Skip to main content
SpringerLink
Log in

Cut-The-Rope: A Game of Stealthy Intrusion

  • Conference paper
  • First Online:
Decision and Game Theory for Security (GameSec 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11836))

Included in the following conference series:

Abstract

A major characteristic of Advanced Persistent Threats (APTs) is their stealthiness over a possibly long period, during which the victim system is being penetrated and prepared for the finishing blow. We model an APT as a game played on an attack graph G, and consider the following interaction pattern: the attacker chooses an attack path in G towards its target \(v_0\), and step-by-step works its way towards the goal by repeated penetrations. In each step, it leaves a backdoor for an easy return to learn how to accomplish the next step. We call this return path the “rope”. The defender’s aim is “cutting” this rope by cleaning the system from (even unknown) backdoors, e.g., by patching systems or changing configurations. While the defender is doing so in fixed intervals governed by working hours/shifts, the attacker is allowed to take any number of moves at any point in time. The game is thus repeated, i.e., in discrete time, only for the defender, while the second player (adversary) moves in continuous time. It also has asymmetric information, since the adversary is stealthy at all times, until the damage causing phase of the APT. The payoff in the game is the attacker’s chance to reach this final stage, while the defender’s goal is minimizing this likelihood (risk). We illustrate the model by a numerical example and open access implementation in R.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The dependence of U on \(a\in AS_2\) is implicit here, but comes in through the probabilities involved to define the utility; we will come back to this in a moment.

References

  1. ADAPT: Analytical Framework for Actionable Defense against Advanced Persistent Threats—UW Department of Electrical & Computer Engineering (2018). https://www.ece.uw.edu/projects/adapt-analytical-framework-for-actionable-defense-against-advanced-persistent-threats/

  2. Alpcan, T., Başar, T.: Network Security: A Decision and Game Theoretic Approach. Cambridge University Press, Cambridge (2010)

    Book  Google Scholar 

  3. BSI: IT-Grundschutz International. Bundesamt für Sicherheit in der Informationstechnik (2016). https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzInternational/itgrundschutzinternational_node.html

  4. Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. In: 2009 Proceedings of 18th International Conference on Computer Communications and Networks, pp. 1–6. IEEE, San Francisco, August 2009

    Google Scholar 

  5. Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: the game of “Stealthy Takeover”. J. Cryptol. 26(4), 655–713 (2013)

    Article  MathSciNet  Google Scholar 

  6. Etesami, S.R., Başar, T.: Dynamic games in cyber-physical security: an overview. Dyn. Games Appl. (2019). https://doi.org/10.1007/s13235-018-00291-y. ISSN: 2153-0793

  7. Fang, X., Zhai, L., Jia, Z., Bai, W.: A game model for predicting the attack path of APT. In: 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing. pp. 491–495. IEEE, Dalian, August 2014

    Google Scholar 

  8. Fudenberg, D., Tirole, J.: Game Theory. MIT Press (1991). ISBN: 978-0262061414

    Google Scholar 

  9. Huang, L., Zhu, Q.: Adaptive Strategic Cyber Defense for Advanced Persistent Threats in Critical Infrastructure Networks. arXiv:1809.02227 [cs], September 2018

  10. Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: 2011 - MILCOM 2011 Military Communications Conference, pp. 1339–1344. IEEE (2011)

    Google Scholar 

  11. Kamhoua, C.A., Leslie, N.O., Weisman, M.J.: Game Theoretic Modeling of Advanced Persistent Threat in Internet of Things. J. Cyber Secur. Inf. Syst. 6(3), 40–46 (2018)

    Google Scholar 

  12. Khouzani, M., Sarkar, S., Altman, E.: Saddle-point strategies in malware attack. IEEE J. Sel. Areas Commun. 30(1), 31–43 (2012)

    Article  Google Scholar 

  13. La, Q.D., Quek, T.Q.S., Lee, J.: A game theoretic model for enabling honeypots in IoT networks. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE, May 2016

    Google Scholar 

  14. Lin, J., Liu, P., Jing, J.: Using signaling games to model the multi-step attack-defense scenarios on confidentiality. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 118–137. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_7

    Chapter  Google Scholar 

  15. Lye, K.W., Wing, J.M.: Game strategies in network security. Int. J. of Inf. Secur. 4, 71–86 (2005)

    Article  Google Scholar 

  16. Moothedath, S., et al.: A game theoretic approach for dynamic information flow tracking to detect multi-stage advanced persistent threats. arXiv:1811.05622 [cs], November 2018

  17. Qing, H., Shichao, L., Zhiqiang, S., Limin, S., Liang, X.: Advanced persistent threats detection game with expert system for cloud. J. Comput. Res. Dev. 54(10), 2344 (2017)

    Google Scholar 

  18. Rass, S., König, S., Panaousis, E.: Implementation of cut-the-rope in R. https://www.syssec.at/de/downloads/papers, supplementary material to this work, July 2019

  19. Rass, S., Rainer, B.: Numerical computation of multi-goal security strategies. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 118–133. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_7

    Chapter  MATH  Google Scholar 

  20. Rass, S.: On game-theoretic network security provisioning. J. Netw. Syst. Manag. 21(1), 47–64 (2013)

    Article  Google Scholar 

  21. Rass, S., König, S.: HyRiM: multicriteria risk management using zero-sum games with vector-valued payoffs that are probability distributions. https://cran.r-project.org/web/packages/HyRiM/index.html

  22. Rass, S., König, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PLoS ONE 12(1), e0168675 (2017)

    Article  Google Scholar 

  23. Rass, S., König, S., Schauer, S.: On the cost of game playing: how to control the expenses in mixed strategies. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.) Decision and Game Theory for Security, pp. 494–505. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-68711-7_26

    Chapter  MATH  Google Scholar 

  24. Rass, S., Zhu, Q.: GADAPT: a sequential game-theoretic framework for designing defense-in-depth strategies against advanced persistent threats. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 314–326. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_18

    Chapter  MATH  Google Scholar 

  25. Sela, A.: Fictitious play in ‘one-against-all’ multi-player games. Econ. Theor. 14(3), 635–651 (1999)

    Article  MathSciNet  Google Scholar 

  26. Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. https://doi.org/10.6028/NIST.IR.7788

  27. Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access 6, 13958–13971 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Applied Informatics, Universitaet Klagenfurt, Klagenfurt, Austria

    Stefan Rass

  2. Center for Digital Safety & Security, Austrian Institute of Technology, Vienna, Austria

    Sandra König

  3. Department of Computer Science, University of Surrey, Guildford, UK

    Emmanouil Panaousis

Authors
  1. Stefan Rass
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sandra König
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emmanouil Panaousis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stefan Rass .

Editor information

Editors and Affiliations

  1. University of Melbourne, Melbourne, VIC, Australia

    Tansu Alpcan

  2. Washington University in St. Louis, St. Louis, MO, USA

    Yevgeniy Vorobeychik

  3. University of Maryland, College Park, College Park, MD, USA

    John S. Baras

  4. KTH Royal Institute of Technology, Stockholm, Sweden

    György Dán

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rass, S., König, S., Panaousis, E. (2019). Cut-The-Rope: A Game of Stealthy Intrusion. In: Alpcan, T., Vorobeychik, Y., Baras, J., Dán, G. (eds) Decision and Game Theory for Security. GameSec 2019. Lecture Notes in Computer Science(), vol 11836. Springer, Cham. https://doi.org/10.1007/978-3-030-32430-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-32430-8_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-32429-2

  • Online ISBN: 978-3-030-32430-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation