Abstract
We present a dynamic game framework to model and design defense strategies for advanced persistent threats (APTs). The model is based on a sequence of nested finite two-person zero-sum games, in which the APT is modeled as the attempt to get through multiple protective shells of a system towards conquering the target located in the center of the infrastructure. In each stage, a sub-game captures the attack and defense interactions between two players, and its outcome determines the security level and the resilience against penetrations as well as the structure of the game in the next stage. By construction, interdependencies between protections at multiple stages are automatically accounted for by the dynamic game. The game model provides an analysis and design framework to develop effective protective layers and strategic defense-in-depth strategies against APTs. We discuss a few closed form solutions of our sequential APT-games, upon which design problems can be formulated to optimize the quality of security (QoS) across several layers. Numerical experiments are conducted in this work to corroborate our results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhu, Q., Saad, W., Han, Z., Poor, H.V., Başar, T.: Eavesdropping and jamming in next-generation wireless networks: a game-theoretic approach. In: MILCOM 2011 Military Communications Conference, pp. 119–124 (2011)
Conti, M., Di Pietro, R., Mancini, L.V., Mei, A.: Emergent properties: detection of the node-capture attack in mobile wireless sensor networks. In: Proceedings of WiSec 2008, pp. 214–219. ACM (2008)
Zhu, Q., Bushnell, L., Başar, T.: Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks. In: Proceedings of IEEE CDC (2012)
Shree, R., Khan, R.: Wormhole attack in wireless sensor network. Int. J. Comput. Netw. Commun. Secur. 2(1), 22–26 (2014)
Xu, Z., Zhu, Q.: Secure and resilient control design for cloud enabled networked control systems. In: Proceedings of CPS-SPC 2015, pp. 31–42. ACM, New York (2015)
Zhu, Q., Başar, T.: Game-theoretic methods for robustness, security, and resilience of cyberphysical control systems: games-in-games principle for optimal cross-layer resilient control systems. IEEE Control Syst. 35(1), 46–65 (2015)
Miao, F., Zhu, Q.: A moving-horizon hybrid stochastic game for secure control of cyber-physical systems. In: Proceedings of IEEE CDC, pp. 517–522, December 2014
Zhu, Q., Bushnell, L., Başar, T.: Resilient distributed control of multi-agent cyber-physical systems. In: Tarraf, C.D. (ed.) Control of Cyber-Physical Systems. LNCS, vol. 449, pp. 301–316. Springer, Heidelberg (2013)
Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: Flipit: The game of “stealthy takeover”. J. Cryptol. 26(4), 655–713 (2013)
Pawlick, J., Farhang, S., Zhu, Q.: Flip the cloud: cyber-physical signaling games in the presence of advanced persistent threats. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 289–308. Springer, Heidelberg (2015). doi:10.1007/978-3-319-25594-1_16
Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 25 (2013)
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): oving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security. Springer, New York (2011)
Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense II - Application of Game Theory and Adversarial Modeling. Advances in Information Security, vol. 100. Springer, New York (2013)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 272–280. ACM, New York (2003)
Al-Shaer, E.: Toward network configuration randomization for moving target defense. In: Jajodia, S., Ghosh, K.A., Swarup, V., Wang, C., Wang, S.X. (eds.) Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54, pp. 153–159. Springer, New York (2011)
Jafarian, J.H., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, HotSDN 2012, pp. 127–132. ACM, New York (2012)
Al-Shaer, E., Duan, Q., Jafarian, J.H.: Random host mutation for moving target defense. In: Keromytis, A.D., Pietro, R. (eds.) SecureComm 2012. LNICSSITE, vol. 106, pp. 310–327. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36883-7_19
McQueen, M.A., Boyer, W.F.: Deception used for cyber defense of control systems. In: 2nd Conference on Human System Interactions, pp. 624–631, May 2009
Zhuang, J., Bier, V.M., Alagoz, O.: Modeling secrecy and deception in a multiple-period attackerdefender signaling game. Eur. J. Oper. Res. 203(2), 409–418 (2010)
Pawlick, J., Zhu, Q.: Deception by design: evidence-based signaling games for network defense. CoRR abs/1503.05458 (2015)
Ammann, P.E., Knight, J.C.: Data diversity: an approach to software fault tolerance. IEEE Trans. Comput. 37(4), 418–425 (1988)
Dalton, M., Kannan, H., Kozyrakis, C.: Raksha: a flexible information flow architecture for software security. SIGARCH Comput. Archit. News 35(2), 482–493 (2007)
Chen, P., Kataria, G., Krishnan, R.: Software diversity for information security. In: WEIS (2005)
International Standards Organisation (ISO): ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements (2013). http://www.iso.org/iso/iso27001. Accessed 11 Apr 2016
Acknowledgments
This work is partially supported by the grant CNS-1544782 from National Science Foundation, as well as by the European Commission’s Project No. 608090, HyRiM (Hybrid Risk Management for Utility Networks) under the 7th Framework Programme (FP7-SEC-2013-1).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Rass, S., Zhu, Q. (2016). GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds) Decision and Game Theory for Security. GameSec 2016. Lecture Notes in Computer Science(), vol 9996. Springer, Cham. https://doi.org/10.1007/978-3-319-47413-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-47413-7_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47412-0
Online ISBN: 978-3-319-47413-7
eBook Packages: Computer ScienceComputer Science (R0)