Defense Against Advanced Persistent Threats with Expert System for Internet of Things

In this paper, the Advanced Persistent Threats (APTs) defense for Internet of Things (IoT) is analyzed for inaccurate APT detection, i.e., both the miss detection rate and false alarm rate of the APT detection are considered. We formulate an expert system (ES)-based APT detection game, in which an expert will double-check the suspicious behavior or potential APT attackers reported by the autonomous and inaccurate APT detection system. The Nash equilibrium of the APT detection game for IoT with ES is derived, revealing the influence of the APT detection accuracy on the utilities of the IoT system and the attacker. We propose a Q-learning based APT detection method for the IoT system with ES in the dynamic game to obtain the optimal strategy without the knowledge of the attack model. Simulation results show that the proposed APT detection scheme can efficiently use the knowledge of the expert system to improve the defender’s utility and increase the security level of the IoT device compared with the benchmark detection scheme.

[1]  Peter Dayan,et al.  Technical Note: Q-Learning , 2004, Machine Learning.

[2]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[3]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[4]  Prasant Mohapatra,et al.  Stealthy attacks meets insider threats: A three-player game model , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[5]  Quanyan Zhu,et al.  Flip the Cloud: Cyber-Physical Signaling Games in the Presence of Advanced Persistent Threats , 2015, GameSec.

[6]  Ming Zhang,et al.  A Game Theoretic Model for Defending Against Stealthy Attacks with Limited Resources , 2015, GameSec.

[7]  H. Vincent Poor,et al.  Mobile offloading game against smart attacks , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[8]  Burak Kantarci,et al.  Cloud-centric multi-level authentication as a service for secure public safety device networks , 2016, IEEE Communications Magazine.

[9]  Jens Grossklags,et al.  FlipLeakage: A Game-Theoretic Approach to Protect Against Stealthy Attackers in the Presence of Information Leakage , 2016, GameSec.

[10]  Quanyan Zhu,et al.  GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats , 2016, GameSec.

[11]  Liang Xiao,et al.  Evolutionary Game Theoretic Analysis of Advanced Persistent Threats Against Cloud Storage , 2017, IEEE Access.

[12]  H. Vincent Poor,et al.  Cloud Storage Defense Against Advanced Persistent Threats: A Prospect Theoretic Study , 2017, IEEE Journal on Selected Areas in Communications.

[13]  H. Vincent Poor,et al.  Cumulative prospect theoretic study of a cloud storage defense game against advanced persistent threats , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[14]  Sabina Jeschke,et al.  Security and Privacy in Cyber-Physical Systems : Foundations, Principles, and Applications , 2017 .

[15]  Liang Xiao,et al.  Defense against advanced persistent threats: A Colonel Blotto game approach , 2017, 2017 IEEE International Conference on Communications (ICC).

[16]  Houbing Song,et al.  ICMDS: Secure inter-cluster multiple-key distribution scheme for wireless sensor networks , 2017, Ad Hoc Networks.