A Game Theoretical Approach to Communication Security

The increased reliance on the Internet has made information and communication systems more vulnerable to security attacks.Many recent incidents demonstrate this vulnerability, such as the rapid propagation of sophisticated malwares, the fast growth of botnets, denial-of-service (DoS) attacks against business and government websites, and attacks against the power grid system.Experts must design and implement security solutions to defend against well organized and very sophisticated adversaries such as malicious insiders, cybercriminals, cyberterrorists, industrial spies, and, in some cases, nation-state intelligence agents.Instead of designing a defense against a specific attack, Game Theory attempts to design a defense against a sophisticated attacker who plans in anticipation of a complex defense. By including this `second-guessing' element into the design process, Game Theory has the potential of crafting improved security mechanisms. In addition, Game Theory can model issues of trust, incentives, and externalities that arise in security systems.This thesis illustrates the potential usefulness of Game Theory in security. By modeling the interactions between defenders and attackers as games in three types of common communication scenarios, we predict the adversaries' attacks, determine the set of assets that are most likely to be attacked, and suggest defense strategies for the defenders.The first example is a communication scenario where some components might be compromised. Specifically, we consider Bob who is receiving information that might be corrupted by an attacker, Trudy. We model the interaction between Trudy and Bob as a zero-sum game where Trudy chooses whether and how to corrupt the data and Bob decides how much he should trust the received information. By analyzing the Nash equilibrium of the game, we have determined when Bob should trust the received information, and how Trudy should corrupt the data. We have also shown how a challenge-response option for Bob candeter Trudy from corrupting the information.The second example is a scenario where an intelligent virus is attempting to infect a network protected by an Intrusion Detection System (IDS). The IDS detects intrusions by analyzing the volume of traffic going inside the network. We model the interaction of the intelligent virus and the IDS as a zero-sum game where the IDS chooses the detection threshold, while the virus is trying tochoose its infection rate to maximize its ultimate spreading.Using a Markov chain model, we compute the Nash equilibria of the game and analyze them. In general, a more aggressive virus is more damaging but is also faster to detect. Hence, in its best attack, the intelligent virus chooses an infection rate that balances betweenan aggressive attack that can be easily detected and a slow attack that causes less damage. The best defense strategy against such a sophisticated virus is to quarantine the traffic and analyze it prior to letting it go inside the network (in addition to setting the optimal threshold).The third example is a blocking security game. For this game, given a finite set of resources S , a defender needs to choose a feasible subset T of S of resources to perform a mission critical task. The attacker, at the same time, tries to disrupt the task by choosing one resource e of S to attack. Each resource e of S has a cost &mu(e) of attack. The defender loses some value &lambda(T,e) whenever the task is disrupted(i.e. the attacked resource &me belongs to his subset &T ). This loss goes to the attacker. We analyze the game by using the combinatorial tools of blocking pairs of matrices (hence the name blocking security game).We introduce the notion of critical subset of resources and use this notion to define a vulnerability metric for the task. We find that, in Nash equilibrium, the attacker always targets a critical set of resources and the defender chooses a feasible subset that minimally intersects that critical subset. We illustrate the model with two examples of communication scenarios that consider design of network topology in the presence of a strategic adversary.The first example studies a scenario where a network manager is choosing a spanning tree of a graph while an attacker is trying to cut the tree by attacking one link of the graph. One of our findings in this scenario is that, the usual edge-connectivity metricfor a graph is not the appropriate vulnerability measure in a network where strategic adversaries are present. The second example deals with a supply-demand network where a network manager is choosing a feasible flow to transport the maximum amount of goods from a set of sources to a set of destinations,and an attacker is trying to minimize this by attacking an arc of the network. In this case, we find that critical subsets of links are cutsets that maximize the minimum fraction of goods carried per link of the cutset. In most cases, these correspond to minimum cutsets of the graph.Although computing Nash equilibria of a two-player game is generally complex, we have shown how, for a class of blocking games, one can compute a critical set of resources (hence a Nash equilibrium) in polynomial time.

[1]  William H. Sanders,et al.  Ieee Transactions on Parallel and Distributed Systems Rre: a Game-theoretic Intrusion Response and Recovery Engine , 2022 .

[2]  J. Harsanyi Games with Incomplete Information Played by 'Bayesian' Players, Part III. The Basic Probability Distribution of the Game , 1968 .

[3]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[4]  W. T. Tutte On the Problem of Decomposing a Graph into n Connected Factors , 1961 .

[5]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[6]  Huseyin Cavusoglu,et al.  Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment , 2008, J. Manag. Inf. Syst..

[7]  Martin Shubik Game Theory. Models of Strategic Behavior and Nuclear Deterrence , 1987 .

[8]  Jean C. Walrand,et al.  Can Competitive Insurers Improve Network Security? , 2010, TRUST.

[9]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[10]  Peter Bro Miltersen,et al.  Computing sequential equilibria for two-player games , 2006, SODA '06.

[11]  Fabio Roli,et al.  Intrusion detection in computer networks by a modular ensemble of one-class classifiers , 2008, Inf. Fusion.

[12]  David A. Burke,et al.  Towards a Game Theory Model of Information Warfare , 2012 .

[13]  Václav Matyás,et al.  Biometric authentication - security and usability , 2002, Communications and Multimedia Security.

[14]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[15]  David R. Karger,et al.  An Õ(n2) algorithm for minimum cuts , 1993, STOC.

[16]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[17]  Dmitri Nizovtsev,et al.  Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies , 2006, WEIS.

[18]  Sushil Jajodia,et al.  Information Hiding: Steganography and Watermarking-Attacks and Countermeasures , 2000, Advances in Information Security.

[19]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[20]  Prabir Bhattacharya,et al.  A game-theoretic intrusion detection model for mobile ad hoc networks , 2008, Comput. Commun..

[21]  Paul G. Spirakis,et al.  A graph-theoretic network security game , 2005, Int. J. Auton. Adapt. Commun. Syst..

[22]  Yao-Hua Tan,et al.  Trust and Deception in Virtual Societies , 2001, Springer Netherlands.

[23]  Hong-Jian Lai,et al.  Edge-connectivity and edge-disjoint spanning trees , 2009, Discret. Math..

[24]  C. Nash-Williams Edge-disjoint spanning trees of finite graphs , 1961 .

[25]  Uri Gneezy,et al.  Deception: The Role of Consequences , 2005 .

[26]  Satoru Iwata,et al.  Submodular function minimization , 2007, Math. Program..

[27]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[28]  Robert J. Vanderbei,et al.  Linear Programming: Foundations and Extensions , 1998, Kluwer international series in operations research and management service.

[29]  Michael Jones,et al.  Issues in Informing Science and Information Technology the Cultural Impact of Information Systems – through the Eyes of Hofstede – a Critical Journey , 2022 .

[30]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[31]  R. Srikant,et al.  Correlated jamming on MIMO Gaussian fading channels , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[32]  Quanyan Zhu,et al.  Dynamic policy-based IDS configuration , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[33]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[34]  D. R. Fulkerson,et al.  Blocking and anti-blocking pairs of polyhedra , 1971, Math. Program..

[35]  Charles A. Holt,et al.  Ten Little Treasures of Game Theory and Ten Intuitive Contradictions , 2001 .

[36]  Levente Buttyán,et al.  Security and Cooperation in Wireless Networks: Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing , 2007 .

[37]  Vern Paxson,et al.  On the Adaptive Real-Time Detection of Fast-Propagating Network Worms , 2007, DIMVA.

[38]  Christopher J. Coyne,et al.  THE ECONOMICS OF COMPUTER HACKING , 2005 .

[39]  Tansu Alpcan,et al.  Decision and game theory for security : First International Conference, GameSec 2010, Berlin, Germany, November 22-23, 2010 : proceedings , 2010 .

[40]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[41]  D. R. Fulkerson,et al.  Blocking Pairs of Polyhedra Arising from Network Flows , 1975 .

[42]  John C. Harsanyi,et al.  Games with Incomplete Information Played by "Bayesian" Players, I-III: Part I. The Basic Model& , 2004, Manag. Sci..

[43]  S. Chopra On the spanning tree polyhedron , 1989 .

[44]  E. Rowland Theory of Games and Economic Behavior , 1946, Nature.

[45]  Laurence A. Wolsey,et al.  Integer and Combinatorial Optimization , 1988 .

[46]  Huseyin Cavusoglu,et al.  Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches , 2004, Decis. Anal..

[47]  Eric van Damme,et al.  Non-Cooperative Games , 2000 .

[48]  Giuseppe Serazzi,et al.  Computer Virus Propagation Models , 2003, MASCOTS Tutorials.

[49]  D. Avis,et al.  Enumeration of Nash equilibria for two-player games , 2010 .

[50]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[51]  Eitan Altman,et al.  A Jamming Game in Wireless Networks with Transmission Cost , 2007, NET-COOP.

[52]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[53]  William M. Spears,et al.  A unified prediction of computer virus spread in connected networks , 2002 .

[54]  Nicolas Christin,et al.  Predicted and Observed User Behavior in the Weakest-link Security Game , 2008, UPSEC.

[55]  A. Patcha,et al.  A game theoretic approach to modeling intrusion detection in mobile ad hoc networks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[56]  L. Jean Camp,et al.  Game-theoretic modeling and analysis of insider threats , 2008, Int. J. Crit. Infrastructure Prot..

[57]  Laurence A. Wolsey,et al.  Integer and Combinatorial Optimization , 1988, Wiley interscience series in discrete mathematics and optimization.

[58]  Jean C. Walrand,et al.  Efficiency of selfish investments in network security , 2008, NetEcon '08.

[59]  S. Goldman,et al.  Cost Optimization in the SIS Model of Infectious Disease with Treatment , 2002 .

[60]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.

[61]  Dan Gusfield,et al.  Connectivity and Edge-Disjoint Spanning Trees , 1983, Information Processing Letters.

[62]  Eric V. Denardo,et al.  Flows in Networks , 2011 .

[63]  Tansu Alpcan,et al.  Network Security , 2010 .

[64]  David A. Maltz,et al.  Toward a Framework for Internet Forensic Analysis , 2004 .

[65]  Gürsel Serpen,et al.  Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context , 2003, MLMTA.

[66]  S. Savage,et al.  Report on Dimacs * Workshop on Large-scale Internet Attacks , .

[67]  Jens Zander,et al.  Jamming games in slotted Aloha packet radio networks , 1990, IEEE Conference on Military Communications.

[68]  Jeffrey K. MacKie-Mason,et al.  Security when people matter: structuring incentives for user behavior , 2007, ICEC.

[69]  Stephen Flowerday,et al.  Trust: An Element of Information Security , 2006, SEC.

[70]  William H. Cunningham,et al.  Optimal attack and reinforcement of a network , 1985, JACM.

[71]  Ted K. Ralphs,et al.  Integer and Combinatorial Optimization , 2013 .

[72]  Paul W. Goldberg,et al.  The complexity of computing a Nash equilibrium , 2006, STOC '06.

[73]  Rahul Khanna,et al.  Distributed and Control Theoretic Approach to Intrusion Detection , 2022 .

[74]  Tansu Alpcan,et al.  Security games for vehicular networks , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[75]  Mechthild Stoer,et al.  A simple min-cut algorithm , 1997, JACM.