Skip to main content
SpringerLink
Log in

GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats

  • Conference paper
  • First Online:
Decision and Game Theory for Security (GameSec 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9996))

Included in the following conference series:

Abstract

We present a dynamic game framework to model and design defense strategies for advanced persistent threats (APTs). The model is based on a sequence of nested finite two-person zero-sum games, in which the APT is modeled as the attempt to get through multiple protective shells of a system towards conquering the target located in the center of the infrastructure. In each stage, a sub-game captures the attack and defense interactions between two players, and its outcome determines the security level and the resilience against penetrations as well as the structure of the game in the next stage. By construction, interdependencies between protections at multiple stages are automatically accounted for by the dynamic game. The game model provides an analysis and design framework to develop effective protective layers and strategic defense-in-depth strategies against APTs. We discuss a few closed form solutions of our sequential APT-games, upon which design problems can be formulated to optimize the quality of security (QoS) across several layers. Numerical experiments are conducted in this work to corroborate our results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zhu, Q., Saad, W., Han, Z., Poor, H.V., Başar, T.: Eavesdropping and jamming in next-generation wireless networks: a game-theoretic approach. In: MILCOM 2011 Military Communications Conference, pp. 119–124 (2011)

    Google Scholar 

  2. Conti, M., Di Pietro, R., Mancini, L.V., Mei, A.: Emergent properties: detection of the node-capture attack in mobile wireless sensor networks. In: Proceedings of WiSec 2008, pp. 214–219. ACM (2008)

    Google Scholar 

  3. Zhu, Q., Bushnell, L., Başar, T.: Game-theoretic analysis of node capture and cloning attack with multiple attackers in wireless sensor networks. In: Proceedings of IEEE CDC (2012)

    Google Scholar 

  4. Shree, R., Khan, R.: Wormhole attack in wireless sensor network. Int. J. Comput. Netw. Commun. Secur. 2(1), 22–26 (2014)

    Google Scholar 

  5. Xu, Z., Zhu, Q.: Secure and resilient control design for cloud enabled networked control systems. In: Proceedings of CPS-SPC 2015, pp. 31–42. ACM, New York (2015)

    Google Scholar 

  6. Zhu, Q., Başar, T.: Game-theoretic methods for robustness, security, and resilience of cyberphysical control systems: games-in-games principle for optimal cross-layer resilient control systems. IEEE Control Syst. 35(1), 46–65 (2015)

    Article  MathSciNet  Google Scholar 

  7. Miao, F., Zhu, Q.: A moving-horizon hybrid stochastic game for secure control of cyber-physical systems. In: Proceedings of IEEE CDC, pp. 517–522, December 2014

    Google Scholar 

  8. Zhu, Q., Bushnell, L., Başar, T.: Resilient distributed control of multi-agent cyber-physical systems. In: Tarraf, C.D. (ed.) Control of Cyber-Physical Systems. LNCS, vol. 449, pp. 301–316. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  9. Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: Flipit: The game of “stealthy takeover”. J. Cryptol. 26(4), 655–713 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  10. Pawlick, J., Farhang, S., Zhu, Q.: Flip the cloud: cyber-physical signaling games in the presence of advanced persistent threats. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 289–308. Springer, Heidelberg (2015). doi:10.1007/978-3-319-25594-1_16

    Chapter  Google Scholar 

  11. Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 25 (2013)

    Article  MATH  Google Scholar 

  12. Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): oving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security. Springer, New York (2011)

    Google Scholar 

  13. Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense II - Application of Game Theory and Adversarial Modeling. Advances in Information Security, vol. 100. Springer, New York (2013)

    Google Scholar 

  14. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 272–280. ACM, New York (2003)

    Google Scholar 

  15. Al-Shaer, E.: Toward network configuration randomization for moving target defense. In: Jajodia, S., Ghosh, K.A., Swarup, V., Wang, C., Wang, S.X. (eds.) Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54, pp. 153–159. Springer, New York (2011)

    Chapter  Google Scholar 

  16. Jafarian, J.H., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, HotSDN 2012, pp. 127–132. ACM, New York (2012)

    Google Scholar 

  17. Al-Shaer, E., Duan, Q., Jafarian, J.H.: Random host mutation for moving target defense. In: Keromytis, A.D., Pietro, R. (eds.) SecureComm 2012. LNICSSITE, vol. 106, pp. 310–327. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36883-7_19

    Chapter  Google Scholar 

  18. McQueen, M.A., Boyer, W.F.: Deception used for cyber defense of control systems. In: 2nd Conference on Human System Interactions, pp. 624–631, May 2009

    Google Scholar 

  19. Zhuang, J., Bier, V.M., Alagoz, O.: Modeling secrecy and deception in a multiple-period attackerdefender signaling game. Eur. J. Oper. Res. 203(2), 409–418 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  20. Pawlick, J., Zhu, Q.: Deception by design: evidence-based signaling games for network defense. CoRR abs/1503.05458 (2015)

    Google Scholar 

  21. Ammann, P.E., Knight, J.C.: Data diversity: an approach to software fault tolerance. IEEE Trans. Comput. 37(4), 418–425 (1988)

    Article  Google Scholar 

  22. Dalton, M., Kannan, H., Kozyrakis, C.: Raksha: a flexible information flow architecture for software security. SIGARCH Comput. Archit. News 35(2), 482–493 (2007)

    Article  Google Scholar 

  23. Chen, P., Kataria, G., Krishnan, R.: Software diversity for information security. In: WEIS (2005)

    Google Scholar 

  24. International Standards Organisation (ISO): ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements (2013). http://www.iso.org/iso/iso27001. Accessed 11 Apr 2016

Download references

Acknowledgments

This work is partially supported by the grant CNS-1544782 from National Science Foundation, as well as by the European Commission’s Project No. 608090, HyRiM (Hybrid Risk Management for Utility Networks) under the 7th Framework Programme (FP7-SEC-2013-1).

Author information

Authors and Affiliations

  1. Institute of Applied Informatics, System Security Group, Universität Klagenfurt, Klagenfurt, Austria

    Stefan Rass

  2. Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University, Brooklyn, NY, 11201, USA

    Quanyan Zhu

Authors
  1. Stefan Rass
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Quanyan Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Quanyan Zhu .

Editor information

Editors and Affiliations

  1. New York University , New York, New York, USA

    Quanyan Zhu

  2. The University of Melbourne , Melbourne, Victoria, Australia

    Tansu Alpcan

  3. University of Brighton , Brighton, United Kingdom

    Emmanouil Panaousis

  4. University of Southern California , Los Angeles, California, USA

    Milind Tambe

  5. Carnegie Mellon University , Pittsburgh, New York, USA

    William Casey

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Rass, S., Zhu, Q. (2016). GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds) Decision and Game Theory for Security. GameSec 2016. Lecture Notes in Computer Science(), vol 9996. Springer, Cham. https://doi.org/10.1007/978-3-319-47413-7_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47413-7_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47412-0

  • Online ISBN: 978-3-319-47413-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation