Skip to main content
SpringerLink
Log in
Book cover

International Conference on Decision and Game Theory for Security

GameSec 2012: Decision and Game Theory for Security pp 118–137Cite as

Using Signaling Games to Model the Multi-step Attack-Defense Scenarios on Confidentiality

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7638))

Abstract

In the multi-step attack-defense scenarios (MSADSs), each rational player (the attacker or the defender) tries to maximize his payoff, but the uncertainty about his opponent prevents him from taking the suitable actions. The defender doesn’t know the attacker’s target list, and may deploy unnecessary but costly defenses to protect machines not in the target list. Similarly, the attacker doesn’t know the deployed protections, and may spend lots of time and effort on a well-protected machine. We develop a repeated two-way signaling game to model the MSADSs on confidentiality, and show how to find the actions maximizing the expected payoffs through the equilibrium. In the proposed model, on receiving each intrusion detection system alert (i.e., a signal), the defender follows the equilibrium to gradually reduce the uncertainty about the attacker’s targets and calculate the defenses maximizing his expected payoff.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alpcan, T., Basar, T.: A game theoretic approach to decision and analysis in network intrusion detection. In: IEEE Conference on Decision and Control (CDC), pp. 2595–2600 (2003)

    Google Scholar 

  2. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: ACM Conference on Computer Communications Security (CCS), pp. 217–224 (2002)

    Google Scholar 

  3. Beckery, S., Seibert, J., et al.: Applying game theory to analyze attacks and defenses in virtual coordinate systems. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 133–144 (2011)

    Google Scholar 

  4. Bohme, R., Moore, T.: The iterated weakest link: A model of adaptive security investment. In: Workshop on Economics of Information Security (WEIS) (2009)

    Google Scholar 

  5. Cheung, S., Lindqvist, U., Fong, M.: Modeling multistep cyber attacks for scenario recognition. In: DARPA Information Survivability Conference and Exposition (DISCEX), pp. 284–292 (2003)

    Google Scholar 

  6. Estiri, M., Khademzadeh, A.: A theoretical signaling game model for intrusion detection in wireless sensor networks. In: International Telecommunications Network Strategy and Planning Symposium (Networks), pp. 1–6 (2010)

    Google Scholar 

  7. Fultz, N., Grossklags, J.: Blue versus Red: Towards a Model of Distributed Security Attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Gibbons, R.: Game Theory for Applied Economists. Princeton Press (1992)

    Google Scholar 

  9. Khouzani, M., Sarkar, S., Altman, E.: A dynamic game solution to malware attack. In: IEEE INFOCOM, pp. 2138–2146 (2011)

    Google Scholar 

  10. Li, F., Yang, Y., Wu, J.: Attack and flee: Game-theory-based analysis on interactions among nodes in MANETs. IEEE Transactions on Systems, Man and Cybernetics - Part B: Cybernetics 40(3), 612–622 (2010)

    Article  MathSciNet  Google Scholar 

  11. Liu, P., Zang, W.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. In: ACM Conference on Computer Communications Security (CCS), pp. 179–189 (2003)

    Google Scholar 

  12. Liu, Y., Comaniciu, C., Man, H.: A Bayesian game approach for intrusion detection in wireless ad hoc networks. In: International Workshop on Game Theory for Communications and Networks (GameNets), pp. 3–14 (2006)

    Google Scholar 

  13. Luo, Y., Szidarovszky, F., et al.: Game theory based network security. Journal of Information Security 1(1), 41–44 (2010)

    Article  Google Scholar 

  14. Lye, K., Wing, J.: Game strategies in network security (extended abstract). In: IEEE Computer Security Foundations Workshop (CSFW), pp. 2–11 (2002)

    Google Scholar 

  15. Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system (version 2.0). Forum of Incident Response and Security Teams (2007)

    Google Scholar 

  16. National Institute of Standards and Technology, USA. National vulnerability database (2010), http://nvd.nist.gov/home.cfm

