Abstract
Zero-day attacks pose a serious threat to the government agencies and companies. To get better protection of the internet infrastructure, it is very important for the defenders to analyze the behavior of attackers who exploit the zero-day vulnerabilities and predict their attack timing. For attackers, when to exploit the zero-day vulnerability means a tough tradeoff between profit and risk: If the attackers exploit too soon, they may get limited profits; too late, they may suffer the higher risk of being found before the attack. To help defenders make a better prediction, this paper computes the optimal timing from the perspective of attackers. We use an evolutionary game to estimate the risk of being found and then chooses the optimal timing based on the risk and profit. In detail, we design a learning strategy to deal with individual differences among multi-attackers, and use spatial structure to model the evolutionary process. The experiment results show the efficiency of this approach.
This work was supported by the National Key R&D Program of China (No. 2016YFB0800702), and NSFC General Projects (No. 61672515).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
Baidu is the predominant search engine in China.
References
Al-Jarrah, O., Arafat, A.: Network intrusion detection system using attack behavior classification. In: 2014 5th International Conference on Information and Communication Systems (ICICS), pp. 1–6. IEEE (2014)
Allodi, L., Massacci, F.: Comparing vulnerability severity and exploits using case-control studies. ACM Trans. Inf. Syst. Secur. (TISSEC) 17(1), 1 (2014)
Allodi, L., Massacci, F., Williams, J.M.: The work-averse cyber attacker model: theory and evidence from two million attack signatures, 27 June 2017. https://ssrn.com/abstract=2862299
Arbaugh, W.A., Fithen, W.L., McHugh, J.: Windows of vulnerability: a case study analysis. Computer 33(12), 52–59 (2000)
Avasarala, B.R., Day, J.C., Steiner, D., et al.: System and method for automated machine-learning, zero-day malware detection, US Patent 9,292,688, 22 March 2016
Axelrod, R., Iliev, R.: Timing of cyber conflict. Proc. Natl. Acad. Sci. 111(4), 1298–1303 (2014)
Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833–844. ACM (2012)
Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 105–114. ACM (2010)
Dumitraş, T.: Understanding the vulnerability lifecycle for risk assessment and defense against sophisticated cyber attacks. In: Jajodia, S., Shakarian, P., Subrahmanian, V.S., Swarup, V., Wang, C. (eds.) Cyber Warfare, vol. 56, pp. 265–285. Springer, Cham (2015). doi:10.1007/978-3-319-14039-1_13
Ekelhart, A., Kiesling, E., Grill, B., Strauss, C., Stummer, C.: Integrating attacker behavior in it security analysis: a discrete-event simulation approach. Inf. Technol. Manage. 16(3), 221–233 (2015)
Guo, H., Wang, X., Cheng, H., Huang, M.: A routing defense mechanism using evolutionary game theory for delay tolerant networks. Appl. Soft Comput. 38, 469–476 (2016)
Jiang, G., Shen, S., Hu, K., Huang, L., Li, H., Han, R.: Evolutionary game-based secrecy rate adaptation in wireless sensor networks. Int. J. Distrib. Sens. Netw. 11(3), 975454:1–975454:13 (2015)
Liang, X., Xiao, Y., et al.: Game theory for network security. IEEE Commun. Surv. Tutor. 15(1), 472–486 (2013)
Mishra, A., Gupta, B.: Hybrid solution to detect and filter zero-day phishing attacks. In: Proceedings of the Second International Conference on Emerging Research in Computing, Information, Communication and Applications, pp. 373–379 (2014)
Mitchell, R., Chen, R.: Adaptive intrusion detection of malicious unmanned air vehicles using behavior rule specifications. IEEE Trans. Syst. Man Cybern. Syst. 44(5), 593–604 (2014)
Mitra, S., Ransbotham, S.: Information disclosure and the diffusion of information security attacks. Inf. Syst. Res. 26(3), 565–584 (2015)
Nayak, K., Marino, D., Efstathopoulos, P., Dumitraş, T.: Some vulnerabilities are different than others. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 426–446. Springer, Cham (2014). doi:10.1007/978-3-319-11379-1_21
Niyato, D., Wang, P., Kim, D.I., Han, Z., Xiao, L.: Game theoretic modeling of jamming attack in wireless powered communication networks. In: 2015 IEEE International Conference on Communications (ICC), pp. 6018–6023. IEEE (2015)
Ruan, N., Gao, L., Zhu, H., Jia, W., Li, X., Hu, Q.: Toward optimal dos-resistant authentication in crowdsensing networks via evolutionary game. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 364–373. IEEE (2016)
Shahzad, M., Shafiq, M.Z., Liu, A.X.: A large scale exploratory analysis of software vulnerability life cycles. In: Proceedings of the 34th International Conference on Software Engineering, pp. 771–781. IEEE Press (2012)
Tosh, D., Sengupta, S., Kamhoua, C., Kwiat, K., Martin, A.: An evolutionary game-theoretic framework for cyber-threat information sharing. In: 2015 IEEE International Conference on Communications (ICC), pp. 7341–7346. IEEE (2015)
Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Depend. Secur. Comput. 11(1), 30–44 (2014)
Wang, L., Zhang, M., Jajodia, S., Singhal, A., Albanese, M.: Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 494–511. Springer, Cham (2014). doi:10.1007/978-3-319-11212-1_28
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Sun, Y., Yin, L., Guo, Y., Li, F., Fang, B. (2017). Optimally Selecting the Timing of Zero-Day Attack via Spatial Evolutionary Game. In: Ibrahim, S., Choo, KK., Yan, Z., Pedrycz, W. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2017. Lecture Notes in Computer Science(), vol 10393. Springer, Cham. https://doi.org/10.1007/978-3-319-65482-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-65482-9_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65481-2
Online ISBN: 978-3-319-65482-9
eBook Packages: Computer ScienceComputer Science (R0)