Abstract
The recent surge in ransomware attacks has threatened many critical infrastructures such as oil pipeline systems, hospitals, and industrial Internet of Things (IoT). Ransomware is a cryptoviral extortion attack that involves two phases: the cyber infection of the malware and the financial transaction of the ransom payment. As the ransomware attackers are financially motivated, the protection of the infrastructure networked systems requires a cross-layer risk analysis that not only examines the vulnerability of the cyber system but also consolidates the economics of ransom payment. To this end, this paper establishes a two-player multi-phase and multi-stage game framework to model cyber and economic phases of a ransomware attack. We use a zero-sum Markov game to capture the multi-stage penetration of ransomware in the lateral movement. A sequential-move game is proposed to model the ransom payment interactions at the second phase. Two games are composed to form a multi-phase and multi-stage game-in-games (MPMS-GiG) that enables a holistic risk assessment of ransomware in networks and a cross-layer design of cyber defense and investment strategies to mitigate the attack. We provide a complete equilibrium characterization of ransomware game and design interdependent optimal strategies for cyber protection and ransom payment. We use prospect theory to analyze the impact of human factors on equilibrium strategies. Finally, we use a prototypical industrial IoT network as a case study to corroborate the results.
This work is partially supported by grants SES-1541164, ECCS-1847056, CNS-2027884, and BCS-2122060 from National Science Foundation (NSF), DOE-NE grant 20-19829 and grant W911NF-19-1-0041 from Army Research Office (ARO).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The notations of the cyber Markov game are listed in Sect. 2.3 separately.
- 2.
An attack is successful if the attacker compromises the target within K steps.
- 3.
See Appendix for the proof of \(\mathrm {d} (-\hat{r}_d)/\mathrm {d} B < 0\).
References
Colonial pipeline ransomware attack. Wikipedia. https://en.wikipedia.org/wiki/Colonial_Pipeline_ransomware_attack. Accessed 20 July 2021
Aidan, J.S., Verma, H.K., Awasthi, L.K.: Comprehensive survey on petya ransomware attack. In: 2017 International Conference on Next Generation Computing and Information Systems (ICNGCIS), pp. 122–125. IEEE (2017)
Braue, D.: Global ransomware damage costs predicted to exceed \$265 billion by 2031 (2021). https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/. Accessed 20 July 2021
Caporusso, N., Chea, S., Abukhaled, R.: A game-theoretical model of ransomware. In: Ahram, T.Z., Nicholson, D. (eds.) AHFE 2018. AISC, vol. 782, pp. 69–78. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-94782-2_7
Cartwright, E., Hernandez Castro, J., Cartwright, A.: To pay or not: game theoretic models of ransomware. J. Cybersecur. 5(1), tyz009 (2019)
Di Pietro, R., Mancini, L.V.: Intrusion Detection Systems, vol. 38. Springer Science & Business Media, Heidelberg (2008)
Flores, R.: The impact of modern ransomware on manufacturing networks (2020). https://www.trendmicro.com/en_us/research/20/l/the-impact-of-modern-ransomware-on-manufacturing-networks.html. Accessed 20 July 2021
Fox, C.R., Poldrack, R.A.: Prospect theory and the brain. In: Neuroeconomics, pp. 145–173. Elsevier (2009)
Hernandez-Castro, J., Cartwright, E., Stepanova, A.: Economic analysis of ransomware. Available at SSRN 2937641 (2017)
Huang, L., Zhu, Q.: Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks. ACM SIGMETRICS Perform. Eval. Rev. 46(2), 52–56 (2019)
Inayat, Z., Gani, A., Anuar, N.B., Khan, M.K., Anwar, S.: Intrusion response systems: foundations, design, and challenges. J. Netw. Comput. Appl. 62, 53–74 (2016)
