Strategy-Aware Mitigation Using Markov Games for Dynamic Application-Layer Attacks

Targeted and destructive nature of strategies used by attackers to break down the system require mitigation approaches with dynamic awareness. In the domain of adaptive software security, the adaptation manager of a self-protecting software is responsible for selecting countermeasures to prevent or mitigate attacks immediately. Making a right decision in each and every situation is one of the most challenging aspects of engineering self-protecting software systems. Inspired by the game theory, in this research work, we model the interactions between the attacker and the adaptation manager as a two-player zero-sum Markov game. Using this game-theoretic approach, the adaptation manager can refine its strategies in dynamic attack scenarios by utilizing what has learned from the system's and adversary's actions. We also present how this approach can be fitted to the well-known MAPE-K architecture model. As a proof of concept, this research conducts a study on a case of dynamic application-layer denial of service attacks. The simulation results demonstrate how our approach performs while encountering different attack strategies.

[1]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .

[2]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[3]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[4]  Sankardas Roy,et al.  Game theory-based defense mechanisms against DDoS attacks on TCP/TCP-friendly flows , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[5]  Ladan Tahvildari,et al.  Towards a goal‐driven approach to action selection in self‐adaptive software , 2012, Softw. Pract. Exp..

[6]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[7]  Supranamaya Ranjan,et al.  DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks , 2009, IEEE/ACM Transactions on Networking.

[8]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[9]  Michael L. Littman,et al.  Markov Games as a Framework for Multi-Agent Reinforcement Learning , 1994, ICML.

[10]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[11]  Phillip A. Petersen,et al.  Breaking the DDoS Attack Chain , 2013 .

[12]  Richard S. Sutton,et al.  Reinforcement Learning: An Introduction , 1998, IEEE Trans. Neural Networks.

[13]  Mahsa Emami-Taba,et al.  Mitigating dynamic attacks using multi-agent game-theoretic techniques , 2014, CASCON.

[14]  Mahsa Emami-Taba,et al.  On the Road to Holistic Decision Making in Adaptive Security , 2013 .

[15]  I. Sasase,et al.  Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior , 2007, 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing.

[16]  Valérie Issarny,et al.  Dynamic decision networks for decision-making in self-adaptive systems: A case study , 2013, 2013 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[17]  Yang Xiao,et al.  Game Theory for Network Security , 2013, IEEE Communications Surveys & Tutorials.