Optimal interdiction of attack plans

We present a Stackelberg game model of security in which the defender chooses a mitigation strategy that interdicts potential attack actions, and the attacker responds by computing an optimal attack plan that circumvents the deployed mitigations. First, we offer a general formulation for deterministic plan interdiction as a mixed-integer program, and use constraint generation to compute optimal solutions, leveraging state-of-the-art partial satisfaction planning techniques. We also present a greedy heuristic for this problem, and compare its performance with the optimal MILP-based approach. We then extend our framework to incorporate uncertainty about attacker's capabilities, costs, goals, and action execution uncertainty, and show that these extensions retain the basic structure of the deterministic plan interdiction problem. Introduction of more general models of planning uncertainty require us to model the attacker's problem as a general MDP, and demonstrate that the MDP interdiction problem can still be solved using the basic constraint generation framework.

[1]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[2]  Carlos Sarraute,et al.  Attack Planning in the Real World , 2013, ArXiv.

[3]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[4]  Alan W. McMasters,et al.  Optimal interdiction of a supply network , 1970 .

[5]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[6]  Milind Tambe,et al.  GUARDS: game theoretic security allocation on a national scale , 2011, AAMAS.

[7]  John N. Tsitsiklis,et al.  Introduction to linear optimization , 1997, Athena scientific optimization and computation series.

[8]  Subbarao Kambhampati,et al.  Effective Approaches for Partial Satisfaction (Over-Subscription) Planning , 2004, AAAI.

[9]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[10]  Jerzy A. Filar,et al.  Competitive Markov decision processes : with 57 illustrations , 1997 .

[11]  Dana S. Nau,et al.  On the Use of Integer Programming Models in AI Planning , 1999, IJCAI.

[12]  J. Filar,et al.  Competitive Markov Decision Processes , 1996 .

[13]  Mark S. Boddy,et al.  Course of Action Generation for Cyber Security Using Classical Planning , 2005, ICAPS.

[14]  Gerald G. Brown,et al.  Interdicting a Nuclear-Weapons Project , 2009, Oper. Res..

[15]  Cynthia A. Phillips,et al.  The network inhibition problem , 1993, STOC.

[16]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[17]  William H. Sanders,et al.  Ieee Transactions on Parallel and Distributed Systems Rre: a Game-theoretic Intrusion Response and Recovery Engine , 2022 .

[18]  Yixin Chen,et al.  Temporal Planning using Subgoal Partitioning and Resolution in SGPlan , 2006, J. Artif. Intell. Res..

[19]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[20]  J. Salmeron,et al.  Worst-Case Interdiction Analysis of Large-Scale Electric Power Grids , 2009, IEEE Transactions on Power Systems.

[21]  Karl N. Levitt,et al.  NetKuang - A Multi-Host Configuration Vulnerability Checker , 1996, USENIX Security Symposium.

[22]  Stefano Bistarelli,et al.  Strategic Games on Defense Trees , 2006, Formal Aspects in Security and Trust.

[23]  W. C. Turner,et al.  Optimal interdiction policy for a flow network , 1971 .