A Game Theoretic Software Test-bed for Cyber Security Analysis of Critical Infrastructure

National critical infrastructures are vital to the functioning of modern societies and economies. The dependence on these infrastructures is so succinct that their incapacitation or destruction has a debilitating and cascading effect on national security. Critical infrastructure sectors ranging from financial services to power and transportation to communications and health care, all depend on massive information communication technology networks. Cyberspace is composed of numerous interconnected computers, servers and databases that hold critical data and allow critical infrastructures to function. Securing critical data in a cyberspace that holds against growing and evolving cyber threats is an important focus area for most countries across the world. A novel approach is proposed to assess the vulnerabilities of own networks against adversarial attackers, where the adversary’s perception of strengths and vulnerabilities are modelled using game theoretic techniques. The proposed game theoretic framework models the uncertainties of information with the players (attackers and defenders) in terms of their information sets and their behaviour is modelled and assessed using a probability and belief function framework. The attack-defence scenarios are exercised on a virtual cyber warfare test-bed to assess and evaluate vulnerability of cyber systems. Optimal strategies for attack and defence are computed for the players which are validated using simulation experiments on the cyber war-games testbed, the results of which are used for security analyses.

[1]  Dipankar Dasgupta,et al.  Game theory for cyber security , 2010, CSIIRW '10.

[2]  Colin Camerer,et al.  Experience‐weighted Attraction Learning in Normal Form Games , 1999 .

[3]  Teodor Sommestad,et al.  Cyber Security Exercises and Competitions as a Platform for Cyber Security Experiments , 2012, NordSec.

[4]  Anamika Yadav,et al.  Performance analysis of NSL-KDD dataset using ANN , 2015, 2015 International Conference on Signal Processing and Communication Engineering Systems.

[5]  Gregory Levitin,et al.  Optimal network protection against diverse interdictor strategies , 2011, Reliab. Eng. Syst. Saf..

[6]  Vicki M. Bier,et al.  Secrecy in Defensive Allocations as a Strategy for Achieving More Cost-Effec tive Att acker Dett errence , 2009 .

[7]  Qishi Wu,et al.  A Stochastic Game Model with Imperfect Information in Cyber Security , 2010 .

[8]  Larry Samuelson,et al.  Choosing What to Protect: Strategic Defensive Allocation Against an Unknown Attacker , 2005 .

[9]  Alexander Kott,et al.  Cyber-security of SCADA and Other Industrial Control Systems , 2016, Advances in Information Security.

[10]  Marcelo Masera,et al.  Using an Emulation Testbed for Operational Cyber Security Exercises , 2011, Critical Infrastructure Protection.

[11]  D. Vijay Rao,et al.  A Game Theoretic Approach to Modelling Jamming Attacks in Delay Tolerant Networks , 2017 .

[12]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[13]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[14]  Glenn Shafer,et al.  Readings in Uncertain Reasoning , 1990 .

[15]  Pei-Yu Chen,et al.  Maximization of Multi-Round Network Survivability under Considerations of the Defender's Defensive Messaging Strategies , 2013, 2013 International Conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications.