Game Theory with Learning for Cyber Security Monitoring

Recent attacks show that threats to cyber infrastructure are not only increasing in volume, but are getting more sophisticated. The attacks may comprise multiple actions that are hard to differentiate from benign activity, and therefore common detection techniques have to deal with high false positive rates. Because of the imperfect performance of automated detection techniques, responses to such attacks are highly dependent on human-driven decision-making processes. While game theory has been applied to many problems that require rational decisionmaking, we find limitation on applying such method on security games when the defender has limited information about the opponent's strategies and payoffs. In this work, we propose Q-Learning to react automatically to the adversarial behavior of a suspicious user to secure the system. This work compares variations of Q-Learning with a traditional stochastic game. Simulation results show the possibility of Naive Q-Learning, despite restricted information on opponents.

[1]  Roy A. Maxion,et al.  Masquerade detection augmented with error analysis , 2004, IEEE Transactions on Reliability.

[2]  Mary K. Vernon,et al.  Mapping Internet Sensors with Probe Response Attacks , 2005, USENIX Security Symposium.

[3]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[4]  Larry Samuelson,et al.  Choosing What to Protect: Strategic Defensive Allocation Against an Unknown Attacker , 2005 .

[5]  William H. Sanders,et al.  Ieee Transactions on Parallel and Distributed Systems Rre: a Game-theoretic Intrusion Response and Recovery Engine , 2022 .

[6]  Christos Faloutsos,et al.  Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining , 2013, ASONAM 2013.

[7]  L. Shapley,et al.  Stochastic Games* , 1953, Proceedings of the National Academy of Sciences.

[8]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[9]  Tansu Alpcan,et al.  Security Games with Incomplete Information , 2009, 2009 IEEE International Conference on Communications.

[10]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[11]  Joon S. Park,et al.  A game theoretic approach for modeling optimal data sharing on Online Social Networks , 2012, 2012 9th International Conference on Electrical Engineering, Computing Science and Automatic Control (CCE).

[12]  Peter Dayan,et al.  Q-learning , 1992, Machine Learning.

[13]  Joon S. Park,et al.  Game theoretic attack analysis in Online Social Network (OSN) services , 2013, 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2013).

[14]  Axel van Lamsweerde,et al.  Learning machine learning , 1991 .

[15]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[16]  Radu State,et al.  Applying game theory to analyze attacks and defenses in virtual coordinate systems , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[17]  Ravishankar K. Iyer,et al.  Preemptive intrusion detection: theoretical framework and real-world measurements , 2015, HotSoS.

[18]  Joon S. Park,et al.  Trusted Online Social Network (OSN) services with optimal data management , 2014, Comput. Secur..

[19]  Drew Fudenberg,et al.  Learning in Games , 1998 .

[20]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[21]  Joon S. Park,et al.  Social network attack simulation with honeytokens , 2014, Social Network Analysis and Mining.

[22]  Ravishankar K. Iyer,et al.  Towards an unified security testbed and security analytics framework , 2015, HotSoS.

[23]  Michael L. Littman,et al.  Markov Games as a Framework for Multi-Agent Reinforcement Learning , 1994, ICML.

[24]  R. Aumann,et al.  Unraveling in Guessing Games : An Experimental Study , 2007 .

[25]  Ravishankar K. Iyer,et al.  Analysis of security data from a large computing organization , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[26]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .

[27]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.