Attacker-Centric View of a Detection Game against Advanced Persistent Threats

Advanced persistent threats (APTs) are a major threat to cyber-security, causing significant financial and privacy losses each year. In this paper, cumulative prospect theory (CPT) is applied to study the interactions between a cyber system and an APT attacker when each of them makes subjective decisions to choose their scan interval and attack interval, respectively. Both the probability distortion effect and the framing effect are applied to model the deviation of subjective decisions of end-users from the objective decisions governed by expected utility theory, under uncertain attack durations in a pure-strategy game and scan interval in a mixed-strategy game. The CPT-based APT detection game incorporates both the probability weighting distortion and the framing effect of the subjective attacker and security agent of the cyber system, rather than discrete decision weights, as in earlier prospect theoretic study of APT detection. The Nash equilibria of the APT detection game are derived, showing that a subjective attacker becomes risk-seeking if the frame of reference for evaluating the utility is large, and becomes risk-averse if the frame of reference for evaluating the utility is small. A policy hill-climbing (PHC) based detection scheme is proposed to increase the policy uncertainty to fool the attacker in the dynamic game, and a “hotbooting” technique that exploits experiences in similar scenarios to initialize the quality values is developed to accelerate the learning speed of PHC-based detection. A practical example of a mobile network is presented to evaluate the performance of the proposed detection strategy. Simulation results show that the proposed strategy can improve detection performance with a higher data protection level and utilities of the cloud in the presence of an attacker compared with a standard Q-learning strategy.

[1]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[2]  Stefan Rass,et al.  Defending Against Advanced Persistent Threats Using Game-Theory , 2017, PloS one.

[3]  H. Vincent Poor,et al.  Cloud Storage Defense Against Advanced Persistent Threats: A Prospect Theoretic Study , 2017, IEEE Journal on Selected Areas in Communications.

[4]  D. Prelec The Probability Weighting Function , 1998 .

[5]  Quanyan Zhu,et al.  GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats , 2016, GameSec.

[6]  Ming Zhang,et al.  A Game Theoretic Model for Defending Against Stealthy Attacks with Limited Resources , 2015, GameSec.

[7]  Moshe Ben-Akiva,et al.  Adaptive route choices in risky traffic networks: A prospect theory approach , 2010 .

[8]  Man Hon Cheung,et al.  Spectrum investment with uncertainty based on prospect theory , 2014, 2014 IEEE International Conference on Communications (ICC).

[9]  Narayan B. Mandayam,et al.  Prospects in a wireless random access game , 2012, 2012 46th Annual Conference on Information Sciences and Systems (CISS).

[10]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[11]  Prasant Mohapatra,et al.  A Stackelberg Game and Markov Modeling of Moving Target Defense , 2017, GameSec.

[12]  Narayan B. Mandayam,et al.  Impact of end-user decisions on pricing in wireless networks under a multiple-user-single-provider setting , 2014, 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[13]  Yao Zhang,et al.  Risk decision analysis in emergency response: A method based on cumulative prospect theory , 2014, Comput. Oper. Res..

[14]  Walid Saad,et al.  Integrating energy storage into the smart grid: A prospect theoretic approach , 2014, 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[15]  Tansu Alpcan,et al.  Network Security , 2010 .

[16]  Sajal K. Das,et al.  Intrusion detection in sensor networks: a non-cooperative game approach , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[17]  Ambuj K. Singh,et al.  Topology Design Games and Dynamics in Adversarial Environments , 2017, IEEE Journal on Selected Areas in Communications.

[18]  A. Tversky,et al.  Prospect Theory : An Analysis of Decision under Risk Author ( s ) : , 2007 .

[19]  Ivan Seskar,et al.  Prospect Pricing in Cognitive Radio Networks , 2015, IEEE Transactions on Cognitive Communications and Networking.

[20]  A. Tversky,et al.  Advances in prospect theory: Cumulative representation of uncertainty , 1992 .

[21]  G. Harrison,et al.  Expected utility theory and prospect theory: one wedding and a decent funeral , 2009 .

[22]  Roger Piqueras Jover,et al.  Firecycle: A scalable test bed for large-scale LTE security research , 2014, 2014 IEEE International Conference on Communications (ICC).

[23]  Prasant Mohapatra,et al.  Dynamic defense strategy against advanced persistent threat with insiders , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[24]  Andrew W. Moore,et al.  Reinforcement Learning: A Survey , 1996, J. Artif. Intell. Res..

[25]  H. Vincent Poor,et al.  Cumulative prospect theoretic study of a cloud storage defense game against advanced persistent threats , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[26]  H. Vincent Poor,et al.  Prospect theoretic analysis of anti-jamming communications in cognitive radio networks , 2014, 2014 IEEE Global Communications Conference.

[27]  Walid Saad,et al.  Prospect theory for enhanced cyber-physical security of drone delivery systems: A network interdiction game , 2017, 2017 IEEE International Conference on Communications (ICC).

[28]  Witold Kinsner,et al.  Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification , 2016, IWSPA@CODASPY.

[29]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[30]  João Pedro Hespanha,et al.  Game Theoretic Stochastic Routing for Fault Tolerance and Security in Computer Networks , 2007, IEEE Transactions on Parallel and Distributed Systems.

[31]  Ming Zhang,et al.  Stealthy attacks and observable defenses: A game theoretic model under strict resource constraints , 2014, 2014 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[32]  Michael C. Fu,et al.  Cumulative Prospect Theory Meets Reinforcement Learning: Prediction and Control , 2015, ICML.

[33]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[34]  Marco Fiore,et al.  On a selfish caching game , 2009, PODC '09.

[35]  William H. Sanders,et al.  A Game-Theoretic Approach to Respond to Attacker Lateral Movement , 2016, GameSec.

[36]  Ronald L. Rivest,et al.  Defending against the Unknown Enemy: Applying FlipIt to System Security , 2012, GameSec.

[37]  Roger Piqueras Jover,et al.  Security attacks against the availability of LTE mobility networks: Overview and research directions , 2013, 2013 16th International Symposium on Wireless Personal Multimedia Communications (WPMC).

[38]  Peng Ning,et al.  Faster Learning and Adaptation in Security Games by Exploiting Information Asymmetry , 2016, IEEE Transactions on Signal Processing.

[39]  Jens Grossklags,et al.  A Behavioral Investigation of the FlipIt Game , 2013 .

[40]  Narayan B. Mandayam,et al.  When Users Interfere with Protocols: Prospect Theory in Wireless Networks using Random Access and Data Pricing as an Example , 2014, IEEE Transactions on Wireless Communications.

[41]  Weihua Liu,et al.  An order allocation model for the two-echelon logistics service supply chain based on cumulative prospect theory , 2013 .

[42]  Narayan B. Mandayam,et al.  Impact of end-user decisions on pricing in wireless networks , 2014, CISS.

[43]  H. Vincent Poor,et al.  Prospect Theoretic Analysis of Energy Exchange Among Microgrids , 2015, IEEE Transactions on Smart Grid.