3 research outputs found
Proactive Defense Against Physical Denial of Service Attacks using Poisson Signaling Games
While the Internet of things (IoT) promises to improve areas such as energy
efficiency, health care, and transportation, it is highly vulnerable to
cyberattacks. In particular, distributed denial-of-service (DDoS) attacks
overload the bandwidth of a server. But many IoT devices form part of
cyber-physical systems (CPS). Therefore, they can be used to launch "physical"
denial-of-service attacks (PDoS) in which IoT devices overflow the "physical
bandwidth" of a CPS. In this paper, we quantify the population-based risk to a
group of IoT devices targeted by malware for a PDoS attack. In order to model
the recruitment of bots, we develop a "Poisson signaling game," a signaling
game with an unknown number of receivers, which have varying abilities to
detect deception. Then we use a version of this game to analyze two mechanisms
(legal and economic) to deter botnet recruitment. Equilibrium results indicate
that 1) defenders can bound botnet activity, and 2) legislating a minimum level
of security has only a limited effect, while incentivizing active defense can
decrease botnet activity arbitrarily. This work provides a quantitative
foundation for proactive PDoS defense.Comment: 2017 Conference on Decision and Game Theory for Security
(GameSec2017). arXiv admin note: text overlap with arXiv:1703.0523
A Game-Theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy
Cyberattacks on both databases and critical infrastructure have threatened
public and private sectors. Ubiquitous tracking and wearable computing have
infringed upon privacy. Advocates and engineers have recently proposed using
defensive deception as a means to leverage the information asymmetry typically
enjoyed by attackers as a tool for defenders. The term deception, however, has
been employed broadly and with a variety of meanings. In this paper, we survey
24 articles from 2008-2018 that use game theory to model defensive deception
for cybersecurity and privacy. Then we propose a taxonomy that defines six
types of deception: perturbation, moving target defense, obfuscation, mixing,
honey-x, and attacker engagement. These types are delineated by their
information structures, agents, actions, and duration: precisely concepts
captured by game theory. Our aims are to rigorously define types of defensive
deception, to capture a snapshot of the state of the literature, to provide a
menu of models which can be used for applied research, and to identify
promising areas for future work. Our taxonomy provides a systematic foundation
for understanding different types of defensive deception commonly encountered
in cybersecurity and privacy.Comment: To Appear in ACM Cumputing Surveys (CSUR
Strategic Defense against Stealthy Link Flooding Attacks: A Signaling Game Approach
With the increasing diversity of Distributed Denial-of-Service (DDoS)
attacks, it is becoming extremely challenging to design a fully protected
network. For instance, Stealthy Link Flooding Attack (SLFA) is a variant of
DDoS attacks that strives to block access to a target area by flooding a small
set of links, and it is shown that it can bypass traditional DDoS defense
mechanisms. One potential solution to tackle such SLFAs is to apply Moving
Target Defense (MTD) techniques in which network settings are dynamically
changed to confuse/deceive attackers, thus making it highly expensive to launch
a successful attack. However, since MTD comes with some overhead to the
network, to find the best strategy (i.e., when and/or to what extent) of
applying it has been a major challenge. The strategy is significantly
influenced by the attacker's behavior that is often difficult to guess. In this
work, we address the challenge of obtaining the optimal MTD strategy that
effectively mitigates SLFAs while incurs a minimal overhead. We design the
problem as a signaling game considering the network defender and the attacker
as players. A belief function is established throughout the engagement of the
attacker and the defender during this SLFA campaign, which is utilized to pick
the best response/action for each player. We analyze the game model and derive
a defense mechanism based on the equilibria of the game. We evaluate the
technique on a Mininet-based network environment where an attacker is
performing SLFAs and a defender applies MTD based on equilibria of the game.
The results show that our signaling game-based dynamic defense mechanism can
provide a similar level of protection against SLFAs like the extensive MTD
solution, however, causing a significantly reduced overhead