Abstract
Stealthy attacks are a major threat to cyber security. In practice, both attackers and defenders have resource constraints that could limit their capabilities. Hence, to develop robust defense strategies, a promising approach is to utilize game theory to understand the fundamental trade-offs involved. Previous works in this direction, however, mainly focus on the single-node case without considering strict resource constraints. In this paper, a game-theoretic model for protecting a system of multiple nodes against stealthy attacks is proposed. We consider the practical setting where the frequencies of both attack and defense are constrained by limited resources, and an asymmetric feedback structure where the attacker can fully observe the states of nodes while largely hiding its actions from the defender. We characterize the best response strategies for both attacker and defender, and study the Nash Equilibria of the game. We further study a sequential game where the defender first announces its strategy and the attacker then responds accordingly, and design an algorithm that finds a nearly optimal strategy for the defender to commit to.
This work has been funded by QNRF fund NPRP 5-559-2-227.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
The terms “components” and “nodes” are interchangeable in this paper.
- 2.
There are also Type 2 NE, which are omitted for the sake of clarify.
References
Advanced persistent threat. http://en.wikipedia.org/wiki/Advanced_persistent_threat
ESET and Sucuri Uncover Linux/Cdorked.A: The Most Sophisticated Apache Backdoor (2013). http://www.eset.com/int/about/press/articles/article/eset-and-sucuri-uncover-linuxcdorkeda-apache-webserver-backdoor-the-most-sophisticated-ever-affecting-thousands-of-web-sites/
Coviello, A.: Open letter to RSA customers, 17 March 2011. http://www.rsa.com/node.aspx?id=3872
Alpcan, T., Başar, T.: Network Security: A Decision and Game-Theoretic Approach. Cambridge University Press, Cambridge (2010)
Anderson, R.: Why information security is hard - an economic perspective. In: Proceedings of ACSAC (2001)
Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: The cousins of stuxnet: duqu, flame, and gauss. Future Internet 4, 971–1003 (2012)
Bowers, K.D., Dijk, M.E.V., Juels, A., Oprea, A.M., Rivest, R.L., Triandopoulos, N.: Graph-based approach to deterring persistent security threats. US Patent 8813234 (2014)
Bowers, K.D., van Dijk, M., Griffin, R., Juels, A., Oprea, A., Rivest, R.L., Triandopoulos, N.: Defending against the unknown enemy: applying flipIt to system security. In: Walrand, J., Grossklags, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 248–263. Springer, Heidelberg (2012)
Buttyan, L., Hubaux, J.-P.: Security and Cooperation in Wireless Networks: Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing. Cambridge University Press, New York (2007)
Gueye, A., Marbukh, V., Walrand, J.C.: Towards a metric for communication network vulnerability to attacks: a game theoretic approach. In: Krishnamurthy, V., Zhao, Q., Huang, M., Wen, Y. (eds.) GameNets 2012. LNICST, vol. 105, pp. 259–274. Springer, Heidelberg (2012)
Kearns, M., Ortiz, L.E.: Algorithms for interdependent security games. In: Proceedings of NIPS (2003)
Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. Nash in security games: an extended investigation of interchangeability, equivalence, and uniqueness. J. Artif. Intell. Res. 41, 297–327 (2011)
Kunreuther, H., Heal, G.: Interdependent security. J. Risk Uncertainty 26(2–3), 231–249 (2003)
Laszka, A., Horvath, G., Felegyhazi, M., Buttyán, L.: Flipthem: modeling targeted attacks with flipit for multiple. In: Saad, W., Poovendran, R. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 175–194. Springer, Heidelberg (2014)
Laszka, A., Johnson, B., Grossklags, J.: Mitigating covert compromises: a game-theoretic model of targeted and non-targeted covert attacks. In: Chen, Y., Immorlica, N. (eds.) WINE 2013. LNCS, vol. 8289, pp. 319–332. Springer, Heidelberg (2013)
Manshaei, M.H., Zhu, Q., Alpcan, T., Başar, T.: Game theory meets network security and privacy. ACM Comput. Surv. (2012)
Moore, T., Anderson, R.: Economics and internet security: a survey of recent analytical, empirical and behavioral research (2011). ftp://ftp.deas.harvard.edu/techreports/tr-03-11.pdf
Osborne, M.J., Rubinstein, A.: A Course in Game Theory. The MIT Press, Cambridge (1994)
Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems. Cambridge University Press, New York (2011)
van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: the game of “Stealthy Takeover". J. Cryptology 26(4), 655–713 (2013)
Zhang, M., Zheng, Z., Shroff, N.B.: A game theoretic model for defending against stealthy attacks with limited resources. Tehnical Report. http://arxiv.org/abs/1508.01950
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, M., Zheng, Z., Shroff, N.B. (2015). A Game Theoretic Model for Defending Against Stealthy Attacks with Limited Resources. In: Khouzani, M., Panaousis, E., Theodorakopoulos, G. (eds) Decision and Game Theory for Security. GameSec 2015. Lecture Notes in Computer Science(), vol 9406. Springer, Cham. https://doi.org/10.1007/978-3-319-25594-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-25594-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25593-4
Online ISBN: 978-3-319-25594-1
eBook Packages: Computer ScienceComputer Science (R0)