Incentive-based modeling and inference of attacker intent, objectives, and strategies

Although the ability to model and infer Attacker Intent, Objectives and Strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this paper, we present a general incentive-based method to model AIOS and a game theoretic approach to infer AIOS. On one hand, we found that the concept of incentives can unify a large variety of attacker intents; the concept of utilities can integrate incentives and costs in such a way that attacker objectives can be practically modeled. On the other hand, we developed a game theoretic AIOS formalization which can capture the inherent inter-dependency between AIOS and defender objectives and strategies in such a way that AIOS can be automatically inferred. Finally, we use a specific case study to show how AIOS can be inferred in real world attack-defense scenarios.

[1]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[2]  William Vickrey,et al.  Counterspeculation, Auctions, And Competitive Sealed Tenders , 1961 .

[3]  A. M. Fink,et al.  Equilibrium in a stochastic $n$-person game , 1964 .

[4]  E. H. Clarke Multipart pricing of public goods , 1971 .

[5]  Theodore Groves,et al.  Incentives in Teams , 1973 .

[6]  Michael Mesterton-Gibbons,et al.  An introduction to game-theoretic modelling , 2019 .

[7]  Frank Thuijsman,et al.  Optimality and equilibria in stochastic games , 1992 .

[8]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[9]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[10]  John Cubbin,et al.  Optimality and Equilibria in Stochastic Games , 1994 .

[11]  A. Mas-Colell,et al.  Microeconomic Theory , 1995 .

[12]  Paul F. Syverson,et al.  A different look at secure distributed computation , 1997, Proceedings 10th Computer Security Foundations Workshop.

[13]  Michael K. Reiter,et al.  Secure execution of Java applets using a remote playground , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[14]  R. Browne C4I defensive infrastructure for survivability against multi-mode attacks , 2000, MILCOM 2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information Superiority (Cat. No.00CH37155).

[15]  Sushil Jajodia,et al.  Intrusion Confinement by Isolation in Information Systems , 2000, J. Comput. Secur..

[16]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[17]  Michael P. Wellman,et al.  Auction Protocols for Decentralized Scheduling , 2001, Games Econ. Behav..

[18]  Lawrence A. Gordon,et al.  Using information security as a response to competitor analysis systems , 2001, CACM.

[19]  Anukool Lakhina,et al.  An approach to universal topology gen-eration , 2001 .

[20]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[21]  William A. Arbaugh,et al.  A trend analysis of exploitations , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[22]  Joao P. Hespanha,et al.  Preliminary results in routing games , 2001, Proceedings of the 2001 American Control Conference. (Cat. No.01CH37148).

[23]  Daphne Koller,et al.  Multi-Agent Influence Diagrams for Representing and Solving Games , 2001, IJCAI.

[24]  Ibrahim Matta,et al.  BRITE: an approach to universal topology generation , 2001, MASCOTS 2001, Proceedings Ninth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[25]  Wenke Lee,et al.  Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection , 2001 .

[26]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[27]  Peng Ning,et al.  Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[28]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[29]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[30]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[31]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[32]  Vincent Conitzer,et al.  Complexity Results about Nash Equilibria , 2002, IJCAI.

[33]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[34]  Joan Feigenbaum,et al.  A BGP-based mechanism for lowest-cost routing , 2002, PODC '02.

[35]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .