A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention

ABSTRACT Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks.

[1]  W. O. Kermack,et al.  Contributions to the mathematical theory of epidemics—III. Further studies of the problem of endemicity , 1991 .

[2]  David Moore,et al.  The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[3]  Christos V. Verikoukis,et al.  Multi-Player Game Theoretic MAC Strategies for Energy Efficient Data Dissemination , 2014, IEEE Transactions on Wireless Communications.

[4]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[5]  L. Shapley A note on the Lemke-Howson algorithm , 1974 .

[6]  B. Stengel,et al.  COMPUTING EQUILIBRIA FOR TWO-PERSON GAMES , 1996 .

[7]  Mohd Yamani Idna Idris,et al.  EDOWA Worm Classification , 2008 .

[8]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[9]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[10]  Yang Xiang,et al.  Modeling the Propagation of Worms in Networks: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[11]  G. Serio,et al.  A generalization of the Kermack-McKendrick deterministic epidemic model☆ , 1978 .

[12]  Alessandro Vespignani,et al.  Epidemic spreading in scale-free networks. , 2000, Physical review letters.

[13]  Eitan Altman,et al.  A dynamic game solution to malware attack , 2011, 2011 Proceedings IEEE INFOCOM.

[14]  W. O. Kermack,et al.  Contributions to the mathematical theory of epidemics—II. The problem of endemicity , 1991, Bulletin of mathematical biology.

[15]  Joseph Gani,et al.  Stochastic Epidemic Models and Their Statistical Analysis , 2002 .

[16]  A. Rubinstein,et al.  A Course in Game Theory , 1995 .

[17]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[18]  W. O. Kermack,et al.  Contributions to the mathematical theory of epidemics—I , 1991, Bulletin of mathematical biology.

[19]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[20]  S. Hart,et al.  Handbook of Game Theory with Economic Applications , 1992 .

[21]  Jin-Cherng Lin,et al.  A Game Theoretic Approach to Decision and Analysis in Strategies of Attack and Defense , 2009, 2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement.

[22]  Brian W. Cashell The Economic Impact of Cyber-Attacks , 2004 .

[23]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[24]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[25]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[26]  William H. Sanders,et al.  RRE: A Game-Theoretic Intrusion Response and Recovery Engine , 2014, IEEE Transactions on Parallel and Distributed Systems.

[27]  Bimal Kumar Mishra,et al.  Dynamic model of worm propagation in computer network , 2014 .

[28]  Bernhard von Stengel,et al.  Chapter 45 Computing equilibria for two-person games , 2002 .

[29]  A.J. Ganesh,et al.  On the Race of Worms, Alerts, and Patches , 2008, IEEE/ACM Transactions on Networking.

[30]  Chase Qishi Wu,et al.  On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks , 2010, SpringSim.

[31]  H. Kuk On equilibrium points in bimatrix games , 1996 .

[32]  Chuanyi Ji,et al.  Spatial-temporal modeling of malware propagation in networks , 2005, IEEE Transactions on Neural Networks.

[33]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[34]  Sudarshan K. Dhall,et al.  Measurement and analysis of worm propagation on Internet network topology , 2004, Proceedings. 13th International Conference on Computer Communications and Networks (IEEE Cat. No.04EX969).

[35]  Luis Alonso,et al.  Game theoretic approach for switching off base stations in multi-operator environments , 2013, 2013 IEEE International Conference on Communications (ICC).