Proactive Defense Against Physical Denial of Service Attacks using Poisson Signaling Games

While the Internet of things (IoT) promises to improve areas such as energy efficiency, health care, and transportation, it is highly vulnerable to cyberattacks. In particular, distributed denial-of-service (DDoS) attacks overload the bandwidth of a server. But many IoT devices form part of cyber-physical systems (CPS). Therefore, they can be used to launch "physical" denial-of-service attacks (PDoS) in which IoT devices overflow the "physical bandwidth" of a CPS. In this paper, we quantify the population-based risk to a group of IoT devices targeted by malware for a PDoS attack. In order to model the recruitment of bots, we develop a "Poisson signaling game," a signaling game with an unknown number of receivers, which have varying abilities to detect deception. Then we use a version of this game to analyze two mechanisms (legal and economic) to deter botnet recruitment. Equilibrium results indicate that 1) defenders can bound botnet activity, and 2) legislating a minimum level of security has only a limited effect, while incentivizing active defense can decrease botnet activity arbitrarily. This work provides a quantitative foundation for proactive PDoS defense.Comment: 2017 Conference on Decision and Game Theory for Security (GameSec2017). arXiv admin note: text overlap with arXiv:1703.0523

A Game-Theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy

Cyberattacks on both databases and critical infrastructure have threatened public and private sectors. Ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this paper, we survey 24 articles from 2008-2018 that use game theory to model defensive deception for cybersecurity and privacy. Then we propose a taxonomy that defines six types of deception: perturbation, moving target defense, obfuscation, mixing, honey-x, and attacker engagement. These types are delineated by their information structures, agents, actions, and duration: precisely concepts captured by game theory. Our aims are to rigorously define types of defensive deception, to capture a snapshot of the state of the literature, to provide a menu of models which can be used for applied research, and to identify promising areas for future work. Our taxonomy provides a systematic foundation for understanding different types of defensive deception commonly encountered in cybersecurity and privacy.Comment: To Appear in ACM Cumputing Surveys (CSUR

Strategic Defense against Stealthy Link Flooding Attacks: A Signaling Game Approach

With the increasing diversity of Distributed Denial-of-Service (DDoS) attacks, it is becoming extremely challenging to design a fully protected network. For instance, Stealthy Link Flooding Attack (SLFA) is a variant of DDoS attacks that strives to block access to a target area by flooding a small set of links, and it is shown that it can bypass traditional DDoS defense mechanisms. One potential solution to tackle such SLFAs is to apply Moving Target Defense (MTD) techniques in which network settings are dynamically changed to confuse/deceive attackers, thus making it highly expensive to launch a successful attack. However, since MTD comes with some overhead to the network, to find the best strategy (i.e., when and/or to what extent) of applying it has been a major challenge. The strategy is significantly influenced by the attacker's behavior that is often difficult to guess. In this work, we address the challenge of obtaining the optimal MTD strategy that effectively mitigates SLFAs while incurs a minimal overhead. We design the problem as a signaling game considering the network defender and the attacker as players. A belief function is established throughout the engagement of the attacker and the defender during this SLFA campaign, which is utilized to pick the best response/action for each player. We analyze the game model and derive a defense mechanism based on the equilibria of the game. We evaluate the technique on a Mininet-based network environment where an attacker is performing SLFAs and a defender applies MTD based on equilibria of the game. The results show that our signaling game-based dynamic defense mechanism can provide a similar level of protection against SLFAs like the extensive MTD solution, however, causing a significantly reduced overhead