for Networks.

[5]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, S&P 1997.

[6]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[7]  G. Manimaran,et al.  Internet infrastructure security: a taxonomy , 2002, IEEE Netw..

[8]  William Hutchinson,et al.  Information Warfare: corporate attack and defence in a digital world , 2001 .

[9]  Karen A. Scarfone,et al.  Technical Guide to Information Security Testing and Assessment , 2008 .

[10]  Blaise Cronin,et al.  Information Warfare: Its Application in Military and Civilian Contexts , 1999, Inf. Soc..

[11]  Matthew C. Elder,et al.  Recent worms: a survey and trends , 2003, WORM '03.

[12]  Glenn A. Fink,et al.  A metrics-based approach to intrusion detection system evaluation for distributed real-time systems , 2002, Proceedings 16th International Parallel and Distributed Processing Symposium.

[13]  Tansu Alpcan,et al.  Stochastic games for security in networks with interdependent nodes , 2009, 2009 International Conference on Game Theory for Networks.

[14]  Chase Qishi Wu,et al.  An integrated cyber security monitoring system using correlation-based techniques , 2009, 2009 IEEE International Conference on System of Systems Engineering (SoSE).

[15]  Chase Qishi Wu,et al.  On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks , 2010, SpringSim.

[16]  Gustavo Carneiro,et al.  FlowMonitor: a network monitoring framework for the network simulator 3 (NS-3) , 2009, VALUETOOLS.

[17]  David A. Burke,et al.  Towards a Game Theory Model of Information Warfare , 2012 .

[18]  Carlos Sarraute,et al.  Simulation of Computer Network Attacks , 2010, ArXiv.

[19]  Matt Bishop,et al.  Checking for Race Conditions in File Accesses , 1996, Comput. Syst..

[20]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[21]  Michael L. Littman,et al.  Markov Games as a Framework for Multi-Agent Reinforcement Learning , 1994, ICML.

[22]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[23]  Zhang Shiyong,et al.  A kind of network security behavior model based on game theory , 2003, Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies.

[24]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[25]  Jean Goubault-Larrecq,et al.  A Logical Framework for Evaluating Network Resilience Against Faults and Attacks , 2007, ASIAN.

[26]  Wei Sun,et al.  Information Security Investment Game with Penalty Parameter , 2008, 2008 3rd International Conference on Innovative Computing Information and Control.

[27]  N. Bambos,et al.  Security investment games of interdependent organizations , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[28]  Samuel N. Hamilton,et al.  The Role of Game Theory in Information Warfare , 2002 .

[29]  Steven M. Bellovin On the Brittleness of Software and the Infeasibility of Security Metrics , 2006, IEEE Security & Privacy Magazine.

[30]  T. Basar,et al.  Intrusion Response as a Resource Allocation Problem , 2006, Proceedings of the 45th IEEE Conference on Decision and Control.

[31]  Maria Kjaerland,et al.  A taxonomy and comparison of computer security incidents from the commercial and government sectors , 2006, Comput. Secur..

[32]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[33]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[34]  George W. Bush,et al.  National Strategy to Secure Cyberspace , 2003 .

[35]  Dmitri Nizovtsev,et al.  Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies , 2006, WEIS.

[36]  Chuanyi Ji,et al.  Modeling and defending against internet worm attacks , 2007 .

[37]  Qishi Wu,et al.  A Stochastic Game Model with Imperfect Information in Cyber Security , 2010 .

[38]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[39]  Qishi Wu,et al.  AVOIDIT: A Cyber Attack Taxonomy , 2009 .

[40]  J. Nocedal,et al.  A sequential quadratic programming algorithm with an additional equality constrained phase , 2012 .

[41]  Michael Simonyi Directions in Security , 2002 .

[42]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[43]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[44]  J. Filar,et al.  Competitive Markov Decision Processes , 1996 .

[45]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[46]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.

[47]  Reijo Savola,et al.  A Novel Security Metrics Taxonomy for R&D Organisations , 2008, ISSA.

[48]  Lawrence Carin,et al.  Cybersecurity The QuERIES Methodology , 2008 .

[49]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[50]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[51]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[52]  Tansu Alpcan,et al.  Security Games with Incomplete Information , 2009, 2009 IEEE International Conference on Communications.

[53]  D. L. Lough,et al.  A taxonomy of computer attacks with applications to wireless networks , 2001 .

[54]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[55]  Niels Kjølstad Poulsen,et al.  A Trust-region-based Sequential Quadratic Programming Algorithm , 2010 .

[56]  Samuel N. Hamilton,et al.  Challenges in Applying Game Theory to the Domain of Information Warfare , 2001 .

[57]  Kymie M. C. Tan,et al.  A defense-centric taxonomy based on attack manifestations , 2004, International Conference on Dependable Systems and Networks, 2004.

[58]  Hongsheng Xi,et al.  A Markov Game Theory-Based Risk Assessment Model for Network Information System , 2008, 2008 International Conference on Computer Science and Software Engineering.

[59]  Wei He,et al.  A Game Theoretical Attack-Defense Model Oriented to Network Security Risk Assessment , 2008, CSSE.

[60]  David M. Nicol,et al.  RINSE: the real-time immersive network simulation environment for network security exercises , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[61]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[62]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[63]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[64]  Chase Qishi Wu,et al.  Design and Validation of PATRICIA for the Mitigation of Network Flooding Attacks , 2009, 2009 International Conference on Computational Science and Engineering.

[65]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[66]  Wei Sun,et al.  Information Security Problem Research Based on Game Theory , 2008, 2008 International Symposium on Electronic Commerce and Security.

[67]  Ness B. Shroff,et al.  Emulation versus simulation: a case study of TCP-targeted denial of service attacks , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..

[68]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.