Abstract
The static nature of computer networks allows malicious attackers to easily gather useful information about the network using network scanning and packet sniffing. The employment of secure perimeter firewalls and intrusion detection systems cannot fully protect the network from sophisticated attacks. As an alternative to the expensive and imperfect detection of attacks, it is possible to improve network security by manipulating the attack surface of the network in order to create a moving target defense. In this paper, we introduce a proactive defense scheme that dynamically alters the attack surface of the network to make it difficult for attackers to gather system information by increasing complexity and reducing its signatures. We use concepts from systems and control literature to design an optimal and efficient multi-stage defense mechanism based on a feedback information structure. The change of attack surface involves a reconfiguration cost and a utility gain resulting from risk reduction. We use information- and control-theoretic tools to provide closed-form optimal randomization strategies. The results are corroborated by a case study and several numerical examples.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bowers, K.D., van Dijk, M., Griffin, R., Juels, A., Oprea, A., Rivest, R.L., Triandopoulos, N.: Defending against the unknown enemy: Applying FlipIt to system security. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 248–263. Springer, Heidelberg (2012)
Department of Energy, “Control systems cyber security: defense in depth strategies,” External Report # INL/EXT-06-11478, http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/Defense_in_Depth_Strategies.pdf
Zhu, Q., Başar, T.: A hierarchical security architecture for the smart grid. In: Hossain, E., Han, Z., Poor, H.V. (eds.) Smart Grid Communications and Networking, Cambridge University Press (2012)
Byres, E., Ginter, A., Langill, J.: “How Stuxnet spreads – A study of infection paths in best practice systems,” White Paper, Tofino Security (February 22, 2011)
Falliere, N., Murchu, L.O., Chien, E.: “W32. Stuxnet Dossier,” Symantec Reports (February 2011)
Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. on Software Engineering 37(3), 371–386 (2011)
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. In: Advances in Information Security. Springer (2011)
Jajodia, S., Ghosh, S.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense II: Application of Game Theory and Adversarial Modeling. In: Advances in Information Security. Springer (2012)
Poolsappasit, N., Dewri, R., Ray, I.: Dynamic Security Risk Management Using Bayesian Attack Graphs. IEEE Transactions on Dependable and Secure Computing 9(1), 61–74 (2012)
Ten, C.-W., Liu, C.-C., Manimaran, G.: Vulnerability assessment of cybersecurity for SCADA systems using attack trees. In: Proc. IEEE Power Eng. Soc. Gen. Meeting, Tampa, FL, June 24-28, pp. 1–8 (2007)
Fudenberg, D., Levine, D.K.: The Theory of Learning in Games. The MIT Press (1998)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), New York, NY, USA, pp. 272–280 (2003)
Neti, S., Somayaji, A., Locasto, M.E.: Software diversity: security, entropy and game theory. In: Proceedings of the 7th USENIX Conference on Hot Topics in Security, HotSec 2012 (2012)
Manshaei, M.H., Zhu, Q., Alpcan, T., Başar, T., Hubaux, J.-P.: Game theory meets network security and privacy. ACM Computing Survey 45(3), 25:1–25:39 (2013)
Zhu, Q., Tembine, H., Başar, T.: Hybrid learning in stochastic games and its applications in network security. In: Lewis, F., Liu, D. (eds.) Reinforcement Learning and Approximate Dynamic Programming for Feedback Control, ch. 14. Computational Intelligence Series, pp. 305–329. IEEE Press, Wiley (2013)
Zhu, Q., Tembine, H., Başar, T.: Distributed strategic learning with application to network security. In: Proc. 2011 American Control Conference (ACC 2011), San Francisco, CA, June 29-July 1, pp. 4057–4062 (2011)
Zhu, Q., Tembine, H., Başar, T.: Heterogeneous learning in zero-sum stochastic games with incomplete information. In: Proc. 49th IEEE Conference on Decision and Control (CDC 2010), Atlanta, Georgia, December 15-17, pp. 219–224 (2010)
Zhu, Q., Clark, A., Poovendran, R., Başar, T.: Deceptive routing games. In: Proc. 51st IEEE Conference on Decision and Control (CDC 2012), Maui, Hawaii, Deccember 10-13 (2012)
Başar, T., Olsder, G.J.: Dynamic Noncooperative Game Theory. SIAM Series in Classics in Applied Mathematics (January 1999)
Zhu, Q., Başar, T.: Dynamic policy-based IDS configuration. In: Proc. 48th IEEE Conference on Decision and Control (CDC 2009), Shanghai, China, December 16-18 (2009)
Clark, A., Zhu, Q., Poovendran, R., Başar, T.: An impact-aware defense against Stuxnet. In: Proc. 2013 American Control Conference (ACC 2013), Washington, DC, June 17-19, pp. 4146–4153 (2013)
Zhu, Q., Clark, A., Poovendran, R., Başar, T.: Deceptive routing games. In: Proc. 51st IEEE Conference on Decision and Control (CDC 2012), Maui, Hawaii, December 10-13, pp. 2704–2711 (2012)
Clark, A., Zhu, Q., Poovendran, R., Başar, T.: Deceptive routing in relay networks. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 171–185. Springer, Heidelberg (2012)
Sandholm, W.H.: Excess payoff dynamics and other well-behaved evolutionary dynamics. Journal of Economic Theory 124(2), 149–170 (2005)
Weibull, J.W.: Evolutionary game theory. MIT Press (1997)
Zhu, Q., Başar, T.: “Feedback-Driven Multi-Stage Moving Target Defense”, CSL Technical Report
Borkar, V.S.: Stochastic approximation: A dynamical systems viewpoint. Cambridge University Press (2008)
Franklin, G.F., Powell, D.J., Emami-Naeini, A.: Feedback Control of Dynamic Systems, 5th edn. Prentice Hall PTR, Upper Saddle River (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhu, Q., Başar, T. (2013). Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense. In: Das, S.K., Nita-Rotaru, C., Kantarcioglu, M. (eds) Decision and Game Theory for Security. GameSec 2013. Lecture Notes in Computer Science, vol 8252. Springer, Cham. https://doi.org/10.1007/978-3-319-02786-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-02786-9_15
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-02785-2
Online ISBN: 978-3-319-02786-9
eBook Packages: Computer ScienceComputer Science (R0)