Predictive defense against evolving adversaries

Adaptive adversaries are a primary concern in several domains, including cyber defense, border security, counterterrorism, and fraud prevention, and consequently there is great interest in developing defenses that maintain their effectiveness in the presence of evolving adversary strategies and tactics. This paper leverages the coevolutionary relationship between attackers and defenders to derive two new approaches to predictive defense, in which future attack techniques are anticipated and these insights are incorporated into defense designs. The first method combines game theory with machine learning to model and predict future adversary actions in the learner's “feature space”; these predictions form the basis for synthesizing robust defenses. The second approach to predictive defense involves extrapolating the evolution of defense configurations forward in time, in the space of defense parameterizations, as a way of generating defenses which work well against evolving threats. Case studies with a large cyber security dataset assembled for this investigation demonstrate that each method provides effective, scalable defense against current and future attacks, outperforming gold-standard techniques. Additionally, preliminary tests indicate that a simple variant of the proposed design methodology yields defenses which are difficult for adversaries to reverse-engineer.

[1]  Richard Colbaugh Arctic ice, george clooney, lipstick on a pig, and insomniac fruit flies: combining kd and m&s for predictive analysis , 2011, KDMS '11.

[2]  Mehran Bozorgi,et al.  Beyond heuristics: learning to classify vulnerabilities and predict exploits , 2010, KDD.

[3]  M. Dufwenberg Game theory. , 2011, Wiley interdisciplinary reviews. Cognitive science.

[4]  Christopher Krügel,et al.  Nexat: a history-based approach to predict attacker actions , 2011, ACSAC '11.

[5]  Richard Colbaugh,et al.  Predictive analysis for social processes I: Multi-scale hybrid system modeling , 2009, 2009 IEEE Control Applications, (CCA) & Intelligent Control, (ISIC).

[6]  Eric R. Ziegel,et al.  The Elements of Statistical Learning , 2003, Technometrics.

[7]  Richard Lippmann,et al.  Machine learning in adversarial environments , 2010, Machine Learning.

[8]  Richard Colbaugh,et al.  Proactive defense for evolving cyber threats , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[9]  Wu Yang,et al.  Using HMM for Intent Recognition in Cyber Security Situation Awareness , 2009, 2009 Second International Symposium on Knowledge Acquisition and Modeling.

[10]  Saeed Jalili,et al.  A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs , 2011, Comput. Networks.

[11]  Pedro M. Domingos,et al.  Adversarial classification , 2004, KDD.

[12]  Milind Tambe,et al.  GUARDS: game theoretic security allocation on a national scale , 2011, AAMAS.

[13]  Andrew B. Whinston,et al.  A Game Theoretic Model and Empirical Analysis of Spammer Strategies , 2010 .

[14]  Hsinchun Chen,et al.  Enhancing border security: Mutual information analysis to identify suspect vehicles , 2007, Decis. Support Syst..

[15]  Andrew Smith Improvised Explosive Devices in Iraq, 2003-09: A Case of Operational Surprise and Institutional Response , 2011 .

[16]  Eizo Akiyama,et al.  Chaos in learning a simple two-person game , 2002, Proceedings of the National Academy of Sciences of the United States of America.

[17]  Edward O. Williams,et al.  Surveillance and interdiction models : a game-theoretic approach to defend against VBIEDS , 2010 .

[18]  Erik M. Ferragut,et al.  Modeling cyber conflicts using an extended Petri Net formalism , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[19]  Harilaos N. Psaraftis,et al.  Container transportation as an interdependent security problem , 2010 .