The Partially Observable Games We Play for Cyber Deception

Progressively intricate cyber infiltration mechanisms have made conventional means of defense, such as firewalls and malware detectors, incompetent. These sophisticated infiltration mechanisms can study the defender's behavior, identify security caveats, and modify their actions adaptively. To tackle these security challenges, cyber-infrastructures require active defense techniques that incorporate cyber deception, in which the defender (deceiver) implements a strategy to mislead the infiltrator. To this end, we use a two-player partially observable stochastic game (POSG) framework, wherein the deceiver has full observability over the states of the POSG, and the infiltrator has partial observability. Then, the deception problem is to compute a strategy for the deceiver that minimizes the expected cost of deception against all strategies of the infiltrator. We first show that the underlying problem is a robust mixed-integer linear program, which is intractable to solve in general. Towards a scalable approach, we compute optimal finite-memory strategies for the infiltrator by a reduction to a series of synthesis problems for parametric Markov decision processes. We use these infiltration strategies to find robust strategies for the deceiver using mixed-integer linear programming. We illustrate the performance of our technique on a POSG model for network security. Our experiments demonstrate that the proposed approach handles scenarios considerably larger than those of the state-of-the-art methods.

[1]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[2]  Ashish Tiwari,et al.  Learning and Verification of Feedback Control Systems using Feedforward Neural Networks , 2018, ADHS.

[3]  Sebastian Junges,et al.  Synthesis in pMDPs: A Tale of 1001 Parameters , 2018, ATVA.

[4]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[5]  Sebastian Stiller,et al.  Optimization over Integers with Robustness in Cost and Few Constraints , 2011, WAOA.

[6]  Laurent El Ghaoui,et al.  A tractable numerical strategy for robust MILP and application to energy management , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[7]  Shlomo Zilberstein,et al.  Dynamic Programming for Partially Observable Stochastic Games , 2004, AAAI.

[8]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[9]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[10]  Melvyn Sim,et al.  Robust discrete optimization and network flows , 2003, Math. Program..

[11]  Branislav Bosanský,et al.  Manipulating Adversary's Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security , 2017, GameSec.

[12]  Stephen P. Boyd,et al.  Variations and extension of the convex–concave procedure , 2016 .

[13]  A. Ben-Tal,et al.  Adjustable robust solutions of uncertain linear programs , 2004, Math. Program..

[14]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[15]  Krishnendu Chatterjee,et al.  What is decidable about partially observable Markov decision processes with ω-regular objectives , 2013, J. Comput. Syst. Sci..

[16]  Branislav Bosanský,et al.  Heuristic Search Value Iteration for One-Sided Partially Observable Stochastic Games , 2017, AAAI.

[17]  Lijun Zhang,et al.  Synthesis for PCTL in Parametric Markov Decision Processes , 2011, NASA Formal Methods.

[18]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[19]  B. Becker,et al.  Finite-State Controllers of POMDPs using Parameter Synthesis , 2018, UAI.

[20]  Donald C. Daniel,et al.  Strategic military deception , 1982 .

[21]  Jeff G. Schneider,et al.  Approximate solutions for partially observable stochastic games with common payoffs , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[22]  Quanyan Zhu,et al.  Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[23]  Shlomo Zilberstein,et al.  Dynamic Programming Approximations for Partially Observable Stochastic Games , 2009, FLAIRS.

[24]  Mark Fabro,et al.  Control Systems Cyber Security: Defense-in-Depth Strategies , 2006 .

[25]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[26]  Ashish Tiwari,et al.  Output Range Analysis for Deep Neural Networks , 2017, ArXiv.