ABSTRACT
Although the ability to model and infer Attacker Intent, Objectives and Strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this paper, we present a general incentive-based method to model AIOS and a game theoretic approach to infer AIOS. On one hand, we found that the concept of incentives can unify a large variety of attacker intents; the concept of utilities can integrate incentives and costs in such a way that attacker objectives can be practically modeled. On the other hand, we developed a game theoretic AIOS formalization which can capture the inherent inter-dependency between AIOS and defender objectives and strategies in such a way that AIOS can be automatically inferred. Finally, we use a specific case study to show how AIOS can be inferred in real world attack-defense scenarios.
- The network simulator ns-2. http://www.isi.edu/nsnam/ns/.Google Scholar
- H. Browne, W. A. Arbaugh, J. McHugh, and W. L. Fithen. A trend analysis of exploitations. In Proc. 2001 IEEE Symposium on Security and Privacy, pages 214--229, May 2001. Google ScholarDigital Library
- R. Browne. C4i defensive infrastructure for survivability against multi-mode attacks. In Proc. 21st Century Military Communications - Architectures and Technologies for Information Superiority, 2000.Google ScholarCross Ref
- D. Buike. Towards a game theory model of information warfare. Technical report, Airforce Institute of Technology, 1999. Master's Thesis.Google Scholar
- E. H. Clarke. Multipart pricing of public goods. Public Choice, 11:17--33, 1971.Google ScholarCross Ref
- V. Conitzer and T. Sandholm. Complexity results about nash equilibria. Technical report, Carnegie Mellon University, 2002. CMU-CS-02-135.Google Scholar
- F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proc. IEEE Symposium on Security and Privacy, 2002. Google ScholarDigital Library
- H. Debar and A. Wespi. Aggregation and correlation of intrusion detection alerts. In Recent Advances in Intrusion Detection, LNCS 2212, pages 85--103. 2001. Google ScholarDigital Library
- J. Feigenbaum, C. Papadimitriou, R. Sami, and S. Shenker. A bgp-based mechanism for lowest-cost routing. In Proc. 21st ACM Symposium on Principles of Distributed Computing, 2002. Google ScholarDigital Library
- A. M. Fink. Equilibrium in a stochastic n-person game. Journal of Science in Hiroshima University, Series A-I, (28):89--93, 1964.Google Scholar
- L. A. Gordon and M. P. Loeb. Using information security as a response to competitor analysis systems. Communications of the ACM, 44(9):70--75, 2001. Google ScholarDigital Library
- T. Groves. Incentives in teams. Econometrica, 41:617--663, 1973.Google ScholarCross Ref
- J. P. Hespanha and S. Bohacek. Preliminary results in routing games. In Proc. 2001 American Control Conference, 2001.Google ScholarCross Ref
- J. Nash. Equilibrium Points in n-Person Games Proceedings of the National Academy of Sciences, 36, 1950.Google Scholar
- J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against ddos attacks. In Proc. 2002 Network and Distributed Systems Security, 2002.Google Scholar
- D. Koller and B. Milch. Multi-agent influence diagrams for representing and solving games. In Proc. 17th International Joint Conference on Artificial Intelligence, 2001. Google ScholarDigital Library
- C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi. A taxonomy of computer program security flaws. ACM Computing Surveys, 26(3), 1994. Google ScholarDigital Library
- P. Liu, S. Jajodia, and C.D. McCollum. Intrusion confinement by isolation in information systems. Journal of Computer Security, 8(4):243--279, 2000. Google ScholarDigital Library
- T.F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405--418, June 1993. Google ScholarDigital Library
- K. Lye and J. M. Wing. Game strategies in network security. In Proc. 15th IEEE Computer Security Foundations Workshop, 2002.Google Scholar
- D. Malkhi and M. K. Reiter. Secure execution of java applets using a remote playground. IEEE Transactions on Software Engineering, 26(12), 2000. Google ScholarDigital Library
- A. Mas-Colell, M. D. Whinston, and J. R. Green. Microeconomic Theory. Oxford University Press, 1 edition, 1995.Google Scholar
- J. McHugh. Intrusion and intrusion detection. International Journal of Information Security, (1):14--35, 2001.Google ScholarDigital Library
- M. Mesterton-Gibbons. An Introduction to Game-Theoretic Modeling. Addison-Wesley Publishing Company, 1992.Google Scholar
- B. Mukherjee, L. T. Heberlein, and K.N. Levitt. Network intrusion detection. IEEE Network, pages 26--41, June 1994.Google ScholarDigital Library
- P. Ning, Y. Cui, and D. S. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In ACM Int'l Conf. on Computer and Communications Security, 2002. Google ScholarDigital Library
- N. Nisan and A. Ronen. Algorithmic mechanism design. Games and Economic Behavior, 35, 2001.Google Scholar
- P. F. Syverson. A different look at secure distributed computation. In Proc. 10th IEEE Computer Security Foundations Workshop, 1997. Google ScholarDigital Library
- F. Thusijsman. Optimality and Equilibria in Stochastic Games. Gentrum voor Wiskunde en Information, Amsterdam, 1992.Google Scholar
- W. Vickrey. Counterspeculation, auctions, and competitive sealed tenders. Journal of Finance, 16:8--37, 1961.Google ScholarCross Ref
- X. Wang and M. Reiter. Defending against denial-of-service attacks with puzzle auctions. In IEEE Symposium on Security and Privacy, 2003. Google ScholarDigital Library
- M. P. Wellman and W. E. Walsh. Auction protocols for decentralized scheduling. Games and Economic Behavior, 35, 2001.Google Scholar
- C. Zou, W. Gong, and D. Towsley. Code red worm propagation modeling and analysis. In Proc. ACM Conference on Computer and Communication Security, 2002. Google ScholarDigital Library
- J. Xu and W. Lee. Sustaining availability of web services under distributed denial of service attacks. In IEEE Transactions on Computer, 52(4):195--208, February 2003. Google ScholarDigital Library
Index Terms
-
Incentive-based modeling and inference of attacker intent, objectives, and strategies
-
Recommendations
-
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Although the ability to model and infer attacker intent, objectives, and strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad ...
-
Mitigation of Targeted and Non-targeted Covert Attacks as a Timing Game
GameSec 2013: 4th International Conference on Decision and Game Theory for Security - Volume 8252We consider a strategic game in which a defender wants to maintain control over a resource that is subject to both targeted and non-targeted covert attacks. Because the attacks are covert, the defender must choose to secure the resource in real time ...
-
Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks
Web and Internet EconomicsAbstractAttackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two ...
Comments