Abstract
Cyber adversaries employ a variety of malware and exploit to attack computer systems. Despite the prevalence of markets for malware and exploit kits, existing paradigms that model such cyber-adversarial behaviour do not account for sequential application or “chaining” of attacks, that take advantage of the complex and interdependent nature of exploits and vulnerabilities. As a result, it is challenging for security professionals to develop defensive-strategies against threats of this nature. This chapter takes the first steps toward addressing this need, based on a framework that allows for the modelling of sequential cyber-attacks on computer systems, taking into account complex interdependencies between vulnerabilities and exploits. The framework identifies the overall set of capabilities gained by an attacker through the convergence of a simple fixed-point operator. We then turn our attention to the problem of determining the optimal/most effective strategy (with respect to this model) that the defender can use to block the attacker from gaining certain capabilities and find it to be an NP-complete problem. To address this complexity, we utilize an A*-based approach and develop an admissible heuristic. We provide an implementation and show through a suite of experiments using actual vulnerability data that this method performs well in practice for identifying defensive courses of action in this domain.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Shakarian P, Shakarian J (2016) Considerations for the development of threat prediction in the cyber domain. In: AAAI-16 workshop on artificial intelligence for cyber security
Robertson J, Diab A, Marin E, Nunes E, Paliath V, Shakarian J, Shakarian P (2016) Darknet mining and game theory for enhanced cyber threat intelligence. Cyber Def Rev 1(2)
Robertson JJ, Paliath V, Shakarian J, Thart A, Shakarian P (2016) Data driven game theoretic cyber threat mitigation. Innov Appl Artif Intell 28
Shim W, Allodi L, Massacci F (2012) Crime pays if you are just an average hacker. In: 2012 international conference on cyber security (CyberSecurity), pp 62–68. https://doi.org/10.1109/CyberSecurity.2012.15
Paliath V, Shakarian P (2016) Modeling cyber-attacks on industrial control systems. In: 2016 IEEE conference on intelligence and security informatics (ISI). IEEE, pp 316–318
Chen TM, Sanchez-Aarnoutse JC, Buford J (2011) Petri net modeling of cyber-physical attacks on smart grid. IEEE Trans Smart Grid 2(4):741–749
Henry MH, Layer RM, Snow KZ, Zaret DR (2009) Evaluating the risk of cyber attacks on scada systems via petri net analysis with application to hazardous liquid loading operations. In: IEEE conference on technologies for homeland security, 2009. HST’09. IEEE, pp 607–614
Paliath V, Shakarian P (2018) Modeling sequential cyber-attacks against computer systems via vulnerability dependencies (submitted)
Shakarian P (2011) Stuxnet: Cyberwar revolution in military affairs. Small Wars J
Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011-37th annual conference on ieee industrial electronics society. IEEE, pp 4490–4494
Falliere N, Murchu LO, Chien E (2011) W32. stuxnet dossier. White paper, Symantec Corp., Security Response, vol 5
Durkota K, Lisy V, Kiekintveld C, Bosansky B (2015) Game-theoretic algorithms for optimal network security hardening using attack graphs. In: Proceedings of the 2015 international conference on autonomous agents and multiagent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp 1773–1774
Vaněk O, Yin Z, Jain M, Bošanskỳ B, Tambe M, Pěchouček M (2012) Game-theoretic resource allocation for malicious packet detection in computer networks. In: Proceedings of the 11th international conference on autonomous agents and multiagent systems-volume 2. International Foundation for Autonomous Agents and Multiagent Systems, pp 905–912
Shakarian P, Lei H, Lindelauf R (2014) Power grid defense against malicious cascading failure. In: Proceedings of the 2014 international conference on autonomous agents and multi-agent systems. International Foundation for Autonomous Agents and Multiagent Systems, pp 813–820
Hayel Y, Zhu Q (2015) Resilient and secure network design for cyber attack-induced cascading link failures in critical infrastructures. In: 2015 49th annual conference on information sciences and systems (CISS). IEEE, pp 1–3
Marrone S, Nardone R, Tedesco A, D’Amore P, Vittorini V, Setola R, De Cillis F, Mazzocca N (2013) Vulnerability modeling and analysis for critical infrastructure protection applications. Int J Crit Infrastruct Prot 6(3):217–227
Flammini F, Gaglione A, Mazzocca N, Pragliola C (2014) Detect: a novel framework for the detection of attacks to critical infrastructures. In: Safety, reliability and risk analysis: theory, methods and applications-proceedings of ESREL08, pp 105–112
Spyridopoulos T, Maraslis K, Tryfonas T, Oikonomou G, Li S (2014) Managing cyber security risks in industrial control systems with game theory and viable system modelling. In: 2014 9th international conference on system of systems engineering (SOSE). IEEE, pp 266–271
Paruchuri P, Pearce JP, Marecki J, Tambe M, Ordonez F, Kraus S (2008) Playing games for security: an efficient exact algorithm for solving bayesian stackelberg games. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems-volume 2. International Foundation for Autonomous Agents and Multiagent Systems, pp 895–902
Pita J, Jain M, Marecki J, Ordóñez F, Portway C, Tambe M, Western C, Paruchuri P, Kraus S (2008) Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport. In: Proceedings of the 7th international joint conference on autonomous agents and multiagent systems: industrial track. International Foundation for Autonomous Agents and Multiagent Systems, pp 125–132
Jain M, Kardes E, Kiekintveld C, Ordónez F, Tambe M (2010) Security games with arbitrary schedules: a branch and price approach. In: AAAI
Okimoto T, Ikegai N, Inoue K, Okada H, Ribeiro T, Maruyama H (2013) Cyber security problem based on multi-objective distributed constraint optimization technique. In: 2013 43rd annual ieee/ifip conference on dependable systems and networks workshop (DSN-W). IEEE, pp 1–7
Alpcan T, Başar T (2010) Network security: a decision and game-theoretic approach. Cambridge University Press, Cambridge
Kusumastuti S, Cui J, Tambe A, John RS, A behavioral game modeling cyber attackers, defenders, and users
Peterson JL (1981) Petri net theory and the modeling of systems
Reisig W (2012) Petri nets: an introduction, vol 4. Springer, Berlin
Finkel A (1993) The minimal coverability graph for petri nets. Advances in petri nets 1993, pp 210–243
Okhravi H, Nicol D (2008) Evaluation of patch management strategies. Int J Comput Intell Theory Pract 3(2):109–117
Abraham S, Nair S (2017) Comparative analysis and patch optimization using the cyber security analytics framework. J Def Model Simulat, 1548512917705743
Miao L, Li S, Wang Z (2018) Optimal dissemination strategy of security patch based on differential game in social network. Wireless Pers Commun 98(1):237–249
Nunes E, Diab A, Gunn A, Marin E, Mishra V, Paliath V, Robertson J, Shakarian J, Thart A, Shakarian P (2016) Darknet and deepnet mining for proactive cybersecurity threat intelligence. arXiv:1607.08583
Acknowledgements
This work was supported by ASU Global Security Initiative (GSI) and the Office of Naval Research (ONR) Neptune program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Paliath, V., Shakarian, P. (2018). Defending Against Chained Cyber-Attacks by Adversarial Agents. In: Parkinson, S., Crampton, A., Hill, R. (eds) Guide to Vulnerability Analysis for Computer Networks and Systems. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-92624-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-92624-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92623-0
Online ISBN: 978-3-319-92624-7
eBook Packages: Computer ScienceComputer Science (R0)