Kalaimannan, E., John, S.K., DuBose, T., Pinto, A.: Influences on ransomware’s evolution and predictions for the future challenges. J. Cyber Secur. Technol. 1(1), 23–31 (2017)
Kearns, M., Mansour, Y., Singh, S.: Fast planning in stochastic games. arXiv preprint arXiv:1301.3867 (2013)
Kivilevich, V.: Ransomware gangs are starting to look like ocean’s 11 (2021). https://ke-la.com/ransomware-gangs-are-starting-to-look-like-oceans-11/. Accessed 20 July 2021
Laszka, A., Farhang, S., Grossklags, J.: On the economics of ransomware. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.) Decision and Game Theory for Security. GameSec 2017. Lecture Notes in Computer Science, vol. 10575, pp. 397–417. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68711-7_21
Mayoral-Vilches, V., Pinzger, M., Rass, S., Dieber, B., Gil-Uriarte, E.: Can ros be used securely in industry? red teaming ros-industrial. arXiv preprint arXiv:2009.08211 (2020)
Noureddine, M.A., Fawaz, A., Sanders, W.H., Başar, T.: A game-theoretic approach to respond to attacker lateral movement. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 294–313. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_17
Richardson, R., North, M.M.: Ransomware: evolution, mitigation and prevention. Int. Manag. Rev. 13(1), 10 (2017)
Scarfone, K., Mell, P.: An analysis of CVSS version 2 vulnerability scoring. In: 2009 3rd International Symposium on Empirical Software Engineering and Measurement, pp. 516–525. IEEE (2009)
Tonn, G., Kesan, J.P., Zhang, L., Czajkowski, J.: Cyber risk and insurance for transportation infrastructure. Transp. Policy 79, 103–114 (2019)
Touchette, F.: The evolution of malware. Netw. Secur. 2016(1), 11–14 (2016)
Tuptuk, N., Hailes, S.: Security of smart manufacturing systems. J. Manuf. Syst. 47, 93–106 (2018)
Yaqoob, I., et al.: The rise of ransomware and emerging security challenges in the internet of things. Comput. Netw. 129, 444–458 (2017)
Zahra, S.R., Chishti, M.A.: Ransomware and internet of things: a new security nightmare. In: 2019 9th International Conference on Cloud Computing, Data Science & Engineering (confluence), pp. 551–555. IEEE (2019)
Zhu, Q., Rass, S., Dieber, B., Vilches, V.M.: Cybersecurity in robotics: Challenges, quantitative modeling, and practice. arXiv preprint arXiv:2103.05789 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Proof in the Budget Dilemma
A Proof in the Budget Dilemma
Recall that \(\hat{r}_d\) is the root of \(g(r_d,B) = B-r_d - f(r_d)\) for small B. Assume the differentiability of \(\theta \) and \(c_f\), it is easy to show that \(f'(r_d) > 0\). Using the implicit function theorem, we can find a function \(\hat{r}_d = h(B)\) in the neighborhood of \((B, \hat{r}_d)\) where \(g(r_d, B) = 0\). Hence, we have \(\frac{\mathrm {d} \hat{r}_d}{\mathrm {d} B} = -(-1-f'(\hat{r}_d))^{-1} = \frac{1}{1+f'(\hat{r}_d)} > 0\). The defender’s utility is \(-\hat{r}_d\) if she chooses to invest \(\hat{r}_d\). Thus, \(\frac{\mathrm {d} (-\hat{r}_d)}{\mathrm {d} B} < 0\).
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhao, Y., Ge, Y., Zhu, Q. (2021). Combating Ransomware in Internet of Things: A Games-in-Games Approach for Cross-Layer Cyber Defense and Security Investment. In: Bošanský, B., Gonzalez, C., Rass, S., Sinha, A. (eds) Decision and Game Theory for Security. GameSec 2021. Lecture Notes in Computer Science(), vol 13061. Springer, Cham. https://doi.org/10.1007/978-3-030-90370-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-90370-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90369-5
Online ISBN: 978-3-030-90370-1
eBook Packages: Computer ScienceComputer Science (R0)