  17. Nguyen, K., Alpcan, T., Basar, T.: Security games with incomplete information. In: IEEE International Conference on Communications (ICC), pp. 714–719 (2009)

    Google Scholar 

  18. Ning, P., Cui, Y., Reeves, D.: Constructing attack scenarios through correlation of intrusion alerts. In: ACM Conference on Computer Communications Security (CCS), pp. 245–254 (2002)

    Google Scholar 

  19. Noel, S., Jajodia, S., et al: Efficient minimum-cost network hardening via exploit dependency graphs. In: Annual Computer Security Applications Conference (ACSAC), pp. 86–95 (2003)

    Google Scholar 

  20. Ou, X., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: ACM Conference on Computer Communications Security (CCS), pp. 336–345 (2006)

    Google Scholar 

  21. Patcha, A., Park, J.-M.: A game theoretic approach to modeling intrusion detection in mobile ad hoc networks. In: IEEE Workshop on Information Assurance and Security, pp. 1555–1559 (2004)

    Google Scholar 

  22. Sallhammar, K., Helvik, B., Knapskog, S.: On stochastic modeling for integrated security and dependability evaluation. Journal of Networks 1(5), 31–42 (2006)

    Article  Google Scholar 

  23. Schiffman, M., Eschelbeck, G., et al.: CVSS: A common vulnerability scoring system. National Infrastructure Advisory Council (2004)

    Google Scholar 

  24. Shen, D., Chen, G., et al.: Adaptive Markov game theoretic data fusion approach for cyber network defense. In: IEEE Military Communications Conference (MILCOM), pp. 1–7 (2007)

    Google Scholar 

  25. Sheyner, O., Haines, J., et al.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy (S&P), pp. 254–265 (2002)

    Google Scholar 

  26. Valeur, F., Vigna, G., et al.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 1(3), 146–169 (2004)

    Article  Google Scholar 

  27. Wang, W., Chatterjee, M., Kwiat, K.: Coexistence with malicious nodes: A game theoretic approach. In: ICST International Conference on Game Theory for Networks (GameNets), pp. 277–286 (2009)

    Google Scholar 

  28. Xie, P., Li, J., et al.: Using Bayesian networks for cyber security analysis. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 211–220 (2010)

    Google Scholar 

  29. Zhang, Z., Ho, P.-H.: Janus: A dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks. Journal of Network and Computer Applications 32(3), 710–720 (2009)

    Article  Google Scholar 

  30. Zhu, Q., Basar, T.: Dynamic policy-based IDS configuration. In: IEEE Conference on Decision and Control (CDC), pp. 8600–8605 (2009)

    Google Scholar 

  31. Zonouz, S., Khurana, H., et al.: RRE: A game-theoretic intrusion response and recovery engine. In: IEEE/IFIP Conference on Dependable Systems and Networks (DSN), pp. 439–448 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Lab of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100195, China

    Jingqiang Lin & Jiwu Jing

  2. College of Information Sciences and Technology, Pennsylvania State University, University Park, PA, 16802, USA

    Peng Liu

Authors
  1. Jingqiang Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiwu Jing
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Information Sciences and Technology, The Pennsylvania State University, 329A Information Sciences and Technology Building, 16802, University Park,, PA, USA

    Jens Grossklags

  2. Department of Electrical Engineering and Computer Sciences, University of California, 257M Cory Hall, 94720, Berkeley, CA, USA

    Jean Walrand

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lin, J., Liu, P., Jing, J. (2012). Using Signaling Games to Model the Multi-step Attack-Defense Scenarios on Confidentiality. In: Grossklags, J., Walrand, J. (eds) Decision and Game Theory for Security. GameSec 2012. Lecture Notes in Computer Science, vol 7638. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34266-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34266-0_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34265-3

  • Online ISBN: 978-3-642-34266-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation