Abstract
A major characteristic of Advanced Persistent Threats (APTs) is their stealthiness over a possibly long period, during which the victim system is being penetrated and prepared for the finishing blow. We model an APT as a game played on an attack graph G, and consider the following interaction pattern: the attacker chooses an attack path in G towards its target \(v_0\), and step-by-step works its way towards the goal by repeated penetrations. In each step, it leaves a backdoor for an easy return to learn how to accomplish the next step. We call this return path the “rope”. The defender’s aim is “cutting” this rope by cleaning the system from (even unknown) backdoors, e.g., by patching systems or changing configurations. While the defender is doing so in fixed intervals governed by working hours/shifts, the attacker is allowed to take any number of moves at any point in time. The game is thus repeated, i.e., in discrete time, only for the defender, while the second player (adversary) moves in continuous time. It also has asymmetric information, since the adversary is stealthy at all times, until the damage causing phase of the APT. The payoff in the game is the attacker’s chance to reach this final stage, while the defender’s goal is minimizing this likelihood (risk). We illustrate the model by a numerical example and open access implementation in R.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The dependence of U on \(a\in AS_2\) is implicit here, but comes in through the probabilities involved to define the utility; we will come back to this in a moment.
References
ADAPT: Analytical Framework for Actionable Defense against Advanced Persistent Threats—UW Department of Electrical & Computer Engineering (2018). https://www.ece.uw.edu/projects/adapt-analytical-framework-for-actionable-defense-against-advanced-persistent-threats/
Alpcan, T., Başar, T.: Network Security: A Decision and Game Theoretic Approach. Cambridge University Press, Cambridge (2010)
BSI: IT-Grundschutz International. Bundesamt für Sicherheit in der Informationstechnik (2016). https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzInternational/itgrundschutzinternational_node.html
Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. In: 2009 Proceedings of 18th International Conference on Computer Communications and Networks, pp. 1–6. IEEE, San Francisco, August 2009
Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: the game of “Stealthy Takeover”. J. Cryptol. 26(4), 655–713 (2013)
Etesami, S.R., Başar, T.: Dynamic games in cyber-physical security: an overview. Dyn. Games Appl. (2019). https://doi.org/10.1007/s13235-018-00291-y. ISSN: 2153-0793
Fang, X., Zhai, L., Jia, Z., Bai, W.: A game model for predicting the attack path of APT. In: 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing. pp. 491–495. IEEE, Dalian, August 2014
Fudenberg, D., Tirole, J.: Game Theory. MIT Press (1991). ISBN: 978-0262061414
Huang, L., Zhu, Q.: Adaptive Strategic Cyber Defense for Advanced Persistent Threats in Critical Infrastructure Networks. arXiv:1809.02227 [cs], September 2018
Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: 2011 - MILCOM 2011 Military Communications Conference, pp. 1339–1344. IEEE (2011)
Kamhoua, C.A., Leslie, N.O., Weisman, M.J.: Game Theoretic Modeling of Advanced Persistent Threat in Internet of Things. J. Cyber Secur. Inf. Syst. 6(3), 40–46 (2018)
Khouzani, M., Sarkar, S., Altman, E.: Saddle-point strategies in malware attack. IEEE J. Sel. Areas Commun. 30(1), 31–43 (2012)
La, Q.D., Quek, T.Q.S., Lee, J.: A game theoretic model for enabling honeypots in IoT networks. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE, May 2016
Lin, J., Liu, P., Jing, J.: Using signaling games to model the multi-step attack-defense scenarios on confidentiality. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 118–137. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_7
Lye, K.W., Wing, J.M.: Game strategies in network security. Int. J. of Inf. Secur. 4, 71–86 (2005)
Moothedath, S., et al.: A game theoretic approach for dynamic information flow tracking to detect multi-stage advanced persistent threats. arXiv:1811.05622 [cs], November 2018
Qing, H., Shichao, L., Zhiqiang, S., Limin, S., Liang, X.: Advanced persistent threats detection game with expert system for cloud. J. Comput. Res. Dev. 54(10), 2344 (2017)
Rass, S., König, S., Panaousis, E.: Implementation of cut-the-rope in R. https://www.syssec.at/de/downloads/papers, supplementary material to this work, July 2019
Rass, S., Rainer, B.: Numerical computation of multi-goal security strategies. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 118–133. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_7
Rass, S.: On game-theoretic network security provisioning. J. Netw. Syst. Manag. 21(1), 47–64 (2013)
Rass, S., König, S.: HyRiM: multicriteria risk management using zero-sum games with vector-valued payoffs that are probability distributions. https://cran.r-project.org/web/packages/HyRiM/index.html
Rass, S., König, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PLoS ONE 12(1), e0168675 (2017)
Rass, S., König, S., Schauer, S.: On the cost of game playing: how to control the expenses in mixed strategies. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.) Decision and Game Theory for Security, pp. 494–505. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-68711-7_26
Rass, S., Zhu, Q.: GADAPT: a sequential game-theoretic framework for designing defense-in-depth strategies against advanced persistent threats. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 314–326. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_18
Sela, A.: Fictitious play in ‘one-against-all’ multi-player games. Econ. Theor. 14(3), 635–651 (1999)
Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. https://doi.org/10.6028/NIST.IR.7788
Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access 6, 13958–13971 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rass, S., König, S., Panaousis, E. (2019). Cut-The-Rope: A Game of Stealthy Intrusion. In: Alpcan, T., Vorobeychik, Y., Baras, J., Dán, G. (eds) Decision and Game Theory for Security. GameSec 2019. Lecture Notes in Computer Science(), vol 11836. Springer, Cham. https://doi.org/10.1007/978-3-030-32430-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-32430-8_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32429-2
Online ISBN: 978-3-030-32430-8
eBook Packages: Computer ScienceComputer Science (R0)