Adversarial Dynamics: The Conficker Case Study

It is well known that computer and network security is an adversarial challenge. Attackers develop exploits and defenders respond to them through updates, service packs or other defensive measures. In non-adversarial situations, such as automobile safety, advances on one side are not countered by the other side and so progress can be demonstrated over time. In adversarial situations, advances by one side are countered by the other and so oscillatory performance typically emerges. This paper contains a detailed study of the coevolution of the Conficker Worm and associated defenses against it. It demonstrates, in concrete terms, that attackers and defenders each present moving targets to the other. After detailing specific adaptations of attackers and defenders in the context of Conficker and its variants, we briefly develop a quantitative model for explaining the coevolution based on what we call Quantitative Attack Graphs (QAG) which involve attackers selecting shortest paths through an attack graph with defenders investing in hardening the shortest path edges appropriately.

[1]  Tom Kellerman Cyber-Threat Proliferation: Today's Truly Pervasive Global Epidemic , 2010, IEEE Security & Privacy.

[2]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[3]  S. Hart,et al.  Uncoupled Dynamics Do Not Lead to Nash Equilibrium , 2003 .

[4]  Samuel Greengard The war against botnets , 2012, CACM.

[5]  George Cybenko,et al.  An analytic approach to cyber adversarial dynamics , 2012, Defense + Commercial Sensing.

[6]  Brendan Saltaformaggio,et al.  Using a novel behavioral stimuli-response framework to Defend against Adversarial Cyberspace Participants , 2011, 2011 3rd International Conference on Cyber Conflict.

[7]  J. Hofbauer,et al.  Evolutionary game dynamics , 2011 .

[8]  Hassen Saïdi,et al.  A Foray into Conficker's Logic and Rendezvous Points , 2009, LEET.

[9]  Mark Bowden Worm: The First Digital World War , 2011 .

[10]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[11]  Lawrence Carin,et al.  Cybersecurity Strategies: The QuERIES Methodology , 2008, Computer.

[12]  George Cybenko,et al.  Application of the replicator equation to decision-making processes in border security , 2012, Defense + Commercial Sensing.

[13]  D. Fudenberg,et al.  The Theory of Learning in Games , 1998 .

[14]  Sebastian van Strien,et al.  Fictitious play in 3×3 games: The transition between periodic and chaotic behaviour , 2008, Games Econ. Behav..

[15]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[16]  Guofei Gu,et al.  Conficker and beyond: a large-scale empirical study , 2010, ACSAC '10.

[17]  Daniel Bilar Degradation and Subversion through Subsystem Attacks , 2010, IEEE Security & Privacy.