Spatial-Temporal Moving Target Defense: A Markov Stackelberg Game Model

Moving target defense has emerged as a critical paradigm of protecting a vulnerable system against persistent and stealthy attacks. To protect a system, a defender proactively changes the system configurations to limit the exposure of security vulnerabilities to potential attackers. In doing so, the defender creates asymmetric uncertainty and complexity for the attackers, making it much harder for them to compromise the system. In practice, the defender incurs a switching cost for each migration of the system configurations. The switching cost usually depends on both the current configuration and the following configuration. Besides, different system configurations typically require a different amount of time for an attacker to exploit and attack. Therefore, a defender must simultaneously decide both the optimal sequences of system configurations and the optimal timing for switching. In this paper, we propose a Markov Stackelberg Game framework to precisely characterize the defender's spatial and temporal decision-making in the face of advanced attackers. We introduce a relative value iteration algorithm that computes the defender's optimal moving target defense strategies. Empirical evaluation on real-world problems demonstrates the advantages of the Markov Stackelberg game model for spatial-temporal moving target defense.

[1]  Martin L. Puterman,et al.  Markov Decision Processes: Discrete Stochastic Dynamic Programming , 1994, Wiley Series in Probability and Statistics.

[2]  Chao Yang,et al.  NOMAD: Towards non-intrusive moving-target defense against web bots , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[3]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[4]  Sailik Sengupta,et al.  Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud , 2018, GameSec.

[5]  Milind Tambe,et al.  Stackelberg Security Games (SSG) Basics and Application Overview , 2015 .

[6]  Dimitri P. Bertsekas,et al.  Dynamic Programming and Optimal Control , 1995 .

[7]  Pratyusa K. Manadhata Game Theoretic Approaches to Attack Surface Shifting , 2013, Moving Target Defense.

[8]  Qian Zhang,et al.  Stackelberg game for utility-based cooperative cognitiveradio networks , 2009, MobiHoc '09.

[9]  Marthony Taguinod,et al.  Toward a Moving Target Defense for Web Applications , 2015, 2015 IEEE International Conference on Information Reuse and Integration.

[10]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[11]  Quanyan Zhu,et al.  Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense , 2013, GameSec.

[12]  Bo An,et al.  Stackelberg Security Games: Looking Beyond a Decade of Success , 2018, IJCAI.

[13]  Sushil Jajodia,et al.  SHARE: A Stackelberg Honey-Based Adversarial Reasoning Engine , 2018, ACM Trans. Internet Techn..

[14]  Dijiang Huang,et al.  MTD Analysis and evaluation framework in Software Defined Network (MASON) , 2018, SDN-NFV@CODASPY.

[15]  Scott A. DeLoach,et al.  Simulation-based Approaches to Studying Effectiveness of Moving-Target Network Defense | NIST , 2012 .

[16]  Fei Li,et al.  Catch Me If You Can: A Cloud-Enabled DDoS Defense , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[17]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[18]  A. Haurie,et al.  Sequential Stackelberg equilibria in two-person games , 1985 .

[19]  Prasant Mohapatra,et al.  A Stackelberg Game and Markov Modeling of Moving Target Defense , 2017, GameSec.

[20]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[21]  Chin-Tser Huang,et al.  A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces , 2014, 2014 IEEE International Conference on Communications (ICC).

[22]  Sailik Sengupta,et al.  Moving Target Defense for Web Applications using Bayesian Stackelberg Games: (Extended Abstract) , 2016, AAMAS.

[23]  Zizhan Zheng,et al.  Optimal Timing of Moving Target Defense: A Stackelberg Game Model , 2019, MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM).

[24]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[25]  Rui Zhuang A theory for understanding and quantifying moving target defense , 2015 .

[26]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[27]  Jianyong Liu,et al.  On Average Reward Semi-Markov Decision Processes with a General Multichain Structure , 2004, Math. Oper. Res..

[28]  J. Bather Optimal decision procedures for finite Markov chains. Part II: Communicating systems , 1973, Advances in Applied Probability.

[29]  Milind Tambe,et al.  Towards a science of security games , 2016 .

[30]  Seung Ho Hong,et al.  A Real-Time Demand-Response Algorithm for Smart Grids: A Stackelberg Game Approach , 2016, IEEE Transactions on Smart Grid.

[31]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[32]  P. Schweitzer Iterative solution of the functional equations of undiscounted Markov renewal programming , 1971 .

[33]  William W. Streilein,et al.  Moving Target Techniques: Leveraging Uncertainty for Cyber Defense , 2015 .

[34]  Milind Tambe,et al.  "A Game of Thrones": When Human Behavior Models Compete in Repeated Stackelberg Security Games , 2015, AAMAS.

[35]  Sailik Sengupta,et al.  A Survey of Moving Target Defenses for Network Security , 2020, IEEE Communications Surveys & Tutorials.

[36]  Heinrich von Stackelberg Market Structure and Equilibrium , 2010 .

[37]  Vincent Conitzer,et al.  Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness , 2011, J. Artif. Intell. Res..

[38]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[39]  Sailik Sengupta,et al.  A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications , 2017, AAMAS.